Namespaces
	error

	experimental

	internal

	primitives

	sgx

Classes
class	AeadCryptor
	An AEAD cryptor that provides Seal() and Open() functionality. More...

class	CheckOpMessageBuilder
	A helper class for formatting "expr (V1 vs. V2)" in a CHECK_XX statement. More...

class	EnclaveAssertionAuthority
	An EnclaveAssertionAuthority is an authority for assertions of a particular identity type. More...

class	EnclaveAssertionGenerator
	Defines an interface for assertion authorities that create assertion offers and generate assertions. More...

class	EnclaveAssertionVerifier
	Defines an interface for assertion authorities that generate assertion requests and verify assertions. More...

class	EnclaveAuthContext
	Encapsulates the authentication properties of an EKEP-based gRPC connection. More...

class	EnclaveClient
	An abstract enclave client. More...

struct	EnclaveCredentialsOptions
	Options used to configure a `::grpc::ChannelCredentials` object or a `::grpc::ServerCredentials` object for use in an enclave system. More...

class	EnclaveLoader
	An abstract enclave loader. More...

class	EnclaveManager
	A manager object responsible for creating and managing enclave instances. More...

class	EnclaveManagerOptions
	Enclave Manager configuration. More...

class	IdentityExpectationMatcher
	Defines an abstract interface that describes how to match an `EnclaveIdentity` against an `EnclaveIdentityExpectation`. More...

class	LogMessage
	Class representing a log message created by a log macro. More...

class	LogMessageFatal
	A LogSeverity FATAL (or QFATAL) version of LogMessage that the compiler can interpret as noreturn. More...

class	LogMessageVoidify
	This class is used just to take an `ostream` type and make it a `void` type to satisify the ternary operator in `LOG_IF`. More...

class	NamedIdentityExpectationMatcher
	A `NamedIdentityExpectationMatcher` is capable of matching an identity to an expectation if the identity and the expectation's reference identity have the same identity descriptions, and they match the identity description returned by the `Description()` method of the matcher. More...

struct	Namer< NamedIdentityExpectationMatcher >

class	NonceGenerator
	Defines a nonce-generator interface. More...

class	NullAssertionGenerator
	An implementation of the EnclaveAssertionGenerator interface for null assertions. More...

class	NullAssertionVerifier
	An implementation of the EnclaveAssertionVerifier interface for null assertions. More...

class	SecretSealer

class	SgxAgeRemoteAssertionGenerator
	A thread-safe implementation of the EnclaveAssertionGenerator interface for SGX remote assertions generated by the Assertion Generator Enclave (AGE). More...

class	SgxAgeRemoteAssertionVerifier
	An implemention of the EnclaveAssertionVerifier interface for SGX remote assertions generated by the Assertion Generator Enclave. More...

class	SgxIdentityExpectationMatcher
	`SgxIdentityExpectationMatcher` is capable of matching SGX identities with SGX identity expectations. More...

class	SgxIntelEcdsaQeRemoteAssertionGenerator
	Implementation of `EnclaveAssertionGenerator` that generates assertions using the Intel ECDSA quoting enclave. More...

class	SgxIntelEcdsaQeRemoteAssertionVerifier
	Implementation of `EnclaveAssertionVerifier` that verifiers assertions generated by the Intel ECDSA quoting enclave. More...

class	SgxLocalAssertionGenerator
	An implementation of the EnclaveAssertionGenerator interface for SGX local assertions. More...

class	SgxLocalAssertionVerifier
	An implemention of the EnclaveAssertionVerifier interface for SGX local assertions. More...

class	SgxLocalSecretSealer
	An implementation of the SecretSealer abstract interface that binds the secrets to the enclave identity on a local machine. More...

class	SharedName
	A name shared between trusted and untrusted code. More...

class	SharedResourceManager
	A manager object for shared resources. More...

class	Status
	Status contains information about an error. More...

class	StatusOr
	A class for representing either a usable value, or an error. More...

class	TrustedApplication
	Abstract base class for trusted applications. More...

Typedefs
using	CleansingString = std::basic_string< char, std::char_traits< char >, CleansingAllocator< char > >
	A string that zeros its memory on free. More...

template<typename T >
using	CleansingVector = std::vector< T, CleansingAllocator< T > >
	A vector container that zeros its memory on free. More...

Enumerations
enum	SgxIdentityMatchSpecOptions { SgxIdentityMatchSpecOptions::DEFAULT, SgxIdentityMatchSpecOptions::STRICT_LOCAL, SgxIdentityMatchSpecOptions::STRICT_REMOTE }
	This enum defines a set of recommended match specs. More...

Functions
StatusOr< Sha256HashProto >	CreateSha256HashProto (absl::string_view hash_hex)
	Returns a `Sha256HashProto` with the hash of the given \|hash_hex\|, or a non-OK Status if the provided string is an invalid hex-encoded SHA-256 hash. More...

Status	ValidateSha256HashProto (const Sha256HashProto &hash_proto)
	Validates that \|hash_proto\| has a hash that is exactly 32 bytes. More...

bool	operator== (const Sha256HashProto &lhs, const Sha256HashProto &rhs)
	Compares two `Sha256HashProto` messages for equality. More...

bool	operator!= (const Sha256HashProto &lhs, const Sha256HashProto &rhs)
	Compares two `Sha256HashProto` messages for inequality. More...

std::shared_ptr<::grpc::ChannelCredentials >	EnclaveChannelCredentials (EnclaveCredentialsOptions options)
	Constructs a `grpc::ChannelCredentials` object for use in an enclave system. More...

std::shared_ptr<::grpc::ServerCredentials >	EnclaveServerCredentials (EnclaveCredentialsOptions options)
	Constructs a `grpc::ServerCredentials` object for use in an enclave system. More...

EnclaveCredentialsOptions	BidirectionalNullCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a bidirectionally-unauthenticated gRPC channel between two enclave entities. More...

EnclaveCredentialsOptions	PeerNullCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-unauthenticated gRPC channel between two enclave entities. More...

EnclaveCredentialsOptions	SelfNullCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-unauthenticated gRPC channel between two enclave entities. More...

EnclaveCredentialsOptions	PeerSgxAgeRemoteCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel where it accepts identities attested by a remote SGX enclave using Asylo's Assertion Generator Enclave. More...

