mirror of
https://github.com/corda/corda.git
synced 2024-12-29 09:18:58 +00:00
c545a58c1d
* Initial host server skeleton. * Create IASProxy project, and skeleton for attestation host. * Fix up tests * Extend attestation host skeleton, and make test ports configurable. * Enhance MockIAS to make pseManifestStatus optional. * Make IASProxy endpoints asynchronous. * Add sub-modules for challenger and for common code. * Create integration test for host's provisioning endpoint. * Flesh out attestation challenger WAR. * Package refactoring, to be more Java9 friendly. * Refactor more messages into attestation-common. * Remove our private key from the repository. * Declare an empty PSE Manifest to be invalid. * Fix basic integration test issues for challenger and host. * Integrate keystore scripts into the build properly. * Name keystore targets explicitly for Gradle. * Allow HTTP conversation between Challenger, Host and ISV using session ID. * Add MockHost for challenger's integration tests. * Reconcile HTTP port numbers between Phase1 and Phase2 components. * Remove elements that can be inherited from root project. * Add placeholder README. * Add convenient extension functions to ObjectMapper. * Extend integration test coverage for challenger/host/isv. * Catch IOException from HttpClient for challenger. * Integrate host sub-module with remote-attestation project. * Begin integrating host/enclave code from Phase I. * Rename challenger's HTTP endpoint. * Generate keystore for challenger "on the fly". * Add native JNI code for accessing the SGX enclave. * Point Gradle to the correct enclave object. * Fixes for generating a Quote for this enclave. * Return the IAS report to the challenger for verification. * Begin populating the challenger's AttestationResponse message. * Enable the challenger to pass encrypted secrets into the enclave. * Align challenger, host and isv ports. * Refactor challenger as a fat-jar application. * AttestationResponse is not shared, so refactor into challenger. * Move HttpClientContext objects into HttpClient blocks. * Remove unused Message2 and Message3 objects. * Add realistic dummy value for reportID from IAS. * Small tidy-up on attestation host. * First set of review comments. * Add missing exception message. * Update location of environment file. * Use empty mock revocation lists by default. * Improve logging and add "happy path" test for provisioning secrets. * Update Gradle files so that we can run attestation-host from IntelliJ. * The platformInfo field from IAS can be null, so allow this. Also protect other JNI pointer parameters from NPE. * Allow Gradle to build hardware enclave.
56 lines
1.7 KiB
C++
56 lines
1.7 KiB
C++
#ifndef __ENCLAVE_MANAGER_H__
|
|
#define __ENCLAVE_MANAGER_H__
|
|
|
|
#include <sgx_capable.h>
|
|
#include <sgx_urts.h>
|
|
|
|
/**
|
|
* Instantiate a new enclave from a signed enclave binary, and return the
|
|
* identifier of the instance.
|
|
*
|
|
* @param path The file name of the signed enclave binary to load.
|
|
* @param use_platform_services If true, Intel's platform services are used to
|
|
* add extra protection against replay attacks during nonce generation and to
|
|
* provide a trustworthy monotonic counter.
|
|
* @param result Variable receiving the result of the operation, if not NULL.
|
|
* @param token Pointer to launch token; cannot be NULL.
|
|
*
|
|
* @return The identifier of the created enclave.
|
|
*/
|
|
sgx_enclave_id_t create_enclave(
|
|
const char *path,
|
|
bool use_platform_services,
|
|
sgx_status_t *result,
|
|
sgx_launch_token_t *token
|
|
);
|
|
|
|
/**
|
|
* Destroy enclave if currently loaded.
|
|
*
|
|
* @param enclave_id The identifier of the enclave to destroy.
|
|
*
|
|
* @return True if the enclave was active and got destroyed. False otherwise.
|
|
*/
|
|
bool destroy_enclave(
|
|
sgx_enclave_id_t enclave_id
|
|
);
|
|
|
|
/**
|
|
* Check the status of the SGX device on the current machine.
|
|
*/
|
|
sgx_device_status_t get_device_status(void);
|
|
|
|
/**
|
|
* Report which extended Intel EPID Group the client uses by default. The key
|
|
* used to sign a Quote will be a member of the extended EPID Group reported in
|
|
* this API. The application will typically use this value to tell the ISV
|
|
* Service Provider which group to use during remote attestation.
|
|
*
|
|
* @param result Variable receiving the result of the operation, if not NULL.
|
|
*
|
|
* @return The extended EPID group identifier.
|
|
*/
|
|
uint32_t get_extended_group_id(sgx_status_t *result);
|
|
|
|
#endif /* __ENCLAVE_MANAGER_H__ */
|