Asylo
enclave_assertion_authority_configs.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
20 #define ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
21 
22 #include <string>
23 
24 #include "asylo/crypto/certificate.pb.h"
25 #include "asylo/identity/enclave_assertion_authority_config.pb.h"
26 #include "asylo/util/statusor.h"
27 
28 /// @file enclave_assertion_authority_configs.h
29 /// @brief Provides functions for creating enclave assertion authority configs.
30 ///
31 /// The term "enclave assertion authority" refers to the combination of
32 /// EnclaveAssertionGenerator and EnclaveAssertionVerifier for a particular type
33 /// of assertion.
34 ///
35 /// To configure assertion authorities in the untrusted application, use a
36 /// sequence of calls like the following:
37 ///
38 /// ```
39 /// std::vector<EnclaveAssertionAuthorityConfig> authority_configs = {
40 /// CreateNullAssertionAuthorityConfig(),
41 /// };
42 /// CHECK(InitializeEnclaveAssertionAuthorities(
43 /// authority_configs.cbegin(), authority_configs.cend()).ok());
44 /// ```
45 ///
46 /// To configure assertion authorities inside an enclave, pass the set of
47 /// configurations through the EnclaveConfig:
48 ///
49 /// ```
50 /// EnclaveManager *manager = ...
51 /// EnclaveLoadConfig load_config = ...
52 /// EnclaveConfig config;
53 /// *config.add_enclave_assertion_authority_configs() =
54 /// CreateNullAssertionAuthorityTestConfig();
55 /// *load_config.mutable_config() = config;
56 /// CHECK(manager->LoadEnclave(load_config).ok());
57 /// ```
58 ///
59 /// Assertion authorities are automatically initialized in TrustedApplication
60 /// using the provided configurations.
61 
62 namespace asylo {
63 
64 /// Creates a configuration for the null assertion authority.
65 ///
66 /// This configuration is required when using the NullAssertionGenerator or
67 /// NullAssertionVerifier.
68 ///
69 /// \return A config for the null assertion authority.
71 
72 /// Creates a configuration for the SGX local assertion authority.
73 ///
74 /// This configuration is required when using the SgxLocalAssertionGenerator or
75 /// SgxLocalAssertionVerifier.
76 ///
77 /// \param attestation_domain A 16-byte unique identifier for the SGX machine.
78 /// \return A config for the SGX local assertion authority.
81 
82 /// Creates a configuration for the SGX AGE remote assertion authority.
83 ///
84 /// This configuration is required when using the
85 /// SgxAgeRemoteAssertionGenerator.
86 ///
87 /// \param certificates A vector of X.509-formatted CA certificates that can
88 /// be used to verify whether an assertion is valid.
89 /// \param server_address The address of the AGE's service.
90 /// \return A config for the SGX AGE remote assertion authority.
94 
95 } // namespace asylo
96 
97 #endif // ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
StatusOr< EnclaveAssertionAuthorityConfig > CreateSgxAgeRemoteAssertionAuthorityConfig(std::vector< Certificate > certificates, std::string server_address)
Creates a configuration for the SGX AGE remote assertion authority.
EnclaveAssertionAuthorityConfig CreateNullAssertionAuthorityConfig()
Creates a configuration for the null assertion authority.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
StatusOr< EnclaveAssertionAuthorityConfig > CreateSgxLocalAssertionAuthorityConfig(std::string attestation_domain)
Creates a configuration for the SGX local assertion authority.