EnclaveCredentialsOptions	BidirectionalSgxAgeRemoteCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a bidirectionally-authenticated gRPC channel between two SGX enclaves which each use Asylo's Assertion Generator Enclave. More...

EnclaveCredentialsOptions	SelfSgxAgeRemoteCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel. More...

EnclaveCredentialsOptions	BidirectionalSgxLocalCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a bidirectionally-authenticated gRPC channel between two local SGX enclaves. More...

EnclaveCredentialsOptions	PeerSgxLocalCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel between two local SGX enclaves. More...

EnclaveCredentialsOptions	SelfSgxLocalCredentialsOptions ()
	Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel between two local SGX enclaves. More...

void	SetNullAssertionDescription (AssertionDescription *assertion_description)
	Sets `assertion_description` to describe a null assertion. More...

void	SetNullIdentityDescription (EnclaveIdentityDescription *identity_description)
	Sets `identity_description` to describe a null identity. More...

void	SetSgxLocalAssertionDescription (AssertionDescription *assertion_description)
	Sets `assertion_description` to describe an SGX local assertion. More...

void	SetSgxAgeRemoteAssertionDescription (AssertionDescription *assertion_description)
	Sets `assertion_description` to describe an SGX remote assertion generated by the Assertion Generator Enclave (AGE). More...

void	SetSgxIntelEcdsaQeRemoteAssertionDescription (AssertionDescription *assertion_description)
	Sets `assertion_description` to describe an SGX remote assertion generated by the Intel ECDSA Quoting Enclave (QE). More...

void	SetSgxIdentityDescription (EnclaveIdentityDescription *identity_description)
	Sets `identity_description` to describe an SGX identity. More...

EnclaveAssertionAuthorityConfig	CreateNullAssertionAuthorityConfig ()
	Creates a configuration for the null assertion authority. More...

StatusOr< EnclaveAssertionAuthorityConfig >	CreateSgxLocalAssertionAuthorityConfig (std::string attestation_domain)
	Creates a configuration for the SGX local assertion authority. More...

StatusOr< EnclaveAssertionAuthorityConfig >	CreateSgxLocalAssertionAuthorityConfig ()
	Creates a configuration for the SGX local assertion authority. More...

StatusOr< EnclaveAssertionAuthorityConfig >	CreateSgxAgeRemoteAssertionAuthorityConfig (Certificate intel_root_cert, std::vector< Certificate > certificates, std::string server_address, IdentityAclPredicate age_identity_expectation)
	Creates a configuration for the SGX AGE remote assertion authority. More...

StatusOr< EnclaveAssertionAuthorityConfig >	CreateSgxAgeRemoteAssertionAuthorityConfig (std::string server_address, SgxIdentity age_identity)
	Creates a configuration for the SGX AGE remote assertion authority. More...

StatusOr< bool >	EvaluateIdentityAcl (const std::vector< EnclaveIdentity > &identities, const IdentityAclPredicate &acl, const IdentityExpectationMatcher &matcher, std::string *explanation=nullptr)
	Uses `matcher` to evaluate whether `identities` satisfies `acl`. More...

	DEFINE_STATIC_MAP_OF_BASE_TYPE (IdentityExpectationMatcherMap, NamedIdentityExpectationMatcher)

EnclaveIdentityExpectation	CreateNullIdentityExpectation ()
	Returns a default null identity expectation. More...

SgxIdentity	GetSelfSgxIdentity ()
	Returns the current enclave's identity. More...

StatusOr< SgxIdentityMatchSpec >	CreateSgxIdentityMatchSpec (SgxIdentityMatchSpecOptions options)
	Returns an `SgxIdentityMatchSpec` corresponding to `options` on success or a non-OK Status on failure. More...

StatusOr< SgxIdentityExpectation >	CreateSgxIdentityExpectation (SgxIdentity identity, SgxIdentityMatchSpec match_spec)
	Returns an `SgxIdentityExpectation` formed from `identity` and `match_spec`, or returns a non-OK Status if either are invalid or if they are incompatible with each other. More...

StatusOr< SgxIdentityExpectation >	CreateSgxIdentityExpectation (SgxIdentity identity, SgxIdentityMatchSpecOptions options)
	Returns an `SgxIdentityExpectation` formed from `identity` and the match spec corresponding to `options`, or returns a non-OK Status if either are invalid or if they are incompatible with each other. More...

bool	IsValidSgxIdentity (const SgxIdentity &identity)
	Returns whether `identity` is valid. More...

bool	IsValidSgxIdentityMatchSpec (const SgxIdentityMatchSpec &match_spec)
	Returns whether `match_spec` is valid. More...

bool	IsValidSgxIdentityExpectation (const SgxIdentityExpectation &expectation)
	Returns whether `expectation` is valid. More...

StatusOr< SgxIdentity >	ParseSgxIdentity (const EnclaveIdentity &generic_identity)
	Parses and validates `generic_identity`, returning an `SgxIdentity` on success or a non-OK Status on failure. More...

StatusOr< SgxIdentityMatchSpec >	ParseSgxIdentityMatchSpec (const std::string &generic_match_spec)
	Parses and validates `generic_match_spec`, returning an `SgxIdentityMatchSpec` on success or a non-OK Status on failure. More...

StatusOr< SgxIdentityExpectation >	ParseSgxIdentityExpectation (const EnclaveIdentityExpectation &generic_expectation)
	Parses and validates `generic_expectation`, returning an `SgxIdentityExpectation` on success or a non-OK Status on failure. More...

StatusOr< EnclaveIdentity >	SerializeSgxIdentity (const SgxIdentity &sgx_identity)
	Serializes `sgx_identity`, returning an `EnclaveIdentity` on success or a non-OK Status on failure. More...

StatusOr< std::string >	SerializeSgxIdentityMatchSpec (const SgxIdentityMatchSpec &sgx_match_spec)
	Serializes `sgx_match_spec`, returning a string on success or a non-OK Status on failure. More...

StatusOr< EnclaveIdentityExpectation >	SerializeSgxIdentityExpectation (const SgxIdentityExpectation &sgx_expectation)
	Serializes `sgx_expectation`, returning an `EnclaveIdentityExpectation` on success or a non-OK Status on failure. More...

void	SetEnclaveConfigDefaults (const HostConfig &host_config, EnclaveConfig *config)

void	SetEnclaveConfigDefaults (EnclaveConfig *config)
	Sets critical uninitialized fields in `config` to default values. More...

EnclaveConfig	CreateDefaultEnclaveConfig (const HostConfig &host_config)

EnclaveConfig	CreateDefaultEnclaveConfig ()
	Returns an EnclaveConfig proto with critical fields initialize to default values. More...

primitives::Client *	LoadEnclaveInChildProcess (absl::string_view enclave_name, void *enclave_base_address, size_t enclave_size)

std::ostream &	operator<< (std::ostream &os, const SharedName &name)

template<>
void	MakeCheckOpValueString (std::ostream *os, const std::nullptr_t &p)

void	set_vlog_level (int level)
	Sets the verbosity threshold for VLOG. More...

int	get_vlog_level ()
	Gets the verbosity threshold for VLOG. More...

bool	set_log_directory (const std::string &log_directory)
	Sets the log directory, as specified when this enclave is initialized. More...

const std::string	get_log_directory ()
	Gets the log directory that was specified when this enclave is initialized. More...

bool	EnsureDirectory (const char *path)
	Checks the log directory to make sure it's accessible, and creates it if it does not exist. More...

bool	InitLogging (const char directory, const char file_name, int level)
	Initializes minimal logging library. More...

template<typename T >
T	CheckNotNull (const char file, int line, const char exprtext, T &&t)
	Logs a message if the given value of type `T` is null, and then forwards the value. More...

PolymorphicStatusMatcherType	PosixErrorIs (int errnum)
	Matches a `Status`-like object that contains the given POSIX error. More...

Status	PosixError (int errnum, absl::string_view message="")
	Returns a Status representing a POSIX error. More...

Status	LastPosixError (absl::string_view message="")
	Returns a Status representing the last POSIX error in this thread. More...

int	GetErrno (const Status &status)
	Returns the POSIX error number that a `Status` represents, or zero if the `Status` does not represent a POSIX error. More...

template<class T >
bool	AbslParseFlag (absl::string_view text, T flag, std::string error)

template<class T >
std::string	AbslUnparseFlag (const T &flag)

bool	operator== (const Status &lhs, const Status &rhs)

bool	operator!= (const Status &lhs, const Status &rhs)

std::ostream &	operator<< (std::ostream &os, const Status &status)

bool	operator== (const Status &lhs, const absl::Status &rhs)

bool	operator!= (const Status &lhs, const absl::Status &rhs)

bool	operator== (const absl::Status &lhs, const Status &rhs)

bool	operator!= (const absl::Status &lhs, const Status &rhs)

Status	OkStatus ()
	Returns an OK status object. More...

template<typename ToStatusT , typename FromStatusT >
ToStatusT	ConvertStatus (const FromStatusT &from_status)
	Converts a status-like object to another status type. More...

StatusProto	StatusToProto (const Status &status)
	Exports the contents of `status` into a `StatusProto`. More...

Status	StatusFromProto (const StatusProto &status_proto)
	Returns a `Status` based on the contents of the given `status_proto`. More...

template<typename MessageT >
std::string	GetTypeUrl ()
	Returns the type URL associated with a given protobuf message type. More...

template<typename MessageT , typename StatusT = Status>
absl::optional< MessageT >	GetProtoPayload (const StatusT &status)
	Gets the payload of type `MessageT` in `status`. More...

template<typename MessageT , typename StatusT = Status>
void	SetProtoPayload (const MessageT &message, StatusT &status)
	Adds a payload of type `MessageT` to `status`. More...

Status	WithContext (const Status &status, absl::string_view context)
	Returns the `Status` with the provided context prepended to its error message. More...

template<typename T >
StatusOr< T >	WithContext (StatusOr< T > status_or, absl::string_view context)
	As the `Status` overload above, but for `StatusOr<T>`. More...

template<typename T >
absl::StatusOr< T >	WithContext (absl::StatusOr< T > status_or, absl::string_view context)
	As the `StatusOr<T>` overload above, but for `absl::StatusOr<T>`. More...

Variables
ABSL_CONST_INIT const char	kValueMoveConstructorMsg []

ABSL_CONST_INIT const char	kValueMoveAssignmentMsg []

ABSL_CONST_INIT const char	kValueOrDieMovedMsg []

ABSL_CONST_INIT const char	kStatusMoveConstructorMsg []

ABSL_CONST_INIT const char	kStatusMoveAssignmentMsg []

Typedef Documentation

◆ CleansingString

using asylo::CleansingString = typedef std::basic_string<char, std::char_traits<char>, CleansingAllocator<char> >

A string that zeros its memory on free.

Deprecated:: Use CleansingVector instead.

◆ CleansingVector

template<typename T >

using asylo::CleansingVector = typedef std::vector<T, CleansingAllocator<T> >

A vector container that zeros its memory on free.

Enumeration Type Documentation

◆ SgxIdentityMatchSpecOptions

enum asylo::SgxIdentityMatchSpecOptions

strong

This enum defines a set of recommended match specs.

Users are advised to pick the one that most closely matches their application's security requirements and make adjustments to these match specs as needed.

`DEFAULT`

Requires a match on MRSIGNER, all MISCSELECT bits, and all ATTRIBUTES bits that are considered security-critical by default.
Does not require a match on any sgx::MachineConfiguration fields.

`STRICT_LOCAL`

Requires a match on MRENCLAVE, MRSIGNER, all MISCSELECT bits, and all ATTRIBUTES bits.
Requires a match on CPUSVN.
- Note that no other sgx::MachineConfiguration fields are required to match, as they are unavailable in local attestation.
  STRICT_REMOTE
Equivalent to the STRICT_LOCAL match spec, with the added requirement of matching all sgx::MachineConfiguration fields (not just CPUSVN).

Enumerator
DEFAULT
STRICT_LOCAL
STRICT_REMOTE

Function Documentation

◆ AbslParseFlag()

template<class T >

bool asylo::AbslParseFlag	(	absl::string_view	text,
		T *	flag,
		std::string *	error
	)

◆ AbslUnparseFlag()

template<class T >

std::string asylo::AbslUnparseFlag ( const T & flag )

◆ BidirectionalNullCredentialsOptions()

EnclaveCredentialsOptions asylo::BidirectionalNullCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a bidirectionally-unauthenticated gRPC channel between two enclave entities.

