Asylo
sgx_age_remote_assertion_generator.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ATTESTATION_SGX_SGX_AGE_REMOTE_ASSERTION_GENERATOR_H_
20 #define ASYLO_IDENTITY_ATTESTATION_SGX_SGX_AGE_REMOTE_ASSERTION_GENERATOR_H_
21 
22 #include <string>
23 #include <vector>
24 
25 #include "asylo/crypto/certificate.pb.h"
26 #include "asylo/identity/attestation/enclave_assertion_generator.h"
27 #include "asylo/identity/attestation/sgx/internal/sgx_remote_assertion_generator_client.h"
28 #include "asylo/identity/identity.pb.h"
29 #include "asylo/util/mutex_guarded.h"
30 #include "asylo/util/status.h"
31 #include "asylo/util/statusor.h"
32 
33 namespace asylo {
34 
35 /// A thread-safe implementation of the EnclaveAssertionGenerator interface for
36 /// SGX remote assertions generated by the Assertion Generator Enclave (AGE).
37 ///
38 /// An SgxAgeRemoteAssertionGenerator is capable of generating assertion offers
39 /// and assertions for SGX identities that can be remotely verified.
40 class SgxAgeRemoteAssertionGenerator final : public EnclaveAssertionGenerator {
41  public:
42  /// Constructs an uninitialized SgxAgeRemoteAssertionGenerator.
43  ///
44  /// The generator can be initialized via a call to Initialize().
46 
47  ///////////////////////////////////////////
48  // From AssertionAuthority interface. //
49  ///////////////////////////////////////////
50 
51  Status Initialize(const std::string &config) override;
52 
53  bool IsInitialized() const override;
54 
55  EnclaveIdentityType IdentityType() const override;
56 
57  std::string AuthorityType() const override;
58 
59  ///////////////////////////////////////////
60  // From AssertionGenerator interface. //
61  ///////////////////////////////////////////
62 
64 
65  StatusOr<bool> CanGenerate(const AssertionRequest &request) const override;
66 
68  Assertion *assertion) const override;
69 
70  private:
71  // The identity type handled by this generator.
72  static constexpr EnclaveIdentityType kIdentityType = CODE_IDENTITY;
73 
74  // The authority type handled by this generator.
75  static const char *const kAuthorityType;
76 
77  // Struct that holds class members to be guarded by the initialization mutex.
78  struct Members {
79  // The root CAs' certificates in X.509 format.
80  std::vector<Certificate> root_ca_certificates;
81 
82  // The server address of the Assertion Generator Enclave (AGE).
83  std::string server_address;
84 
85  // Indicates whether this generator has been initialized.
86  bool initialized;
87 
88  Members() : initialized(false) {}
89  };
90 
91  MutexGuarded<Members> members_;
92 };
93 
94 } // namespace asylo
95 
96 #endif // ASYLO_IDENTITY_ATTESTATION_SGX_SGX_AGE_REMOTE_ASSERTION_GENERATOR_H_
Status Generate(const std::string &user_data, const AssertionRequest &request, Assertion *assertion) const override
Generates an assertion that satisfies the given request, if request is compatible with this generator...
SgxAgeRemoteAssertionGenerator()
Constructs an uninitialized SgxAgeRemoteAssertionGenerator.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
Status CreateAssertionOffer(AssertionOffer *offer) const override
Creates an assertion offer compatible with this generator&#39;s identity type and authority type and plac...
EnclaveIdentityType IdentityType() const override
Gets the enclave identity type handled by this assertion authority.
std::string AuthorityType() const override
Gets the type of this assertion authority.
StatusOr< bool > CanGenerate(const AssertionRequest &request) const override
Indicates whether the assertion requested in request can be generated by this generator.
Status Initialize(const std::string &config) override
Initializes this assertion authority using the provided config.
bool IsInitialized() const override
Indicates whether this assertion authority has been initialized successfully via a call to Initialize...