Asylo
|
An implemention of the EnclaveAssertionVerifier interface for SGX local assertions. More...
#include <sgx_local_assertion_verifier.h>
Public Member Functions | |
SgxLocalAssertionVerifier () | |
Constructs an uninitialized SgxLocalAssertionVerifier. More... | |
Status | Initialize (const std::string &config) override |
Initializes this assertion authority using the provided config . More... | |
bool | IsInitialized () const override |
Indicates whether this assertion authority has been initialized successfully via a call to Initialize(). More... | |
EnclaveIdentityType | IdentityType () const override |
Gets the enclave identity type handled by this assertion authority. More... | |
std::string | AuthorityType () const override |
Gets the type of this assertion authority. More... | |
Status | CreateAssertionRequest (AssertionRequest *request) const override |
Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request . More... | |
StatusOr< bool > | CanVerify (const AssertionOffer &offer) const override |
Indicates whether the assertion offered in offer can be verified by this verifier. More... | |
Status | Verify (const std::string &user_data, const Assertion &assertion, EnclaveIdentity *peer_identity) const override |
Verifies an assertion that is compatible with this verifier's identity type and authority type. More... | |
Public Member Functions inherited from asylo::EnclaveAssertionAuthority | |
virtual | ~EnclaveAssertionAuthority ()=default |
Additional Inherited Members | |
Static Public Member Functions inherited from asylo::EnclaveAssertionAuthority | |
static StatusOr< std::string > | GenerateAuthorityId (const EnclaveIdentityType &identity_type, const std::string &authority_type) |
Gets a unique identifier for an EnclaveAssertionAuthority with the given identity_type and authority_type . More... | |
Protected Member Functions inherited from asylo::EnclaveAssertionAuthority | |
bool | IsCompatibleAssertionDescription (const AssertionDescription &description) const |
Indicates whether description describes an assertion that is compatible with this authority. More... | |
An implemention of the EnclaveAssertionVerifier interface for SGX local assertions.
An SgxLocalAssertionVerifier is capable of verifying assertions of SGX code identity that originate from SGX enclaves running within the same local attestation domain.
asylo::SgxLocalAssertionVerifier::SgxLocalAssertionVerifier | ( | ) |
Constructs an uninitialized SgxLocalAssertionVerifier.
The verifier can be initialized via a call to Initialize().
|
overridevirtual |
Gets the type of this assertion authority.
Implements asylo::EnclaveAssertionAuthority.
|
overridevirtual |
Indicates whether the assertion offered in offer
can be verified by this verifier.
offer
cannot be fulfilled. Returns a non-OK Status if the verifier is not initialized or if an internal error occurs while attempting the operation. Implements asylo::EnclaveAssertionVerifier.
|
overridevirtual |
Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request
.
[out] | request | The generated request. |
Implements asylo::EnclaveAssertionVerifier.
|
overridevirtual |
Gets the enclave identity type handled by this assertion authority.
Implements asylo::EnclaveAssertionAuthority.
|
overridevirtual |
Initializes this assertion authority using the provided config
.
config | A config with which to initialize this authority. |
Implements asylo::EnclaveAssertionAuthority.
|
overridevirtual |
Indicates whether this assertion authority has been initialized successfully via a call to Initialize().
Implements asylo::EnclaveAssertionAuthority.
|
overridevirtual |
Verifies an assertion that is compatible with this verifier's identity type and authority type.
The verification operation verifies that the assertion
's identity claim is valid, and also checks that the assertion is bound to user_data
. If verification succeeds, returns an OK Status and extracts the peer's identity into peer_identity
. The caller cannot make any assumptions about the contents of peer_identity
if verification fails.
user_data | User-provided binding data. | |
assertion | An assertion to verify. | |
[out] | peer_identity | The identity extracted from the assertion. |
Implements asylo::EnclaveAssertionVerifier.