Asylo
Namespaces | Functions
enclave_assertion_authority_configs.h File Reference

Provides functions for creating enclave assertion authority configs. More...

#include <string>
#include "asylo/identity/enclave_assertion_authority_config.pb.h"
#include "asylo/util/statusor.h"
Include dependency graph for enclave_assertion_authority_configs.h:

Go to the source code of this file.

Namespaces

 asylo
 

Functions

EnclaveAssertionAuthorityConfig asylo::CreateNullAssertionAuthorityConfig ()
 Creates a configuration for the null assertion authority. More...
 
StatusOr< EnclaveAssertionAuthorityConfig > asylo::CreateSgxLocalAssertionAuthorityConfig (std::string attestation_domain)
 Creates a configuration for the SGX local assertion authority. More...
 

Detailed Description

Provides functions for creating enclave assertion authority configs.

The term "enclave assertion authority" refers to the combination of EnclaveAssertionGenerator and EnclaveAssertionVerifier for a particular type of assertion.

To configure assertion authorities in the untrusted application, use a sequence of calls like the following:

std::vector<EnclaveAssertionAuthorityConfig> authority_configs = {
};
CHECK(InitializeEnclaveAssertionAuthorities(
authority_configs.cbegin(), authority_configs.cend()).ok());

To configure assertion authorities inside an enclave, pass the set of configurations through the EnclaveConfig:

EnclaveManager *manager = ...
EnclaveLoadConfig load_config = ...
EnclaveConfig config;
*config.add_enclave_assertion_authority_configs() =
CreateNullAssertionAuthorityTestConfig();
*load_config.mutable_config() = config;
CHECK(manager->LoadEnclave(load_config).ok());

Assertion authorities are automatically initialized in TrustedApplication using the provided configurations.