A credential configured with these options enforces bidirectional authentication using the null identity. The null identity specifies no identity in particular, which means that the resulting connection is essentially unauthenticated.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(BidirectionalNullCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(BidirectionalNullCredentialsOptions());

Returns: Options used to configure gRPC credentials for a bidirectionally-unauthenticated channel.

◆ BidirectionalSgxAgeRemoteCredentialsOptions()

EnclaveCredentialsOptions asylo::BidirectionalSgxAgeRemoteCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a bidirectionally-authenticated gRPC channel between two SGX enclaves which each use Asylo's Assertion Generator Enclave.

A credential configured with these options enforces bidirectional authentication using SGX enclave code identity.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(BidirectionalSgxAgeRemoteCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(BidirectionalSgxAgeRemoteCredentialsOptions());

Returns: Options used to configure gRPC credentials for a bidirectionally-authenticated channel between SGX enclaves.

◆ BidirectionalSgxLocalCredentialsOptions()

EnclaveCredentialsOptions asylo::BidirectionalSgxLocalCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a bidirectionally-authenticated gRPC channel between two local SGX enclaves.

A credential configured with these options enforces bidirectional authentication using SGX enclave code identity.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(BidirectionalSgxLocalCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(BidirectionalSgxLocalCredentialsOptions());

Returns: Options used to configure gRPC credentials for a bidirectionally-authenticated channel between SGX enclaves on the same platform.

◆ CheckNotNull()

template<typename T >

T asylo::CheckNotNull	(	const char *	file,
		int	line,
		const char *	exprtext,
		T &&	t
	)

Logs a message if the given value of type T is null, and then forwards the value.

In C++11, all cases can be handled by a single function. Since the value category of the argument is preserved (also for rvalue references), member initializer lists like the one below will compile correctly:

Foo()

: x_(CHECK_NOTNULL(MethodReturningUniquePtr())) {}

Parameters

file	The source file that produced the log.
line	The source code line that produced the log.
exprtext	A string representation of the code in `file` at `line`.
t	The parameter being checked for null.

◆ ConvertStatus()

template<typename ToStatusT , typename FromStatusT >

ToStatusT asylo::ConvertStatus ( const FromStatusT & from_status )

Converts a status-like object to another status type.

The source and target types must:

Have a two-parameter constructor that takes an enum as its first parameter and a string as its second parameter.
Have non-static const error_code(), error_message(), and ok() methods.

This function is provided for the convenience of Asylo-SDK consumers utilizing other status types such as ::grpc::Status.

Note that all statuses are converted to the canonical error space, so additional error space information is lost.

Payloads are preserved if both input and output status types support them.

Parameters

from_status A status-like object to copy.

Returns: A status-like object copied from from_status.

◆ CreateDefaultEnclaveConfig() [1/2]

EnclaveConfig asylo::CreateDefaultEnclaveConfig ( const HostConfig & host_config )

Deprecated:: Returns an EnclaveConfig proto with critical fields initialized to default values.

Parameters

host_config This parameter is ignored.

Returns: An EnclaveConfig proto with critical fields initialized to their default values.

◆ CreateDefaultEnclaveConfig() [2/2]

EnclaveConfig asylo::CreateDefaultEnclaveConfig ( )

Returns an EnclaveConfig proto with critical fields initialize to default values.

Returns: An EnclaveConfig proto with critical fields initialized to their default values.

◆ CreateNullAssertionAuthorityConfig()

EnclaveAssertionAuthorityConfig asylo::CreateNullAssertionAuthorityConfig ( )

Creates a configuration for the null assertion authority.

This configuration is required when using the NullAssertionGenerator or NullAssertionVerifier.

Returns: A config for the null assertion authority.

◆ CreateNullIdentityExpectation()

EnclaveIdentityExpectation asylo::CreateNullIdentityExpectation ( )

Returns a default null identity expectation.

◆ CreateSgxAgeRemoteAssertionAuthorityConfig() [1/2]

StatusOr<EnclaveAssertionAuthorityConfig> asylo::CreateSgxAgeRemoteAssertionAuthorityConfig	(	Certificate	intel_root_cert,
		std::vector< Certificate >	certificates,
		std::string	server_address,
		IdentityAclPredicate	age_identity_expectation
	)

Creates a configuration for the SGX AGE remote assertion authority.

This configuration is required when using the SgxAgeRemoteAssertionGenerator or SgxAgeRemoteAssertionVerifier.

Parameters

intel_cert	The Intel root certificate to use for verification.
certificates	A vector of X.509-formatted CA certificates that can be used to verify whether an assertion is valid.
server_address	The address of the AGE's service.
age_identity_expectation	The identity expectation for the AGE.

Returns: A config for the SGX AGE remote assertion authority.

◆ CreateSgxAgeRemoteAssertionAuthorityConfig() [2/2]

StatusOr<EnclaveAssertionAuthorityConfig> asylo::CreateSgxAgeRemoteAssertionAuthorityConfig	(	std::string	server_address,
		SgxIdentity	age_identity
	)

Creates a configuration for the SGX AGE remote assertion authority.

This configuration is required when using the SgxAgeRemoteAssertionGenerator or SgxAgeRemoteAssertionVerifier. It uses the Intel root certificate value |kIntelSgxRootCaCertificate| and no additional root certificates. It sets the AGE identity expectation to the default expectation of the given SgxIdentity, as documented by SgxIdentityMatchSpecOptions.

Parameters

server_address	The address of the AGE's service.
age_identity	The expected identity of the AGE.

Returns: A config for the SGX AGE remote assertion authority.

◆ CreateSgxIdentityExpectation() [1/2]

StatusOr<SgxIdentityExpectation> asylo::CreateSgxIdentityExpectation	(	SgxIdentity	identity,
		SgxIdentityMatchSpec	match_spec
	)

Returns an SgxIdentityExpectation formed from identity and match_spec, or returns a non-OK Status if either are invalid or if they are incompatible with each other.

◆ CreateSgxIdentityExpectation() [2/2]

StatusOr<SgxIdentityExpectation> asylo::CreateSgxIdentityExpectation	(	SgxIdentity	identity,
		SgxIdentityMatchSpecOptions	options
	)

Returns an SgxIdentityExpectation formed from identity and the match spec corresponding to options, or returns a non-OK Status if either are invalid or if they are incompatible with each other.

