Open Enclave  0.12.0
Go to the documentation of this file.
1 // Copyright (c) Open Enclave SDK contributors.
2 // Licensed under the MIT License.
10 #ifndef _OE_ENCLAVE_H
11 #define _OE_ENCLAVE_H
13 #ifdef _OE_HOST_H
14 #error "enclave.h and host.h must not be included in the same compilation unit."
15 #endif
17 #include <openenclave/bits/asym_keys.h>
18 #include "bits/defs.h"
19 #include "bits/evidence.h"
20 #include "bits/exception.h"
21 #include "bits/fs.h"
22 #include "bits/module.h"
23 #include "bits/properties.h"
24 #include "bits/result.h"
25 #include "bits/types.h"
42 #if defined(_ARM_) || defined(_M_ARM) || defined(__arm__) || \
43  defined(__thumb__) || defined(__aarch64__)
44 #define __thread
45 #endif
69  bool is_first_handler,
70  oe_vectored_exception_handler_t vectored_handler);
83  oe_vectored_exception_handler_t vectored_handler);
101 bool oe_is_within_enclave(const void* ptr, size_t size);
119 bool oe_is_outside_enclave(const void* ptr, size_t size);
134 void* oe_host_malloc(size_t size);
159 void* oe_host_realloc(void* ptr, size_t size);
175 void* oe_host_calloc(size_t nmemb, size_t size);
186 void oe_host_free(void* ptr);
202 char* oe_host_strndup(const char* str, size_t n);
210 void oe_abort(void) OE_NO_RETURN;
237 void __oe_assert_fail(
238  const char* expr,
239  const char* file,
240  int line,
241  const char* func);
252 #ifndef NDEBUG
253 #define oe_assert(EXPR) \
254  do \
255  { \
256  if (!(EXPR)) \
257  __oe_assert_fail(#EXPR, __FILE__, __LINE__, __FUNCTION__); \
258  } while (0)
259 #else
260 #define oe_assert(EXPR)
261 #endif
263 #if (OE_API_VERSION < 2)
264 #error "Only OE_API_VERSION of 2 is supported"
265 #else
266 #define oe_get_report oe_get_report_v2
267 #endif
293  uint32_t flags,
294  const uint8_t* report_data,
295  size_t report_data_size,
296  const void* opt_params,
297  size_t opt_params_size,
298  uint8_t** report_buffer,
299  size_t* report_buffer_size);
306 void oe_free_report(uint8_t* report_buffer);
308 #if (OE_API_VERSION < 2)
309 #error "Only OE_API_VERSION of 2 is supported"
310 #else
311 #define oe_get_target_info oe_get_target_info_v2
312 #endif
335  const uint8_t* report,
336  size_t report_size,
337  void** target_info_buffer,
338  size_t* target_info_size);
346 void oe_free_target_info(void* target_info);
364  const uint8_t* report,
365  size_t report_size,
366  oe_report_t* parsed_report);
386  const uint8_t* report,
387  size_t report_size,
388  oe_report_t* parsed_report);
390 #if (OE_API_VERSION < 2)
391 #error "Only OE_API_VERSION of 2 is supported"
392 #else
393 #define oe_get_seal_key_by_policy oe_get_seal_key_by_policy_v2
394 #endif
420  oe_seal_policy_t seal_policy,
421  uint8_t** key_buffer,
422  size_t* key_buffer_size,
423  uint8_t** key_info,
424  size_t* key_info_size);
426 #if (OE_API_VERSION < 2)
427 #error "Only OE_API_VERSION of 2 is supported"
428 #else
429 #define oe_get_seal_key oe_get_seal_key_v2
430 #endif
453  oe_seal_policy_t seal_policy,
454  const oe_asymmetric_key_params_t* key_params,
455  uint8_t** key_buffer,
456  size_t* key_buffer_size,
457  uint8_t** key_info,
458  size_t* key_info_size);
477  const oe_asymmetric_key_params_t* key_params,
478  const uint8_t* key_info,
479  size_t key_info_size,
480  uint8_t** key_buffer,
481  size_t* key_buffer_size);
504  oe_seal_policy_t seal_policy,
505  const oe_asymmetric_key_params_t* key_params,
506  uint8_t** key_buffer,
507  size_t* key_buffer_size,
508  uint8_t** key_info,
509  size_t* key_info_size);
528  const oe_asymmetric_key_params_t* key_params,
529  const uint8_t* key_info,
530  size_t key_info_size,
531  uint8_t** key_buffer,
532  size_t* key_buffer_size);
543 void oe_free_key(
544  uint8_t* key_buffer,
545  size_t key_buffer_size,
546  uint8_t* key_info,
547  size_t key_info_size);
569  const uint8_t* key_info,
570  size_t key_info_size,
571  uint8_t** key_buffer,
572  size_t* key_buffer_size);
580 void oe_free_seal_key(uint8_t* key_buffer, uint8_t* key_info);
606 oe_result_t oe_random(void* data, size_t size);
631  const unsigned char* subject_name,
632  uint8_t* private_key,
633  size_t private_key_size,
634  uint8_t* public_key,
635  size_t public_key_size,
636  uint8_t** output_cert,
637  size_t* output_cert_size);
643 void oe_free_attestation_certificate(uint8_t* cert);
650 typedef oe_result_t (
677  uint8_t* cert_in_der,
678  size_t cert_in_der_len,
679  oe_identity_verify_callback_t enclave_identity_callback,
680  void* arg);
684 #endif /* _OE_ENCLAVE_H */
void * oe_host_malloc(size_t size)
Allocate bytes from the host&#39;s heap.
void oe_free_report(uint8_t *report_buffer)
Frees a report buffer obtained from oe_get_report.
enum _oe_seal_policy oe_seal_policy_t
This enumeration type defines the policy used to derive a seal key.
oe_result_t oe_get_public_key(const oe_asymmetric_key_params_t *key_params, const uint8_t *key_info, size_t key_info_size, uint8_t **key_buffer, size_t *key_buffer_size)
Returns a public key that is associated with the identity of the enclave.
