Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(#142) Document Certifier APIs in .h files. Refactor code. Add unit-tests. #149

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

(#142) Document Certifier APIs in .h files. Refactor code. Add unit-tests. #149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
197 changes: 133 additions & 64 deletions include/certifier.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@

#include "certifier_framework.h"

// -------------------------------------------------------------------
// Some Data and access functions
// -------------------------------------------------------------------

Expand All @@ -50,23 +51,29 @@ const key_message* GetPublicPolicyKey();

bool PublicKeyFromCert(const string& cert, key_message* k);

bool GetParentEvidence(const string& enclave_type,
const string& parent_enclave_type,
string* out);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored long single-line declarations that were going beyond 80-chars or were line-wrapped with one/two tab-stops to be in this multi-line prototype declarations format.


bool GetParentEvidence(const string& enclave_type, const string& parent_enclave_type,
string* out);

bool GetPlatformStatement(const string& enclave_type, const string& enclave_id,
int* size_out, byte* out);
bool GetPlatformStatement(const string& enclave_type,
const string& enclave_id,
int* size_out, byte* out);


// -------------------------------------------------------------------
// Claims and proofs
// -------------------------------------------------------------------

bool make_attestation_user_data(const string& enclave_type,
const key_message& enclave_key, attestation_user_data* out);
bool sign_report(const string& type, const string& report, const string& signing_alg,
const key_message& signing_key, string* serialized_signed_report);
const key_message& enclave_key,
attestation_user_data* out);

bool sign_report(const string& type, const string& report,
const string& signing_alg, const key_message& signing_key,
string* serialized_signed_report);

bool verify_report(string& type, string& serialized_signed_report,
const key_message& signer_key);
const key_message& signer_key);

void print_signed_report(const signed_report& sr);
void print_user_data(attestation_user_data& at);
Expand Down Expand Up @@ -96,89 +103,151 @@ class predicate_dominance {
bool insert(const string& parent, const string& descendant);
bool is_child(const string& descendant);
};
bool dominates(predicate_dominance& root, const string& parent, const string& descendant);
bool dominates(predicate_dominance& root, const string& parent,
const string& descendant);

// -------------------------------------------------------------
// Certifier proofs
// -------------------------------------------------------------

bool statement_already_proved(const vse_clause& cl, proved_statements* are_proved);

bool construct_vse_attestation_statement(const key_message& attest_key, const key_message& auth_key,
const string& measurement, vse_clause* vse_attest_clause);
bool construct_vse_attestation_statement(const key_message& attest_key,
const key_message& auth_key,
const string& measurement,
vse_clause* vse_attest_clause);

bool construct_what_to_say(string& enclave_type,
key_message& enclave_pk, string* what_to_say);
key_message& enclave_pk,
string* what_to_say);

bool verify_signed_assertion_and_extract_clause(const key_message& key,
const signed_claim_message& sc, vse_clause* cl);
const signed_claim_message& sc,
vse_clause* cl);

bool init_certifier_rules(certifier_rules& rules);
bool init_axiom(key_message& pk, proved_statements* _proved);
bool init_proved_statements(key_message& pk, evidence_package& evp,
proved_statements* already_proved);

bool init_proved_statements(key_message& pk,
evidence_package& evp,
proved_statements* already_proved);

bool verify_rule_1(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_rule_2(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_rule_3(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_rule_4(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_rule_5(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_rule_6(predicate_dominance& dom_tree, const vse_clause& c1,
const vse_clause& c2, const vse_clause& conclusion);
const vse_clause& c2, const vse_clause& conclusion);

bool verify_external_proof_step(predicate_dominance& dom_tree, proof_step& step);

bool verify_internal_proof_step(predicate_dominance& dom_tree,
const vse_clause s1, const vse_clause s2,
const vse_clause conclude, int rule_to_apply);
const vse_clause s1, const vse_clause s2,
const vse_clause conclude, int rule_to_apply);

bool verify_proof(key_message& policy_pk, vse_clause& to_prove,
predicate_dominance& dom_tree,
proof *the_proof, proved_statements* are_proved);
predicate_dominance& dom_tree,
proof *the_proof, proved_statements* are_proved);

bool add_fact_from_signed_claim(const signed_claim_message& signedClaim,
proved_statements* already_proved);
bool add_newfacts_for_sdk_platform_attestation(key_message& policy_pk,
signed_claim_sequence& trusted_platforms, signed_claim_sequence& trusted_measurements,
proved_statements* already_proved);
bool add_new_facts_for_abbreviatedplatformattestation(key_message& policy_pk,
signed_claim_sequence& trusted_platforms, signed_claim_sequence& trusted_measurements,
proved_statements* already_proved);
bool construct_proof_from_sev_evidence(key_message& policy_pk, const string& purpose,
proved_statements* already_proved, vse_clause* to_prove, proof* pf);
bool construct_proof_from_sdk_evidence(key_message& policy_pk, const string& purpose,
proved_statements* already_proved,
vse_clause* to_prove, proof* pf);
proved_statements* already_proved);