◆ CreateSgxIdentityMatchSpec()

StatusOr<SgxIdentityMatchSpec> asylo::CreateSgxIdentityMatchSpec ( SgxIdentityMatchSpecOptions options )

Returns an SgxIdentityMatchSpec corresponding to options on success or a non-OK Status on failure.

◆ CreateSgxLocalAssertionAuthorityConfig() [1/2]

StatusOr<EnclaveAssertionAuthorityConfig> asylo::CreateSgxLocalAssertionAuthorityConfig ( std::string attestation_domain )

Creates a configuration for the SGX local assertion authority.

This configuration is required when using the SgxLocalAssertionGenerator or SgxLocalAssertionVerifier.

Parameters

attestation_domain A 16-byte unique identifier for the SGX machine.

Returns: A config for the SGX local assertion authority.

◆ CreateSgxLocalAssertionAuthorityConfig() [2/2]

StatusOr<EnclaveAssertionAuthorityConfig> asylo::CreateSgxLocalAssertionAuthorityConfig ( )

Creates a configuration for the SGX local assertion authority.

The attestation domain is derived from the per-boot machine UUID in /proc/sys/kernel/random/boot_id.

This configuration is required when using the SgxLocalAssertionGenerator or SgxLocalAssertionVerifier.

/return A config for the SGX local assertion authority.

◆ CreateSha256HashProto()

StatusOr<Sha256HashProto> asylo::CreateSha256HashProto ( absl::string_view hash_hex )

Returns a Sha256HashProto with the hash of the given |hash_hex|, or a non-OK Status if the provided string is an invalid hex-encoded SHA-256 hash.

◆ DEFINE_STATIC_MAP_OF_BASE_TYPE()

asylo::DEFINE_STATIC_MAP_OF_BASE_TYPE	(	IdentityExpectationMatcherMap	,
		NamedIdentityExpectationMatcher
	)

◆ EnclaveChannelCredentials()

std::shared_ptr<::grpc::ChannelCredentials> asylo::EnclaveChannelCredentials ( EnclaveCredentialsOptions options )

Constructs a grpc::ChannelCredentials object for use in an enclave system.

The configuration options determines which assertions are presented by the entity that wields the resulting credentials object. options must meet the following criteria:

options.self_assertions must contain at least one assertion description.
options.accepted_peer_assertions must contain at least one assertion description.

Parameters

options Options for configuring the credentials.

Returns: A gRPC channel credentials object.

◆ EnclaveServerCredentials()

std::shared_ptr<::grpc::ServerCredentials> asylo::EnclaveServerCredentials ( EnclaveCredentialsOptions options )

Constructs a grpc::ServerCredentials object for use in an enclave system.

The configuration options determines which assertions are presented by the entity that wields the resulting credentials object. options must meet the following criteria:

options.self_assertions must contain at least one assertion description
options.accepted_peer_assertions must contain at least one assertion description

Parameters

options Options for configuring the credentials.

Returns: A gRPC server credentials object.

◆ EnsureDirectory()

bool asylo::EnsureDirectory ( const char * path )

Checks the log directory to make sure it's accessible, and creates it if it does not exist.

Parameters

path	The directory to be checked.

◆ EvaluateIdentityAcl()

StatusOr<bool> asylo::EvaluateIdentityAcl	(	const std::vector< EnclaveIdentity > &	identities,
		const IdentityAclPredicate &	acl,
		const IdentityExpectationMatcher &	matcher,
		std::string *	explanation = `nullptr`
	)

Uses matcher to evaluate whether identities satisfies acl.

The ACL is provided in the form of an IdentityAclPredicate. An IdentityAclPredicate is a recursive proto, each layer of which must conform to the following constraints:

A nested IdentityAclPredicate predicate must have predicate.item set.
A nested IdentityAclGroup group must have a non-empty group.predicates.
- If group.type is GroupType::NOT, group.predicates must contain exactly one predicate.

Returns a non-OK status if acl is malformed or if matcher.MatchAndExplain() returns a non-OK status when invoked with any of identities.

Parameters

	identities	A list of identities to match against the ACL.
	acl	An ACL specifying expectations on an identity.
	matcher	The matcher to use to evaluate `identities` against `acl`.
[out]	explanation	An explanation of why the match failed, if the result is false.

Returns: A bool indicating whether the ACL evaluated to true, or a non-OK Status if any if the inputs are invalid.

◆ get_log_directory()

const std::string asylo::get_log_directory ( )

Gets the log directory that was specified when this enclave is initialized.

Returns: The directory where the log files will be.

◆ get_vlog_level()

int asylo::get_vlog_level ( )

Gets the verbosity threshold for VLOG.

A VLOG command with a level greater than this will be ignored.

Returns: The current verbosity threshold for VLOG.

◆ GetErrno()

int asylo::GetErrno ( const Status & status )

Returns the POSIX error number that a Status represents, or zero if the Status does not represent a POSIX error.

This function understands Statuses that were created in the POSIX error space.

Parameters

status A status object.

Returns: The POSIX error number represented by status, or zero if status does not represent a POSIX error.

◆ GetProtoPayload()

template<typename MessageT , typename StatusT = Status>

absl::optional<MessageT> asylo::GetProtoPayload ( const StatusT & status )

Gets the payload of type MessageT in status.

MessageT must be a protobuf message type.

The status argument may be either an Asylo Status or an absl::Status.

Parameters

status The status to find the payload in.

Returns: The payload of type MessageT in status, or absl::nullopt if status contains no payload of the given type. Also returns absl::nullopt if there was a parsing error.

◆ GetSelfSgxIdentity()

SgxIdentity asylo::GetSelfSgxIdentity ( )

Returns the current enclave's identity.

◆ GetTypeUrl()

template<typename MessageT >

std::string asylo::GetTypeUrl ( )

Returns the type URL associated with a given protobuf message type.

This should be used when embedding a message of that type as a payload in a Status.

Returns: The type URL to use for MessageT payloads.

◆ InitLogging()

bool asylo::InitLogging	(	const char *	directory,
		const char *	file_name,
		int	level
	)

Initializes minimal logging library.

For untrusted logging, the program name specified by argv0 will be used as log filename; For enclave logging, the enclave name will be used as log filename (any slashes or dots will be removed). This method is called during enclave initialization. For untrusted logging, this should be called in main().

Parameters

directory	The log file directory.
file_name	The name of the log file.
level	The verbosity threshold for VLOG commands. A VLOG command with a level equal to or lower than it will be logged.

