Asylo
Public Member Functions | Static Public Member Functions | List of all members
asylo::SecretSealer Class Referenceabstract

#include <secret_sealer.h>

Inheritance diagram for asylo::SecretSealer:
Inheritance graph
[legend]

Public Member Functions

 SecretSealer ()=default
 
virtual ~SecretSealer ()=default
 
virtual SealingRootType RootType () const =0
 Gets the sealing root type of this SecretSealer. More...
 
virtual std::string RootName () const =0
 Gets the sealing root name of this SecretSealer. More...
 
virtual std::vector< EnclaveIdentityExpectation > RootAcl () const =0
 Gets the sealing root ACL of this SecretSealer. More...
 
virtual Status SetDefaultHeader (SealedSecretHeader *header) const =0
 Generates the default sealed-secret header based on the configuration of the SecretSealer and writes it to header. More...
 
virtual Status Seal (const SealedSecretHeader &header, ByteContainerView additional_authenticated_data, ByteContainerView secret, SealedSecret *sealed_secret)=0
 Seals the input per the header specification. More...
 
virtual Status Unseal (const SealedSecret &sealed_secret, CleansingVector< uint8_t > *secret)=0
 Unseals the sealed_secret and writes it to secret. More...
 
virtual Status Reseal (const SealedSecret &old_sealed_secret, const SealedSecretHeader &new_header, SealedSecret *new_sealed_secret)
 Re-seals an already sealed secret to a new header. More...
 

Static Public Member Functions

static StatusOr< std::string > GenerateSealerId (SealingRootType type, const std::string &name)
 Combines the specified sealing root type and sealing root name to form a string. More...
 

Constructor & Destructor Documentation

◆ SecretSealer()

asylo::SecretSealer::SecretSealer ( )
default

◆ ~SecretSealer()

virtual asylo::SecretSealer::~SecretSealer ( )
virtualdefault

Member Function Documentation

◆ GenerateSealerId()

static StatusOr<std::string> asylo::SecretSealer::GenerateSealerId ( SealingRootType  type,
const std::string &  name 
)
static

Combines the specified sealing root type and sealing root name to form a string.

The combined string uniquely identifies the SecretSealer responsible for handling secrets associated with the particular combination of root-type type and root-name name.

Parameters
typeThe root type for sealing (e.g., from RootType()).
nameThe root name for sealing (e.g., from RootName()).
Returns
An object that represents a result string, or a failure status.

◆ Reseal()

virtual Status asylo::SecretSealer::Reseal ( const SealedSecret &  old_sealed_secret,
const SealedSecretHeader &  new_header,
SealedSecret *  new_sealed_secret 
)
virtual

Re-seals an already sealed secret to a new header.

The net effect of calling this method is same as unsealing the secret and then sealing it to the new header, and that is exactly how this method is implemented by the base class. A derived class of SecretSealer may choose to further optimize this method.

Parameters
old_sealed_secretThe sealed secret to re-seal.
new_headerThe metadata to guide the re-sealing.
[out]new_sealed_secretThe output sealed secret.
Returns
A non-OK status if re-sealing fails.

◆ RootAcl()

virtual std::vector<EnclaveIdentityExpectation> asylo::SecretSealer::RootAcl ( ) const
pure virtual

Gets the sealing root ACL of this SecretSealer.

Returns
The sealing root ACL of this object.

Implemented in asylo::SgxLocalSecretSealer.

◆ RootName()

virtual std::string asylo::SecretSealer::RootName ( ) const
pure virtual

Gets the sealing root name of this SecretSealer.

Returns
The sealing root name of this class.

Implemented in asylo::SgxLocalSecretSealer.

◆ RootType()

virtual SealingRootType asylo::SecretSealer::RootType ( ) const
pure virtual

Gets the sealing root type of this SecretSealer.

Returns
The sealing root type of this class.

Implemented in asylo::SgxLocalSecretSealer.

◆ Seal()

virtual Status asylo::SecretSealer::Seal ( const SealedSecretHeader &  header,
ByteContainerView  additional_authenticated_data,
ByteContainerView  secret,
SealedSecret *  sealed_secret 
)
pure virtual

Seals the input per the header specification.

The header must have its secret_name, secret_version and secret_purpose fields populated. If any of the remaining fields in the header are populated, then they must be compatible with the underlying sealing root.

Parameters
headerThe metadata to guide the sealing.
additional_authenticated_dataUnencrypted data that is bundled with the sealed secret.
secretThe data to encrypt and seal.
[out]sealed_secretThe output sealed secret.
Returns
A non-OK status if sealing fails.

Implemented in asylo::SgxLocalSecretSealer.

◆ SetDefaultHeader()

virtual Status asylo::SecretSealer::SetDefaultHeader ( SealedSecretHeader *  header) const
pure virtual

Generates the default sealed-secret header based on the configuration of the SecretSealer and writes it to header.

Parameters
[out]headerThe destination for the default SealedSecretHeader value.
Returns
A non-OK status if a default cannot be set.

Implemented in asylo::SgxLocalSecretSealer.

◆ Unseal()

virtual Status asylo::SecretSealer::Unseal ( const SealedSecret &  sealed_secret,
CleansingVector< uint8_t > *  secret 
)
pure virtual

Unseals the sealed_secret and writes it to secret.

Parameters
sealed_secretThe input secret to unseal.
[out]secretThe destination for the unsealed secret.
Returns
A non-OK Status if unsealing fails.

Implemented in asylo::SgxLocalSecretSealer.


The documentation for this class was generated from the following file: