Asylo
sgx_intel_ecdsa_qe_remote_assertion_generator.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ATTESTATION_SGX_SGX_INTEL_ECDSA_QE_REMOTE_ASSERTION_GENERATOR_H_
20 #define ASYLO_IDENTITY_ATTESTATION_SGX_SGX_INTEL_ECDSA_QE_REMOTE_ASSERTION_GENERATOR_H_
21 
22 #include <memory>
23 #include <string>
24 
25 #include "asylo/crypto/certificate_util.h"
26 #include "asylo/identity/additional_authenticated_data_generator.h"
27 #include "asylo/identity/attestation/enclave_assertion_generator.h"
28 #include "asylo/identity/attestation/sgx/internal/dcap_library_interface.h"
29 #include "asylo/identity/attestation/sgx/internal/intel_architectural_enclave_interface.h"
30 #include "asylo/identity/attestation/sgx/sgx_intel_ecdsa_qe_remote_assertion_authority_config.pb.h"
31 #include "asylo/identity/identity.pb.h"
32 #include "asylo/identity/platform/sgx/internal/hardware_interface.h"
33 #include "asylo/util/mutex_guarded.h"
34 #include "asylo/util/status.h"
35 #include "asylo/util/statusor.h"
36 
37 namespace asylo {
38 
39 /// Implementation of `EnclaveAssertionGenerator` that generates assertions
40 /// using the Intel ECDSA quoting enclave. These assertions attest, to a remote
41 /// party, properties about both an enclave's code as well as the Intel platform
42 /// properties.
44  : public EnclaveAssertionGenerator {
45  public:
46  // Constructs a new `SgxIntelEcdsaQeAssertionGenerator` that internally uses
47  // the `EnclaveDcapLibraryInterface`, which uses ocalls to invoke all
48  // Intel DCAP APIs. Default-constructed objects generate assertions suitable
49  // for use with EKEP. `HardwareInterface` is used to invoke SGX-specific
50  // hardware routines.
51  //
52  // The generator MUST be initialized via a call to Initialize().
54 
55  // Constructs a new `SgxIntelEcdsaQeAssertionGenerator` that uses
56  // |intel_enclaves| for invoking the Intel quoting software stack, and
57  // generates authenticated data to include in the quote using |aad_generator|.
58  // |hardware_interface| is used to invoke SGX-specific hardware routines.
59  //
60  // The generator MUST be initialized via a call to Initialize().
62  std::unique_ptr<AdditionalAuthenticatedDataGenerator> aad_generator,
63  std::unique_ptr<asylo::sgx::IntelArchitecturalEnclaveInterface>
64  intel_enclaves,
65  std::unique_ptr<sgx::HardwareInterface> hardware_interface);
66 
68 
69  Status Initialize(const std::string &config) override;
70 
71  bool IsInitialized() const override;
72 
73  EnclaveIdentityType IdentityType() const override;
74 
75  std::string AuthorityType() const override;
76 
78 
79  StatusOr<bool> CanGenerate(const AssertionRequest &request) const override;
80 
82  Assertion *assertion) const override;
83 
84  private:
85  struct Members {
86  bool is_initialized = false;
87  };
88 
89  Status ReadCertificationData(
90  const SgxIntelEcdsaQeRemoteAssertionAuthorityConfig &config) const;
91 
92  MutexGuarded<Members> members_;
95  intel_enclaves_;
96  std::unique_ptr<sgx::HardwareInterface> hardware_interface_;
97 };
98 
99 } // namespace asylo
100 
101 #endif // ASYLO_IDENTITY_ATTESTATION_SGX_SGX_INTEL_ECDSA_QE_REMOTE_ASSERTION_GENERATOR_H_
~SgxIntelEcdsaQeRemoteAssertionGenerator() override=default
std::string AuthorityType() const override
Gets the type of this assertion authority.
bool IsInitialized() const override
Indicates whether this assertion authority has been initialized successfully via a call to Initialize...
Status CreateAssertionOffer(AssertionOffer *offer) const override
Creates an assertion offer compatible with this generator&#39;s identity type and authority type and plac...
Status Initialize(const std::string &config) override
Initializes this assertion authority using the provided config.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
Status Generate(const std::string &user_data, const AssertionRequest &request, Assertion *assertion) const override
Generates an assertion that satisfies the given request, if request is compatible with this generator...
EnclaveIdentityType IdentityType() const override
Gets the enclave identity type handled by this assertion authority.
StatusOr< bool > CanGenerate(const AssertionRequest &request) const override
Indicates whether the assertion requested in request can be generated by this generator.
SgxIntelEcdsaQeRemoteAssertionGenerator(std::unique_ptr< AdditionalAuthenticatedDataGenerator > aad_generator, std::unique_ptr< asylo::sgx::IntelArchitecturalEnclaveInterface > intel_enclaves, std::unique_ptr< sgx::HardwareInterface > hardware_interface)
Implementation of EnclaveAssertionGenerator that generates assertions using the Intel ECDSA quoting e...
Definition: sgx_intel_ecdsa_qe_remote_assertion_generator.h:43