◆ IsValidSgxIdentity()

bool asylo::IsValidSgxIdentity ( const SgxIdentity & identity )

Returns whether identity is valid.

An SgxIdentity is considered valid if its MISCSELECT and ATTRIBUTES properties are set and any additional fields present in the message are valid as well.

◆ IsValidSgxIdentityExpectation()

bool asylo::IsValidSgxIdentityExpectation ( const SgxIdentityExpectation & expectation )

Returns whether expectation is valid.

An SgxIdentityExpectation is valid if its identity and match spec components are valid and they are both compatible with each other.

◆ IsValidSgxIdentityMatchSpec()

bool asylo::IsValidSgxIdentityMatchSpec ( const SgxIdentityMatchSpec & match_spec )

Returns whether match_spec is valid.

An SgxIdentityMatchSpec is valid if all of its constituent fields are set.

◆ LastPosixError()

Status asylo::LastPosixError ( absl::string_view message = "" )

Returns a Status representing the last POSIX error in this thread.

Equivalent to calling PosixError(errno, message).

Parameters

message An optional message to prepend to the POSIX error explanation string.

Returns: An error the last POSIX error in this thread.

◆ LoadEnclaveInChildProcess()

primitives::Client* asylo::LoadEnclaveInChildProcess	(	absl::string_view	enclave_name,
		void *	enclave_base_address,
		size_t	enclave_size
	)

◆ MakeCheckOpValueString()

template<>

void asylo::MakeCheckOpValueString	(	std::ostream *	os,
		const std::nullptr_t &	p
	)

◆ OkStatus()

Status asylo::OkStatus ( )

Returns an OK status object.

Returns: A Status indicating no error occurred.

◆ operator!=() [1/4]

bool asylo::operator!=	(	const Sha256HashProto &	lhs,
		const Sha256HashProto &	rhs
	)

Compares two Sha256HashProto messages for inequality.

◆ operator!=() [2/4]

bool asylo::operator!=	(	const Status &	lhs,
		const Status &	rhs
	)

◆ operator!=() [3/4]

bool asylo::operator!=	(	const Status &	lhs,
		const absl::Status &	rhs
	)

◆ operator!=() [4/4]

bool asylo::operator!=	(	const absl::Status &	lhs,
		const Status &	rhs
	)

◆ operator<<() [1/2]

std::ostream& asylo::operator<<	(	std::ostream &	os,
		const SharedName &	name
	)

inline

◆ operator<<() [2/2]

std::ostream& asylo::operator<<	(	std::ostream &	os,
		const Status &	status
	)

◆ operator==() [1/4]

bool asylo::operator==	(	const Sha256HashProto &	lhs,
		const Sha256HashProto &	rhs
	)

Compares two Sha256HashProto messages for equality.

◆ operator==() [2/4]

bool asylo::operator==	(	const Status &	lhs,
		const Status &	rhs
	)

◆ operator==() [3/4]

bool asylo::operator==	(	const Status &	lhs,
		const absl::Status &	rhs
	)

◆ operator==() [4/4]

bool asylo::operator==	(	const absl::Status &	lhs,
		const Status &	rhs
	)

◆ ParseSgxIdentity()

StatusOr<SgxIdentity> asylo::ParseSgxIdentity ( const EnclaveIdentity & generic_identity )

Parses and validates generic_identity, returning an SgxIdentity on success or a non-OK Status on failure.

◆ ParseSgxIdentityExpectation()

StatusOr<SgxIdentityExpectation> asylo::ParseSgxIdentityExpectation ( const EnclaveIdentityExpectation & generic_expectation )

Parses and validates generic_expectation, returning an SgxIdentityExpectation on success or a non-OK Status on failure.

◆ ParseSgxIdentityMatchSpec()

StatusOr<SgxIdentityMatchSpec> asylo::ParseSgxIdentityMatchSpec ( const std::string & generic_match_spec )

Parses and validates generic_match_spec, returning an SgxIdentityMatchSpec on success or a non-OK Status on failure.

◆ PeerNullCredentialsOptions()

EnclaveCredentialsOptions asylo::PeerNullCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-unauthenticated gRPC channel between two enclave entities.

A credential configured with these options enforces unidirectional authentication using the null identity. The null identity specifies no identity in particular, which means that in the resulting connection the peer does not authenticate.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(PeerNullCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(PeerNullCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unauthenticated on the peer's end.

◆ PeerSgxAgeRemoteCredentialsOptions()

EnclaveCredentialsOptions asylo::PeerSgxAgeRemoteCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel where it accepts identities attested by a remote SGX enclave using Asylo's Assertion Generator Enclave.

A credential configured with these options enforces that the peer authenticates using SGX enclave code identity attested by Asylo's Assertion Generator Enclave..

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(PeerSgxAgeRemoteCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(PeerSgxAgeRemoteCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unidirectionally-authenticated on the peer's end using SGX enclave code identity.

◆ PeerSgxLocalCredentialsOptions()

EnclaveCredentialsOptions asylo::PeerSgxLocalCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel between two local SGX enclaves.

A credential configured with these options enforces that the peer authenticates using SGX enclave code identity.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(PeerSgxLocalCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(PeerSgxLocalCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unidirectionally-authenticated on the peer's end using SGX enclave code identity.

◆ PosixError()

Status asylo::PosixError	(	int	errnum,
		absl::string_view	message = `""`
	)

Returns a Status representing a POSIX error.

If errnum is zero, PosixError() returns an OK status. Otherwise, the returned error message includes the POSIX error explanation string.

Callers should not rely on how PosixError() embeds error information in the returned Status. Instead, callers can use GetErrno() to inspect a Status for POSIX error information.

However, callers may rely on stability in the mapping between POSIX error numbers and absl::StatusCodes. Callers can also use this function to create Statuses that are understandable by other code that uses the POSIX error space.

Parameters

errnum	A POSIX error number. See errno(3).
message	An optional message to prepend to the POSIX error explanation string.

Returns: An error representing errnum, or an OK status if errnum is zero.

◆ PosixErrorIs()

PolymorphicStatusMatcherType asylo::PosixErrorIs ( int errnum )

Matches a Status-like object that contains the given POSIX error.

Works on any Status that can be inspected by GetErrno().

Parameters

errnum A POSIX error code.

