|
◆ oe_verify_evidence()
oe_result_t oe_verify_evidence |
( |
const oe_uuid_t * |
format_id, |
|
|
const uint8_t * |
evidence_buffer, |
|
|
size_t |
evidence_buffer_size, |
|
|
const uint8_t * |
endorsements_buffer, |
|
|
size_t |
endorsements_buffer_size, |
|
|
const oe_policy_t * |
policies, |
|
|
size_t |
policies_size, |
|
|
oe_claim_t ** |
claims, |
|
|
size_t * |
claims_length |
|
) |
| |
oe_verify_evidence
Verifies the attestation evidence and returns well known and custom claims. This is available in the enclave and host.
The following base claims will be returned at the minimum:
- id_version (uint32_t)
- security_version (uint32_t)
- Security version of the enclave. (ISVN for SGX).
- attributes (uint64_t)
- Attributes flags for the evidence:
- OE_EVIDENCE_ATTRIBUTES_SGX_DEBUG: The evidence is for a debug mode SGX enclave.
- OE_EVIDENCE_ATTRIBUTES_SGX_REMOTE: The evidence can be used for remote attestation of an SGX enclave.
- unique_id (uint8_t[32])
- The unique ID for the enclave (MRENCLAVE for SGX).
- signer_id (uint8_t[32])
- The signer ID for the enclave (MRSIGNER for SGX).
- product_id (uint8_t[32])
- The product ID for the enclave (ISVPRODID for SGX).
- validity_from (oe_datetime_t, optional)
- Overall datetime from which the evidence and endorsements are valid.
- validity_until (oe_datetime_t, optional)
- Overall datetime at which the evidence and endorsements expire.
- format_uuid (uint8_t[16])
- The format id of the verified evidence.
- This feature is marked as experimental:
- Parameters
-
[in] | format_id | The optional format id of the evidence to be verified. If this parameter is NULL, the evidence_buffer (and endorsement_buffer if not NULL) must either contain data with an attestation header holding a valid format id, or be an oe report generated by the legacy API function oe_get_report(). Otherwise, this parameter must hold a valid format id, and the envidence and endorsements data must not be wrapped with an attestation header. |
[in] | evidence_buffer | The evidence buffer. |
[in] | evidence_buffer_size | The size of evidence_buffer in bytes. |
[in] | endorsements_buffer | The optional endorsements buffer. |
[in] | endorsements_buffer_size | The size of endorsements_buffer in bytes. |
[in] | policies | An optional list of policies to use. |
[in] | policies_size | The size of the policy list. |
[out] | claims | If not NULL, an output pointer that will be assigned the address of the dynamically allocated list of claims (including base and custom). |
[out] | claims_length | If not NULL, the length of the claims list. |
- Return values
-
OE_OK | The function succeeded. |
OE_TCB_LEVEL_INVALID | The function succeeded. The TCB is not considered up-to-date, and the claims OE_CLAIM_TCB_STATUS and OE_TCB_DATE contain more information. |
OE_INVALID_PARAMETER | At least one of the parameters is invalid. |
other | appropriate error code. |
|