45 строки
1.4 KiB
C++
45 строки
1.4 KiB
C++
// Copyright (c) Open Enclave SDK contributors.
|
|
// Licensed under the MIT License.
|
|
|
|
#ifndef OE_SAMPLES_ATTESTATION_ENC_ATTESTATION_H
|
|
#define OE_SAMPLES_ATTESTATION_ENC_ATTESTATION_H
|
|
|
|
#include <openenclave/enclave.h>
|
|
#include "crypto.h"
|
|
|
|
#define ENCLAVE_SECRET_DATA_SIZE 16
|
|
class Attestation
|
|
{
|
|
private:
|
|
Crypto* m_crypto;
|
|
uint8_t* m_enclave_mrsigner;
|
|
|
|
public:
|
|
Attestation(Crypto* crypto, uint8_t* enclave_mrsigner = nullptr);
|
|
|
|
// Generate a remote report for the given data. The SHA256 digest of the
|
|
// data is stored in the report_data field of the generated remote report.
|
|
int generate_remote_report(
|
|
const uint8_t* data,
|
|
size_t data_size,
|
|
uint8_t** remote_report_buf,
|
|
size_t* remote_report_buf_size);
|
|
|
|
/**
|
|
* Attest the given remote report and accompanying data. The remote report
|
|
* is first attested using the oe_verify_report API. This ensures the
|
|
* authenticity of the enclave that generated the remote report. Next the
|
|
* mrsigner and mrenclave values are tested to establish trust of the
|
|
* enclave that generated the remote report. Next the validity of
|
|
* accompanying data is ensured by comparing its SHA256 digest against the
|
|
* report_data field.
|
|
*/
|
|
int attest_remote_report(
|
|
const uint8_t* remote_report,
|
|
size_t remote_report_size,
|
|
const uint8_t* data,
|
|
size_t data_size);
|
|
};
|
|
|
|
#endif // OE_SAMPLES_ATTESTATION_ENC_ATTESTATION_H
|