Asylo
enclave_assertion_authority_configs.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
20 #define ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
21 
22 #include <string>
23 
24 #include "asylo/identity/enclave_assertion_authority_config.pb.h"
25 #include "asylo/util/statusor.h"
26 
27 /// @file enclave_assertion_authority_configs.h
28 /// @brief Provides functions for creating enclave assertion authority configs.
29 ///
30 /// The term "enclave assertion authority" refers to the combination of
31 /// EnclaveAssertionGenerator and EnclaveAssertionVerifier for a particular type
32 /// of assertion.
33 ///
34 /// To configure assertion authorities in the untrusted application, use a
35 /// sequence of calls like the following:
36 ///
37 /// ```
38 /// std::vector<EnclaveAssertionAuthorityConfig> authority_configs = {
39 /// CreateNullAssertionAuthorityConfig(),
40 /// };
41 /// CHECK(InitializeEnclaveAssertionAuthorities(
42 /// authority_configs.cbegin(), authority_configs.cend()).ok());
43 /// ```
44 ///
45 /// To configure assertion authorities inside an enclave, pass the set of
46 /// configurations through the EnclaveConfig:
47 ///
48 /// ```
49 /// EnclaveManager *manager = ...
50 /// EnclaveLoadConfig load_config = ...
51 /// EnclaveConfig config;
52 /// *config.add_enclave_assertion_authority_configs() =
53 /// CreateNullAssertionAuthorityTestConfig();
54 /// *load_config.mutable_config() = config;
55 /// CHECK(manager->LoadEnclave(load_config).ok());
56 /// ```
57 ///
58 /// Assertion authorities are automatically initialized in TrustedApplication
59 /// using the provided configurations.
60 
61 namespace asylo {
62 
63 /// Creates a configuration for the null assertion authority.
64 ///
65 /// This configuration is required when using the NullAssertionGenerator or
66 /// NullAssertionVerifier.
67 ///
68 /// \return A config for the null assertion authority.
70 
71 /// Creates a configuration for the SGX local assertion authority.
72 ///
73 /// This configuration is required when using the SgxLocalAssertionGenerator or
74 /// SgxLocalAssertionVerifier.
75 ///
76 /// \param attestation_domain A 16-byte unique identifier for the SGX machine.
77 /// \return A config for the SGX local assertion authority.
80 
81 } // namespace asylo
82 
83 #endif // ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_CONFIGS_H_
EnclaveAssertionAuthorityConfig CreateNullAssertionAuthorityConfig()
Creates a configuration for the null assertion authority.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
StatusOr< EnclaveAssertionAuthorityConfig > CreateSgxLocalAssertionAuthorityConfig(std::string attestation_domain)
Creates a configuration for the SGX local assertion authority.