bool add_newfacts_for_sdk_platform_attestation(
key_message& policy_pk,
signed_claim_sequence& trusted_platforms,
signed_claim_sequence& trusted_measurements,
proved_statements* already_proved);

bool add_new_facts_for_abbreviatedplatformattestation(
key_message& policy_pk,
signed_claim_sequence& trusted_platforms,
signed_claim_sequence& trusted_measurements,
proved_statements* already_proved);

bool construct_proof_from_sev_evidence(key_message& policy_pk,
const string& purpose,
proved_statements* already_proved,
vse_clause* to_prove,
proof* pf);

bool construct_proof_from_sdk_evidence(key_message& policy_pk,
const string& purpose,
proved_statements* already_proved,
vse_clause* to_prove,
proof* pf);

bool construct_proof_from_full_vse_evidence(key_message& policy_pk,
const string& purpose, proved_statements* already_proved,
vse_clause* to_prove, proof* pf);
bool construct_proof_from_request(const string& evidence_descriptor, key_message& policy_pk,
const string& purpose, signed_claim_sequence& trusted_platforms,
signed_claim_sequence& trusted_measurements, evidence_package& evp,
proved_statements* already_proved, vse_clause* to_prove, proof* pf);
const string& purpose,
proved_statements* already_proved,
vse_clause* to_prove,
proof* pf);

bool construct_proof_from_request(const string& evidence_descriptor,
key_message& policy_pk,
const string& purpose,
signed_claim_sequence& trusted_platforms,
signed_claim_sequence& trusted_measurements,
evidence_package& evp,
proved_statements* already_proved,
vse_clause* to_prove,
proof* pf);

bool validate_evidence(const string& evidence_descriptor,
signed_claim_sequence& trusted_platforms, signed_claim_sequence& trusted_measurements,
const string& purpose, evidence_package& evp, key_message& policy_pk);
signed_claim_sequence& trusted_platforms,
signed_claim_sequence& trusted_measurements,
const string& purpose,
evidence_package& evp,
key_message& policy_pk);

bool get_platform_from_sev_attest(const sev_attestation_message& sev_att,
entity_message* ent);

bool get_platform_from_sev_attest(const sev_attestation_message& sev_att, entity_message* ent);
bool get_measurement_from_sev_attest(const sev_attestation_message& sev_att,
entity_message* ent);
bool filter_sev_policy(const sev_attestation_message& sev_att, const key_message& policy_pk,
const signed_claim_sequence& policy,
signed_claim_sequence* filtered_policy);
bool init_policy(signed_claim_sequence& policy, key_message& policy_pk,
proved_statements* already_proved);
bool construct_proof_from_sev_evidence_with_plat(const string& evidence_descriptor,
key_message& policy_pk, const string& purpose,
proved_statements* already_proved, vse_clause* to_prove, proof* pf,
// the following is temporary till we figure out the proto problem
proof_step* pss, int* num);
bool verify_proof_from_array(key_message& policy_pk, vse_clause& to_prove,
predicate_dominance& dom_tree,
proved_statements* are_proved, int num_steps, proof_step* steps);
entity_message* ent);

bool filter_sev_policy(const sev_attestation_message& sev_att,
const key_message& policy_pk,
const signed_claim_sequence& policy,
signed_claim_sequence* filtered_policy);

bool init_policy(signed_claim_sequence& policy,
key_message& policy_pk,
proved_statements* already_proved);

bool construct_proof_from_sev_evidence_with_plat(
const string& evidence_descriptor,
key_message& policy_pk,
const string& purpose,
proved_statements* already_proved,
vse_clause* to_prove,
proof* pf,
// the following is temporary till we figure out the proto problem
proof_step* pss, int* num);

bool verify_proof_from_array(key_message& policy_pk,
vse_clause& to_prove,
predicate_dominance& dom_tree,
proved_statements* are_proved,
int num_steps,
proof_step* steps);

bool validate_evidence_from_policy(const string& evidence_descriptor,
signed_claim_sequence& policy, const string& purpose,
evidence_package& evp, key_message& policy_pk);
signed_claim_sequence& policy,
const string& purpose,
evidence_package& evp,
key_message& policy_pk);

// -------------------------------------------------------------------

#endif
#endif // _CERTIFIER_H__
Loading