Asylo
sgx_local_assertion_generator.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2018 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ATTESTATION_SGX_SGX_LOCAL_ASSERTION_GENERATOR_H_
20 #define ASYLO_IDENTITY_ATTESTATION_SGX_SGX_LOCAL_ASSERTION_GENERATOR_H_
21 
22 #include <memory>
23 
24 #include "asylo/identity/additional_authenticated_data_generator.h"
25 #include "asylo/identity/attestation/enclave_assertion_generator.h"
26 #include "asylo/identity/attestation/sgx/internal/local_assertion.pb.h"
27 #include "asylo/util/mutex_guarded.h"
28 
29 namespace asylo {
30 
31 /// An implementation of the EnclaveAssertionGenerator interface for SGX local
32 /// assertions.
33 ///
34 /// An SgxLocalAssertionGenerator is capable of generating assertion offers and
35 /// assertions for SGX code identities that can be verified by SGX enclaves
36 /// running within the same local attestation domain.
37 class SgxLocalAssertionGenerator final : public EnclaveAssertionGenerator {
38  public:
39  /// Constructs an uninitialized SgxLocalAssertionGenerator.
40  ///
41  /// The generator can be initialized via a call to Initialize().
43 
44  ///////////////////////////////////////////
45  // From AssertionAuthority interface. //
46  ///////////////////////////////////////////
47 
48  Status Initialize(const std::string &config) override;
49 
50  bool IsInitialized() const override;
51 
52  EnclaveIdentityType IdentityType() const override;
53 
54  std::string AuthorityType() const override;
55 
56  ///////////////////////////////////////////
57  // From AssertionGenerator interface. //
58  ///////////////////////////////////////////
59 
61 
62  StatusOr<bool> CanGenerate(const AssertionRequest &request) const override;
63 
65  Assertion *assertion) const override;
66 
67  private:
68  // Parses additional information from the given |request|. Returns the
69  // LocalAssertionRequestAdditionalInfo on success. Returns a non-OK status on
70  // parsing failure.
71  StatusOr<sgx::LocalAssertionRequestAdditionalInfo> ParseAdditionalInfo(
72  const AssertionRequest &request) const;
73 
74  // The identity type handled by this generator.
75  static constexpr EnclaveIdentityType kIdentityType = CODE_IDENTITY;
76 
77  // The authority type handled by this generator.
78  static const char *const kAuthorityType;
79 
80  // A struct to hold the members so that they can be clearly guarded by the
81  // same mutex.
82  struct Members {
83  // The attestation domain to which the enclave belongs.
84  std::string attestation_domain;
85 
86  // Generates REPORTDATA that is signed as part of the attestation.
87  std::unique_ptr<AdditionalAuthenticatedDataGenerator> aad_generator;
88 
89  // Indicates whether this generator has been initialized.
90  bool initialized;
91 
92  Members() : initialized(false) {}
93  };
94 
95  MutexGuarded<Members> members_;
96 };
97 
98 } // namespace asylo
99 
100 #endif // ASYLO_IDENTITY_ATTESTATION_SGX_SGX_LOCAL_ASSERTION_GENERATOR_H_
Status Initialize(const std::string &config) override
Initializes this assertion authority using the provided config.
Status CreateAssertionOffer(AssertionOffer *offer) const override
Creates an assertion offer compatible with this generator&#39;s identity type and authority type and plac...
SgxLocalAssertionGenerator()
Constructs an uninitialized SgxLocalAssertionGenerator.
StatusOr< bool > CanGenerate(const AssertionRequest &request) const override
Indicates whether the assertion requested in request can be generated by this generator.
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
Status Generate(const std::string &user_data, const AssertionRequest &request, Assertion *assertion) const override
Generates an assertion that satisfies the given request, if request is compatible with this generator...
std::string AuthorityType() const override
Gets the type of this assertion authority.
EnclaveIdentityType IdentityType() const override
Gets the enclave identity type handled by this assertion authority.
bool IsInitialized() const override
Indicates whether this assertion authority has been initialized successfully via a call to Initialize...