Returns: A GoogleTest matcher for POSIX errors representing errnum.

◆ SelfNullCredentialsOptions()

EnclaveCredentialsOptions asylo::SelfNullCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-unauthenticated gRPC channel between two enclave entities.

A credential configured with these options enforces unidirectional authentication using the null identity. The null identity specifies no identity in particular, which means that in the resulting connection the credential holder does not authenticate.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(SelfNullCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(SelfNullCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unauthenticated on the credential holder's end.

◆ SelfSgxAgeRemoteCredentialsOptions()

EnclaveCredentialsOptions asylo::SelfSgxAgeRemoteCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel.

A credential configured with these options enforces that the credential holder authenticates using SGX enclave code identity attested by Asylo's Assertion Generator Enclave.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(SelfSgxAgeRemoteCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(SelfSgxAgeRemoteCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unidirectionally-authenticated on the credential holder's end using SGX enclave code identity.

◆ SelfSgxLocalCredentialsOptions()

EnclaveCredentialsOptions asylo::SelfSgxLocalCredentialsOptions ( )

Creates options suitable for configuring a credential used in establishing a unidirectionally-authenticated gRPC channel between two local SGX enclaves.

A credential configured with these options enforces that the credential holder authenticates using SGX enclave code identity.

Sample usage for creating ::grpc::ChannelCredentials:

std::shared_ptr<::grpc::ChannelCredentials> creds =

EnclaveChannelCredentials(SelfSgxLocalCredentialsOptions());

Sample usage for creating ::grpc::ServerCredentials:

std::shared_ptr<::grpc::ServerCredentials> creds =

EnclaveServerCredentials(SelfSgxLocalCredentialsOptions());

Returns: Options used to configure gRPC credentials for a channel that is unidirectionally-authenticated on the credential holder's end using SGX enclave code identity.

◆ SerializeSgxIdentity()

StatusOr<EnclaveIdentity> asylo::SerializeSgxIdentity ( const SgxIdentity & sgx_identity )

Serializes sgx_identity, returning an EnclaveIdentity on success or a non-OK Status on failure.

◆ SerializeSgxIdentityExpectation()

StatusOr<EnclaveIdentityExpectation> asylo::SerializeSgxIdentityExpectation ( const SgxIdentityExpectation & sgx_expectation )

Serializes sgx_expectation, returning an EnclaveIdentityExpectation on success or a non-OK Status on failure.

◆ SerializeSgxIdentityMatchSpec()

StatusOr<std::string> asylo::SerializeSgxIdentityMatchSpec ( const SgxIdentityMatchSpec & sgx_match_spec )

Serializes sgx_match_spec, returning a string on success or a non-OK Status on failure.

◆ set_log_directory()

bool asylo::set_log_directory ( const std::string & log_directory )

Sets the log directory, as specified when this enclave is initialized.

This is only set once. Any request to reset it will return false.

Parameters

log_directory The log file directory.

Returns: True if and only if the log directory is set successfully.

◆ set_vlog_level()

void asylo::set_vlog_level ( int level )

Sets the verbosity threshold for VLOG.

A VLOG command with a level greater than this will be ignored.

Parameters

level The verbosity threshold for VLOG to be set. A VLOG command with level less than or equal to this will be logged.

◆ SetEnclaveConfigDefaults() [1/2]

void asylo::SetEnclaveConfigDefaults	(	const HostConfig &	host_config,
		EnclaveConfig *	config
	)

Deprecated:: Sets critical uninitialized fields in config to default values.

Parameters

host_config	Values to set in the `host_config` field of `config`.
config[out]	EnclaveConfig object to populate.

◆ SetEnclaveConfigDefaults() [2/2]

void asylo::SetEnclaveConfigDefaults ( EnclaveConfig * config )

Sets critical uninitialized fields in config to default values.

Parameters

config[out] EnclaveConfig object to populate.

◆ SetNullAssertionDescription()

void asylo::SetNullAssertionDescription ( AssertionDescription * assertion_description )

inline

Sets assertion_description to describe a null assertion.

Parameters

assertion_description The AssertionDescription to populate.

◆ SetNullIdentityDescription()

void asylo::SetNullIdentityDescription ( EnclaveIdentityDescription * identity_description )

inline

Sets identity_description to describe a null identity.

Parameters

identity_description The EnclaveIdentityDescription to populate.

◆ SetProtoPayload()

template<typename MessageT , typename StatusT = Status>

void asylo::SetProtoPayload	(	const MessageT &	message,
		StatusT &	status
	)

Adds a payload of type MessageT to status.

MessageT must be a protobuf message type. Note that a Status can only have one payload of any given message type.

The message is embedded with the same type URL that would be used to pack the message into a google::protobuf::Any.

The status argument may be either an Asylo Status or an absl::Status.

Parameters

	message	A protobuf message object.
[in,out]	status	The status to add the payload to.

◆ SetSgxAgeRemoteAssertionDescription()

void asylo::SetSgxAgeRemoteAssertionDescription ( AssertionDescription * assertion_description )

inline

Sets assertion_description to describe an SGX remote assertion generated by the Assertion Generator Enclave (AGE).

Parameters

assertion_description The AssertionDescription to populate.

◆ SetSgxIdentityDescription()

void asylo::SetSgxIdentityDescription ( EnclaveIdentityDescription * identity_description )

inline

Sets identity_description to describe an SGX identity.

Parameters

identity_description The EnclaveIdentityDescription to populate.

◆ SetSgxIntelEcdsaQeRemoteAssertionDescription()

void asylo::SetSgxIntelEcdsaQeRemoteAssertionDescription ( AssertionDescription * assertion_description )

inline

Sets assertion_description to describe an SGX remote assertion generated by the Intel ECDSA Quoting Enclave (QE).

Parameters

assertion_description The AssertionDescription to populate.

◆ SetSgxLocalAssertionDescription()

void asylo::SetSgxLocalAssertionDescription ( AssertionDescription * assertion_description )

inline

Sets assertion_description to describe an SGX local assertion.

Parameters

assertion_description The AssertionDescription to populate.

◆ StatusFromProto()

Status asylo::StatusFromProto ( const StatusProto & status_proto )

Returns a Status based on the contents of the given status_proto.

