Asylo
Classes | Public Member Functions | List of all members
asylo::SgxIntelEcdsaQeRemoteAssertionVerifier Class Reference

Implementation of EnclaveAssertionVerifier that verifiers assertions generated by the Intel ECDSA quoting enclave. More...

#include <sgx_intel_ecdsa_qe_remote_assertion_verifier.h>

Inheritance diagram for asylo::SgxIntelEcdsaQeRemoteAssertionVerifier:
Inheritance graph
[legend]
Collaboration diagram for asylo::SgxIntelEcdsaQeRemoteAssertionVerifier:
Collaboration graph
[legend]

Public Member Functions

 SgxIntelEcdsaQeRemoteAssertionVerifier ()
 Constructs a new SgxIntelEcdsaQeAssertionVerifier that generates assertions suitable for use with EKEP. More...
 
 SgxIntelEcdsaQeRemoteAssertionVerifier (std::unique_ptr< AdditionalAuthenticatedDataGenerator > aad_generator)
 Constructs a new SgxIntelEcdsaQeAssertionVerifier that uses aad_generator to generate the expected additional authenticated data to be matched with quotes. More...
 
Status Initialize (const std::string &serialized_config) override
 Initializes this assertion authority using the provided config. More...
 
bool IsInitialized () const override
 Indicates whether this assertion authority has been initialized successfully via a call to Initialize(). More...
 
EnclaveIdentityType IdentityType () const override
 Gets the enclave identity type handled by this assertion authority. More...
 
std::string AuthorityType () const override
 Gets the type of this assertion authority. More...
 
Status CreateAssertionRequest (AssertionRequest *request) const override
 Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request. More...
 
StatusOr< bool > CanVerify (const AssertionOffer &offer) const override
 Indicates whether the assertion offered in offer can be verified by this verifier. More...
 
Status Verify (const std::string &user_data, const Assertion &assertion, EnclaveIdentity *peer_identity) const override
 Verifies an assertion that is compatible with this verifier's identity type and authority type. More...
 
- Public Member Functions inherited from asylo::EnclaveAssertionAuthority
virtual ~EnclaveAssertionAuthority ()=default
 

Additional Inherited Members

- Static Public Member Functions inherited from asylo::EnclaveAssertionAuthority
static StatusOr< std::string > GenerateAuthorityId (const EnclaveIdentityType &identity_type, const std::string &authority_type)
 Gets a unique identifier for an EnclaveAssertionAuthority with the given identity_type and authority_type. More...
 
- Protected Member Functions inherited from asylo::EnclaveAssertionAuthority
bool IsCompatibleAssertionDescription (const AssertionDescription &description) const
 Indicates whether description describes an assertion that is compatible with this authority. More...
 

Detailed Description

Implementation of EnclaveAssertionVerifier that verifiers assertions generated by the Intel ECDSA quoting enclave.

These assertions attest, to a remote party, properties about both the enclave's code as well as the Intel platform properties.

Constructor & Destructor Documentation

◆ SgxIntelEcdsaQeRemoteAssertionVerifier() [1/2]

asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::SgxIntelEcdsaQeRemoteAssertionVerifier ( )

Constructs a new SgxIntelEcdsaQeAssertionVerifier that generates assertions suitable for use with EKEP.

◆ SgxIntelEcdsaQeRemoteAssertionVerifier() [2/2]

asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::SgxIntelEcdsaQeRemoteAssertionVerifier ( std::unique_ptr< AdditionalAuthenticatedDataGenerator >  aad_generator)
explicit

Constructs a new SgxIntelEcdsaQeAssertionVerifier that uses aad_generator to generate the expected additional authenticated data to be matched with quotes.

Member Function Documentation

◆ AuthorityType()

std::string asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::AuthorityType ( ) const
overridevirtual

Gets the type of this assertion authority.

Returns
The type of this authority.

Implements asylo::EnclaveAssertionAuthority.

◆ CanVerify()

StatusOr<bool> asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::CanVerify ( const AssertionOffer &  offer) const
overridevirtual

Indicates whether the assertion offered in offer can be verified by this verifier.

Returns
True if the offer can be verified, and false if no errors occurred during the operation but offer cannot be fulfilled. Returns a non-OK Status if the verifier is not initialized or if an internal error occurs while attempting the operation.

Implements asylo::EnclaveAssertionVerifier.

◆ CreateAssertionRequest()

Status asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::CreateAssertionRequest ( AssertionRequest *  request) const
overridevirtual

Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request.

Parameters
[out]requestThe generated request.
Returns
A Status indicating whether the request was created. Returns a non-OK Status if this verifier is not initialized or if an internal error occurs while attempting the operation.

Implements asylo::EnclaveAssertionVerifier.

◆ IdentityType()

EnclaveIdentityType asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::IdentityType ( ) const
overridevirtual

Gets the enclave identity type handled by this assertion authority.

Returns
The identity type handled by this authority.

Implements asylo::EnclaveAssertionAuthority.

◆ Initialize()

Status asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::Initialize ( const std::string &  config)
overridevirtual

Initializes this assertion authority using the provided config.

Parameters
configA config with which to initialize this authority.
Returns
A Status indicating whether initialization succeeded.

Implements asylo::EnclaveAssertionAuthority.

◆ IsInitialized()

bool asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::IsInitialized ( ) const
overridevirtual

Indicates whether this assertion authority has been initialized successfully via a call to Initialize().

Returns
True if this authority is initialized.

Implements asylo::EnclaveAssertionAuthority.

◆ Verify()

Status asylo::SgxIntelEcdsaQeRemoteAssertionVerifier::Verify ( const std::string &  user_data,
const Assertion &  assertion,
EnclaveIdentity *  peer_identity 
) const
overridevirtual

Verifies an assertion that is compatible with this verifier's identity type and authority type.

The verification operation verifies that the assertion's identity claim is valid, and also checks that the assertion is bound to user_data. If verification succeeds, returns an OK Status and extracts the peer's identity into peer_identity. The caller cannot make any assumptions about the contents of peer_identity if verification fails.

Parameters
user_dataUser-provided binding data.
assertionAn assertion to verify.
[out]peer_identityThe identity extracted from the assertion.
Returns
A Status indicating whether the assertion was verified successfully. Returns a non-OK Status if this verifier is not initialized or if an internal error occurs while attempting the operation.

Implements asylo::EnclaveAssertionVerifier.


The documentation for this class was generated from the following file: