enclave { from "sgx_tkey_exchange.edl" import *; include "sgx_key_exchange.h" include "sgx_tseal.h" trusted { /** * Initialize the remote attestation process. * * @param usePlatformServices If true, the enclave establishes a * session with the PSE before initializing the attestation context. * This provides additional nonce replay protection and a reliable * monotonic counter. * @param challengerKey ECDSA public key of the challenger with the 8 * magic bytes removed, and X and Y components changed to little * endian. * @param context The variable receiving the context constructed during * initialization. * * @return Status code indicative of the outcome of the operation. */ public sgx_status_t initializeRemoteAttestation( bool usePlatformServices, [in] sgx_ec256_public_t *challengerKey, [out] sgx_ra_context_t *context ); /** * Clean up and finalize the remote attestation process. * * @param context The context constructed during initialization. * * @return SGX_SUCCESS if successful, or SGX_ERROR_INVALID_PARAMETER if * an invalid context is provided. */ public sgx_status_t finalizeRemoteAttestation( sgx_ra_context_t context ); /** * Verify CMAC of attestation result from challenger using the MK key. * * @param context The context constructed during initialization. * @param message The status obtained from the challenger as part of * the attestation result. * @param messageSize The size of the attestation status payload. * @param cmac The CMAC received from the challenger. * @param cmacSize The size of the CMAC received. * * @return Status code indicative of the outcome of the operation. */ public sgx_status_t verifyCMAC( sgx_ra_context_t context, [in,size=messageSize] uint8_t *message, size_t messageSize, [in,size=cmacSize] uint8_t *cmac, size_t cmacSize ); /** * Verify an attestation response from the service provider. * * @param context The context constructed during initialization. * @param secret Message containing the secret. * @param secretSize Size of the secret message, in bytes. * @param gcmIV The initialization vector used in the decryption. * @param gcmMac Pointer to the AES-GCM MAC for the secret message. * @param gcmMacSize Size of the AES-GCM MAC. * @param sealedSecret Pre-allocated buffer receiving the sealed * secret. If NULL, the sealed secret will not be returned. * @param maxSealedSecretSize The maximum size of the sealed secret. * This must be less than or equal to the size of the pre-allocated * buffer above, and no larger than the upper limit of 128 bytes. * * @return Status code indicative of the outcome of the operation. */ public sgx_status_t verifyAttestationResponse( sgx_ra_context_t context, [in,size=secretSize] uint8_t *secret, size_t secretSize, [in,count=12] uint8_t *gcmIV, [in,size=gcmMacSize] uint8_t *gcmMac, size_t gcmMacSize, [out,size=maxSealedSecretSize] uint8_t *sealedSecret, size_t maxSealedSecretSize ); /** * Check whether the application enclave is able to unseal a secret. * * @param sealedSecret The previously sealed secret. * @param sealedSecretSize The size of the sealed secret. * * @return Status code indicative of the outcome of the operation. */ public sgx_status_t unsealSecret( [in,size=sealedSecretSize] uint8_t *sealedSecret, size_t sealedSecretSize ); }; };