If the error space given by status_proto.space() is unrecognized, the returned Status is in the canonical error space and has an error code equal to status_proto.canonical_code(). If status_proto has no canonical code, the returned Status has an error code of absl::StatusCode::kUnknown. Note that the error message is only set if status_proto represents a non-OK status.

If the given status_proto is invalid, then the returned Status has an appropriate error code and message. A StatusProto is valid if and only if all the following conditions hold:

If code() is 0, then canonical_code() is set to 0.
If canonical_code() is 0, then code() is set to 0.
If the error space is recognized, then canonical_code() is equal to the equivalent canonical code given by the error space.

Parameters

status_proto A protobuf object to unpack.

Returns: A Status based on the contents of status_proto.

◆ StatusToProto()

StatusProto asylo::StatusToProto ( const Status & status )

Exports the contents of status into a StatusProto.

This function sets the space and canonical_code fields in status_proto even if status is in the canonical error space.

Parameters

status A Status to pack into a proto.

Returns: A StatusProto representing status.

◆ ValidateSha256HashProto()

Status asylo::ValidateSha256HashProto ( const Sha256HashProto & hash_proto )

Validates that |hash_proto| has a hash that is exactly 32 bytes.

◆ WithContext() [1/3]

Status asylo::WithContext	(	const Status &	status,
		absl::string_view	context
	)

Returns the Status with the provided context prepended to its error message.

Returns OkStatus() if the given Status is OK.

Parameters

status	A `Status` to add context to.
context	Additional context to add to the `Status`.

Returns: status with context prepended, along with an appropriate separator.

◆ WithContext() [2/3]

template<typename T >

StatusOr<T> asylo::WithContext	(	StatusOr< T >	status_or,
		absl::string_view	context
	)

As the Status overload above, but for StatusOr<T>.

Parameters

status	A `StatusOr<T>` to add context to, if it is not OK.
context	Additional context to add to the `Status`.

Returns: status_or if it is OK, otherwise status_or.status() with context prepended to the error message.

◆ WithContext() [3/3]

template<typename T >

absl::StatusOr<T> asylo::WithContext	(	absl::StatusOr< T >	status_or,
		absl::string_view	context
	)

As the StatusOr<T> overload above, but for absl::StatusOr<T>.

Parameters

status	An `absl::StatusOr<T>` to add context to, if it is not OK.
context	Additional context to add to the `absl::Status`.

Returns: status_or if it is OK, otherwise status_or.status() with context prepended to the error message.

Variable Documentation

◆ kStatusMoveAssignmentMsg

ABSL_CONST_INIT const char asylo::kStatusMoveAssignmentMsg[]

◆ kStatusMoveConstructorMsg

ABSL_CONST_INIT const char asylo::kStatusMoveConstructorMsg[]

◆ kValueMoveAssignmentMsg

ABSL_CONST_INIT const char asylo::kValueMoveAssignmentMsg[]

◆ kValueMoveConstructorMsg

ABSL_CONST_INIT const char asylo::kValueMoveConstructorMsg[]

◆ kValueOrDieMovedMsg

ABSL_CONST_INIT const char asylo::kValueOrDieMovedMsg[]

Namespaces

Classes

Typedefs

Enumerations

Functions

Variables

Typedef Documentation

◆ CleansingString

◆ CleansingVector

Enumeration Type Documentation

◆ SgxIdentityMatchSpecOptions

DEFAULT

STRICT_LOCAL

STRICT_REMOTE

Function Documentation

◆ AbslParseFlag()

◆ AbslUnparseFlag()

◆ BidirectionalNullCredentialsOptions()

◆ BidirectionalSgxAgeRemoteCredentialsOptions()

◆ BidirectionalSgxLocalCredentialsOptions()

◆ CheckNotNull()

◆ ConvertStatus()

◆ CreateDefaultEnclaveConfig() [1/2]

◆ CreateDefaultEnclaveConfig() [2/2]

◆ CreateNullAssertionAuthorityConfig()

◆ CreateNullIdentityExpectation()

◆ CreateSgxAgeRemoteAssertionAuthorityConfig() [1/2]

◆ CreateSgxAgeRemoteAssertionAuthorityConfig() [2/2]

◆ CreateSgxIdentityExpectation() [1/2]

◆ CreateSgxIdentityExpectation() [2/2]

◆ CreateSgxIdentityMatchSpec()

◆ CreateSgxLocalAssertionAuthorityConfig() [1/2]

◆ CreateSgxLocalAssertionAuthorityConfig() [2/2]

◆ CreateSha256HashProto()

◆ DEFINE_STATIC_MAP_OF_BASE_TYPE()

◆ EnclaveChannelCredentials()

◆ EnclaveServerCredentials()

◆ EnsureDirectory()

◆ EvaluateIdentityAcl()

◆ get_log_directory()

◆ get_vlog_level()

◆ GetErrno()

◆ GetProtoPayload()

◆ GetSelfSgxIdentity()

◆ GetTypeUrl()

◆ InitLogging()

◆ IsValidSgxIdentity()

◆ IsValidSgxIdentityExpectation()

◆ IsValidSgxIdentityMatchSpec()

◆ LastPosixError()

◆ LoadEnclaveInChildProcess()

◆ MakeCheckOpValueString()

◆ OkStatus()

◆ operator!=() [1/4]

◆ operator!=() [2/4]

◆ operator!=() [3/4]

◆ operator!=() [4/4]

◆ operator<<() [1/2]

◆ operator<<() [2/2]

◆ operator==() [1/4]

◆ operator==() [2/4]

◆ operator==() [3/4]

◆ operator==() [4/4]

◆ ParseSgxIdentity()

◆ ParseSgxIdentityExpectation()

◆ ParseSgxIdentityMatchSpec()

◆ PeerNullCredentialsOptions()

◆ PeerSgxAgeRemoteCredentialsOptions()

◆ PeerSgxLocalCredentialsOptions()

◆ PosixError()

◆ PosixErrorIs()

◆ SelfNullCredentialsOptions()

◆ SelfSgxAgeRemoteCredentialsOptions()

◆ SelfSgxLocalCredentialsOptions()

◆ SerializeSgxIdentity()

◆ SerializeSgxIdentityExpectation()

◆ SerializeSgxIdentityMatchSpec()

◆ set_log_directory()

◆ set_vlog_level()

◆ SetEnclaveConfigDefaults() [1/2]

`DEFAULT`

`STRICT_LOCAL`

`STRICT_REMOTE`