This file defines the types used by the OE SDK.
void oe_host_free(void *ptr)
Release allocated memory.
oe_result_t oe_random(void *data, size_t size)
Generate a sequence of random bytes.
Structure to hold the parsed form of a report.
Definition: report.h:112
oe_result_t oe_get_private_key_by_policy(oe_seal_policy_t seal_policy, const oe_asymmetric_key_params_t *key_params, uint8_t **key_buffer, size_t *key_buffer_size, uint8_t **key_info, size_t *key_info_size)
Returns a private key that is associated with the identity of the enclave and the specified policy...
Structure to represent the identity of an enclave.
Definition: report.h:80
This file defines structures and options for SGX evidence generation and verification.
void oe_free_target_info(void *target_info)
Frees target info obtained from oe_get_target_info.
void * oe_host_calloc(size_t nmemb, size_t size)
Allocate zero-filled bytes from the host&#39;s heap.
oe_result_t oe_verify_report(const uint8_t *report, size_t report_size, oe_report_t *parsed_report)
Verify the integrity of the report and its signature.
oe_result_t oe_get_report_v2(uint32_t flags, const uint8_t *report_data, size_t report_data_size, const void *opt_params, size_t opt_params_size, uint8_t **report_buffer, size_t *report_buffer_size)
Get a report signed by the enclave platform for use in attestation.
This file defines data structures to set up vectored exception handlers in the enclave.
oe_result_t oe_get_seal_key_v2(const uint8_t *key_info, size_t key_info_size, uint8_t **key_buffer, size_t *key_buffer_size)
Get a symmetric encryption key from the enclave platform using existing key information.
This file defines Open Enclave return codes (results).
enum _oe_result oe_result_t
This enumeration type defines return codes for Open Enclave functions.
void oe_free_attestation_certificate(uint8_t *cert)
Free the given cert.
char * oe_host_strndup(const char *str, size_t n)
Make a heap copy of a string.
uint64_t(* oe_vectored_exception_handler_t)(oe_exception_record_t *exception_context)
oe_vectored_exception_handler_t - Function pointer for a vectored exception handler in an enclave...
Definition: exception.h:169
oe_result_t oe_verify_attestation_certificate(uint8_t *cert_in_der, size_t cert_in_der_len, oe_identity_verify_callback_t enclave_identity_callback, void *arg)
void oe_free_key(uint8_t *key_buffer, size_t key_buffer_size, uint8_t *key_info, size_t key_info_size)
Frees the given key and/or key info.
oe_result_t oe_generate_attestation_certificate(const unsigned char *subject_name, uint8_t *private_key, size_t private_key_size, uint8_t *public_key, size_t public_key_size, uint8_t **output_cert, size_t *output_cert_size)
void oe_free_seal_key(uint8_t *key_buffer, uint8_t *key_info)
Frees a key and/or key info.
This file defines the properties for an enclave.
oe_result_t oe_get_private_key(const oe_asymmetric_key_params_t *key_params, const uint8_t *key_info, size_t key_info_size, uint8_t **key_buffer, size_t *key_buffer_size)
Returns a private key that is associated with the identity of the enclave.
oe_result_t oe_remove_vectored_exception_handler(oe_vectored_exception_handler_t vectored_handler)
Remove an existing vectored exception handler.
oe_result_t oe_get_public_key_by_policy(oe_seal_policy_t seal_policy, const oe_asymmetric_key_params_t *key_params, uint8_t **key_buffer, size_t *key_buffer_size, uint8_t **key_info, size_t *key_info_size)
Returns a public key that is associated with the identity of the enclave and the specified policy...
bool oe_is_within_enclave(const void *ptr, size_t size)
Check whether the given buffer is strictly within the enclave.
oe_enclave_t * oe_get_enclave(void)
Obtains the enclave handle.
void * oe_host_realloc(void *ptr, size_t size)
Reallocate bytes from the host&#39;s heap.
oe_result_t oe_get_target_info_v2(const uint8_t *report, size_t report_size, void **target_info_buffer, size_t *target_info_size)
Extracts additional platform specific data from the report and writes it to target_info_buffer.
oe_result_t oe_add_vectored_exception_handler(bool is_first_handler, oe_vectored_exception_handler_t vectored_handler)
OP-TEE provides single-threaded enclaves only, and its ELF loader does not support thread-local reloc...
oe_result_t oe_parse_report(const uint8_t *report, size_t report_size, oe_report_t *parsed_report)
Parse an enclave report into a standard format for reading.
This file defines functions to load the optional modules available.
bool oe_is_outside_enclave(const void *ptr, size_t size)
Check whether the given buffer is strictly outside the enclave.
oe_result_t oe_get_seal_key_by_policy_v2(oe_seal_policy_t seal_policy, uint8_t **key_buffer, size_t *key_buffer_size, uint8_t **key_info, size_t *key_info_size)
Get a symmetric encryption key derived from the specified policy and coupled to the enclave platform...
struct _oe_enclave oe_enclave_t
This is an opaque handle to an enclave returned by oe_create_enclave().
Definition: types.h:144
void oe_abort(void) OE_NO_RETURN
Abort execution of the enclave.
oe_result_t(* oe_identity_verify_callback_t)(oe_identity_t *identity, void *arg)
identity validation callback type
Definition: enclave.h:651