Provides functions for creating enclave assertion authority configs. More...
#include <string>#include <vector>#include "asylo/crypto/certificate.pb.h"#include "asylo/identity/attestation/sgx/sgx_intel_ecdsa_qe_remote_assertion_authority_config.pb.h"#include "asylo/identity/enclave_assertion_authority_config.pb.h"#include "asylo/identity/identity_acl.pb.h"#include "asylo/identity/platform/sgx/sgx_identity.pb.h"#include "asylo/util/statusor.h"
Include dependency graph for enclave_assertion_authority_configs.h:
Go to the source code of this file.
Namespaces | |
| asylo | |
| asylo::experimental | |
Functions | |
| EnclaveAssertionAuthorityConfig | asylo::CreateNullAssertionAuthorityConfig () |
| Creates a configuration for the null assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::CreateSgxLocalAssertionAuthorityConfig (std::string attestation_domain) |
| Creates a configuration for the SGX local assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::CreateSgxLocalAssertionAuthorityConfig () |
| Creates a configuration for the SGX local assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::CreateSgxAgeRemoteAssertionAuthorityConfig (Certificate intel_root_cert, std::vector< Certificate > certificates, std::string server_address, IdentityAclPredicate age_identity_expectation) |
| Creates a configuration for the SGX AGE remote assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::CreateSgxAgeRemoteAssertionAuthorityConfig (std::string server_address, SgxIdentity age_identity) |
| Creates a configuration for the SGX AGE remote assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::experimental::CreateSgxIntelEcdsaQeRemoteAssertionAuthorityConfig () |
| Creates configuration for the SGX Intel ECDSA QE remote assertion authority. More... | |
| StatusOr< EnclaveAssertionAuthorityConfig > | asylo::experimental::CreateSgxIntelEcdsaQeRemoteAssertionAuthorityConfig (CertificateChain pck_certificate_chain, SgxIdentity qe_identity) |
| Creates configuration for the SGX Intel ECDSA QE remote assertion authority. More... | |
Detailed Description
Provides functions for creating enclave assertion authority configs.
The term "enclave assertion authority" refers to the combination of EnclaveAssertionGenerator and EnclaveAssertionVerifier for a particular type of assertion.
To configure assertion authorities in the untrusted application, use a sequence of calls like the following:
std::vector<EnclaveAssertionAuthorityConfig> authority_configs = {
};
CHECK(InitializeEnclaveAssertionAuthorities(
authority_configs.cbegin(), authority_configs.cend()).ok());
To configure assertion authorities inside an enclave, pass the set of configurations through the EnclaveConfig:
EnclaveManager *manager = ...
EnclaveLoadConfig load_config = ...
EnclaveConfig config;
*config.add_enclave_assertion_authority_configs() =
CreateNullAssertionAuthorityTestConfig();
*load_config.mutable_config() = config;
CHECK(manager->LoadEnclave(load_config).ok());
Assertion authorities are automatically initialized in TrustedApplication using the provided configurations.