evidence.h File Reference

This file defines macros and structures for SGX evidence format IDs and claims. More...

#include <openenclave/bits/defs.h>

Include dependency graph for evidence.h:

Go to the source code of this file.

Macros
#define	OE_FORMAT_UUID_SGX_ECDSA
#define	OE_FORMAT_UUID_LEGACY_REPORT_REMOTE
#define	OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA
#define	OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION
#define	OE_FORMAT_UUID_SGX_EPID_LINKABLE
#define	OE_FORMAT_UUID_SGX_EPID_UNLINKABLE
#define	OE_FORMAT_UUID_SGX_UNKNOWN
#define	OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED   "sgx_pf_gp_exit_info_enabled"
#define	OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID   "sgx_isv_extended_product_id"
#define	OE_CLAIM_SGX_IS_MODE64BIT   "sgx_is_mode64bit"
#define	OE_CLAIM_SGX_HAS_PROVISION_KEY   "sgx_has_provision_key"
#define	OE_CLAIM_SGX_HAS_EINITTOKEN_KEY   "sgx_has_einittoken_key"
#define	OE_CLAIM_SGX_USES_KSS   "sgx_uses_kss"
#define	OE_CLAIM_SGX_CONFIG_ID   "sgx_config_id"
#define	OE_CLAIM_SGX_CONFIG_SVN   "sgx_config_svn"
#define	OE_CLAIM_SGX_ISV_FAMILY_ID   "sgx_isv_family_id"
#define	OE_SGX_REQUIRED_CLAIMS_COUNT   9
#define	OE_CLAIM_SGX_TCB_INFO   "sgx_tcb_info"
#define	OE_CLAIM_SGX_TCB_ISSUER_CHAIN   "sgx_tcb_issuer_chain"
#define	OE_CLAIM_SGX_PCK_CRL   "sgx_pck_crl"
#define	OE_CLAIM_SGX_ROOT_CA_CRL   "sgx_root_ca_crl"
#define	OE_CLAIM_SGX_CRL_ISSUER_CHAIN   "sgx_crl_issuer_chain"
#define	OE_CLAIM_SGX_QE_ID_INFO   "sgx_qe_id_info"
#define	OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN   "sgx_qe_id_issuer_chain"
#define	OE_SGX_OPTIONAL_CLAIMS_COUNT   7
#define	OE_CLAIM_SGX_REPORT_DATA   "sgx_report_data"

Typedefs
typedef enum _oe_sgx_tcb_status	oe_sgx_tcb_status_t
	TCB level status of SGX platform. More...

Enumerations
enum	_oe_sgx_tcb_status {   OE_SGX_TCB_STATUS_UP_TO_DATE = 0, OE_SGX_TCB_STATUS_OUT_OF_DATE = 1, OE_SGX_TCB_STATUS_REVOKED = 2, OE_SGX_TCB_STATUS_CONFIGURATION_NEEDED = 3,   OE_SGX_TCB_STATUS_OUT_OF_DATE_CONFIGURATION_NEEDED = 4, OE_SGX_TCB_STATUS_SW_HARDENING_NEEDED = 5, OE_SGX_TCB_STATUS_CONFIGURATION_AND_SW_HARDENING_NEEDED = 6, OE_SGX_TCB_STATUS_INVALID = OE_ENUM_MAX }
	TCB level status of SGX platform. More...

Detailed Description

This file defines macros and structures for SGX evidence format IDs and claims.

A number of SGX specific format IDs are defined for evidence generation and verification.

The API function oe_get_evidence() supports the values listed below in its format_id parameter. The output evidence will be prefixed with an oe_attestation_header if the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its flags parameter is set.

• OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION
• OE_FORMAT_UUID_SGX_ECDSA
• OE_FORMAT_UUID_SGX_EPID_LINKABLE
• OE_FORMAT_UUID_SGX_EPID_UNLINKABLE

The API function oe_verify_evidence() supports the values listed below in its format_id parameter.

• NULL:
  • The input evidence is generated by oe_get_evidence(), with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit set in its flags parameter.
• OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION:
  • The input evidence is generated by oe_get_evidence() for format OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION, with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
• OE_FORMAT_UUID_SGX_ECDSA:
  • The input evidence is generated by oe_get_evidence() for format OE_FORMAT_UUID_SGX_ECDSA, with the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit cleared in its flags parameter.
• OE_FORMAT_UUID_LEGACY_REPORT_REMOTE:
  • The input evidence is an OE report generated by the legacy API function oe_get_report() with the OE_REPORT_FLAGS_REMOTE_ATTESTATION flag.
• OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA:
  • The input evidence is an SGX ECDSA quote generated by the Intel SGX SDK DCAP library, or the quote-ex library with algorithm ID SGX_QL_ALG_ECDSA_P256.

The table below shows the structure of the evidence data for all the supported SGX format IDs, as generated by an attester plugin or verified by a verifier plugin.

Format ID	Evidence structure
OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION	[ oe_attestation_header ] || SGX_report(hash) || custom_claims_buffer
OE_FORMAT_UUID_SGX_ECDSA	[ oe_attestation_header ] || SGX_ECDSA_quote(hash) || custom_claims_buffer
OE_FORMAT_UUID_SGX_EPID_LINKABLE	[ oe_attestation_header ] || SGX_EPID_linkable_quote(custom_claims_buffer)
OE_FORMAT_UUID_SGX_EPID_UNLINKABLE	[ oe_attestation_header ] || SGX_EPID_unlinkable_quote(custom_claims_buffer)
OE_FORMAT_UUID_LEGACY_REPORT_REMOTE	oe_report_header (for remote attestation) || SGX_ECDSA_quote(custom_claims_buffer)
OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA	SGX_ECDSA_quote(custom_claims_buffer)

In the above table:

• The optional header oe_attestation_header is a structure of type oe_attestation_header_t.
• For every format supported by oe_get_evidence(), the evidence will be prefixed with an oe_attestation_header when the OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID bit in its flags parameter is set. oe_report_header is the OE report header of type oe_report_header_t.
• hash is the SHA256 hash of the custom claims held in a flat buffer custom_claims_buffer.
• An SGX report (SGX_report(), of type sgx_report_t) or quote (SGX_*quote(), of type sgx_quote_t) embeds a flat buffer of 64 bytes for its SGX report data field. Depending on the format, this field holds either the hash of the custom claims, or the custom claims directly.