[−][src]Struct sgx_tseal::SgxSealedData

pub struct SgxSealedData<'a, T: 'a + ?Sized> { /* fields omitted */ }

The structure about the sealed data.

Methods

`impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, T>`[src]

The encrypt_text to seal is T, and T must have Copy and ContiguousMemory trait.

`pub fn seal_data(additional_text: &[u8], encrypt_text: &'a T) -> SgxResult<Self>`[src]

This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted.

Description

The seal_data function retrieves a key unique to the enclave and uses that key to encrypt the input data buffer. This function can be utilized to preserve secret data after the enclave is destroyed. The sealed data blob can be unsealed on future instantiations of the enclave. The additional data buffer will not be encrypted but will be part of the MAC calculation that covers the encrypted data as well. This data may include information about the application, version, data, etc which can be utilized to identify the sealed data blob since it will remain plain text Use calc_raw_sealed_data_size to calculate the number of bytes to allocate for the SgxSealedData structure. The input sealed data buffer and text2encrypt buffers must be allocated within the enclave.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

additional_text

Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.

encrypt_text

Pointer to the data stream to be encrypted, which is &T. Must be within the enclave.

Return value

The sealed data in SgxSealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

Indicates an error if the parameters do not meet any of the following conditions:

additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
encrypt_text must be non-zero.
encrypt_text buffer must be within the enclave.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a T ) -> SgxResult<Self>`[src]

This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted. This is the expert mode version of function seal_data.

Descryption

The seal_data_ex is an extended version of seal_data. It provides parameters for you to identify how to derive the sealing key (key policy and attributes_mask). Typical callers of the seal library should be able to use seal_data and the default values provided for key_ policy (MR_SIGNER) and an attribute mask which includes the RESERVED, INITED and DEBUG bits. Users of this function should have a clear understanding of the impact on using a policy and/or attribute_mask that is different from that in seal_data.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

key_policy

Specifies the policy to use in the key derivation. Function sgx_seal_data uses the MRSIGNER policy.

Key policy name	Value	Description
KEYPOLICY_MRENCLAVE	0x0001	-Derive key using the enclave??s ENCLAVE measurement register
KEYPOLICY_MRSIGNER	0x0002	-Derive key using the enclave??s SIGNER measurement register

attribute_mask

Identifies which platform/enclave attributes to use in the key derivation. See the definition of sgx_attributes_t to determine which attributes will be checked. Function sgx_seal_data uses flags=0xfffffffffffffff3,?xfrm=0.

misc_mask

The misc mask bits for the enclave. Reserved for future function extension.

additional_text

Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.

encrypt_text

Pointer to the data stream to be encrypted, which is &T. Must not be NULL. Must be within the enclave.

Return value

The sealed data in SgxSealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

Indicates an error if the parameters do not meet any of the following conditions:

additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
encrypt_text must be non-zero.
encrypt_text buffer must be within the enclave.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, T>>`[src]

This function is used to AES-GCM decrypt the input sealed data structure. Two output data sets result: one is the decrypted data; the second is the optional additional data that was part of the GCM MAC calculation but was not encrypted. This function provides the converse of seal_data and seal_data_ex.

Descryption

The unseal_data function AES-GCM decrypts the sealed data so that the enclave data can be restored. This function can be utilized to restore secret data that was preserved after an earlier instantiation of this enclave saved this data.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Return value

The unsealed data in SgxUnsealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

The size of T may be zero.

SGX_ERROR_INVALID_CPUSVN

The CPUSVN in the sealed data blob is beyond the CPUSVN value of the platform. SGX_ERROR_INVALID_ISVSVN The ISVSVN in the sealed data blob is greater than the ISVSVN value of the enclave.

SGX_ERROR_MAC_MISMATCH

The tag verification failed during unsealing. The error may be caused by a platform update, software update, or sealed data blob corruption. This error is also reported if other corruption of the sealed data structure is detected.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32 ) -> Option<Self>`[src]

Convert a pointer of sgx_sealed_data_t buffer to SgxSealedData.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

p

The mutable pointer of sgx_sealed_data_t buffer.

len

The size of the parameter p.

Return value

Some(SgxSealedData)

Indicates the conversion is successfully. The return value is SgxSealedData.

None

Maybe the size of T is zero.

`pub unsafe fn to_raw_sealed_data_t( &self, p: mut sgx_sealed_data_t, len: u32 ) -> Option<mut sgx_sealed_data_t>`[src]

Convert SgxSealedData to the pointer of sgx_sealed_data_t.

Parameters

p

The pointer of sgx_sealed_data_t to save the data in SgxSealedData.

len

The size of the pointer of sgx_sealed_data_t.

Error

Some( mut sgx_sealed_data_t)*

Indicates the conversion is successfully. The return value is the pointer of sgx_sealed_data_t.

None

May be the parameter p and len is not avaliable.

`impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, [T]>`[src]

The encrypt_text to seal is [T], and T must have Copy and ContiguousMemory trait.

`pub fn seal_data( additional_text: &[u8], encrypt_text: &'a [T] ) -> SgxResult<Self>`[src]

This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted.

Descryption

The seal_data function retrieves a key unique to the enclave and uses that key to encrypt the input data buffer. This function can be utilized to preserve secret data after the enclave is destroyed. The sealed data blob can be unsealed on future instantiations of the enclave. The additional data buffer will not be encrypted but will be part of the MAC calculation that covers the encrypted data as well. This data may include information about the application, version, data, etc which can be utilized to identify the sealed data blob since it will remain plain text Use calc_raw_sealed_data_size to calculate the number of bytes to allocate for the SgxSealedData structure. The input sealed data buffer and text2encrypt buffers must be allocated within the enclave.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

additional_text

Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.

encrypt_text

Pointer to the data stream to be encrypted, which is &[T]. Must be within the enclave.

Return value

The sealed data in SgxSealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

Indicates an error if the parameters do not meet any of the following conditions:

additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
encrypt_text must be non-zero.
encrypt_text buffer must be within the enclave.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a [T] ) -> SgxResult<Self>`[src]

This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted. This is the expert mode version of function seal_data.

Descryption

The seal_data_ex is an extended version of seal_data. It provides parameters for you to identify how to derive the sealing key (key policy and attributes_mask). Typical callers of the seal library should be able to use seal_data and the default values provided for key_ policy (MR_SIGNER) and an attribute mask which includes the RESERVED, INITED and DEBUG bits. Users of this function should have a clear understanding of the impact on using a policy and/or attribute_mask that is different from that in seal_data.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

key_policy

Specifies the policy to use in the key derivation. Function sgx_seal_data uses the MRSIGNER policy.

Key policy name	Value	Description
KEYPOLICY_MRENCLAVE	0x0001	-Derive key using the enclave??s ENCLAVE measurement register
KEYPOLICY_MRSIGNER	0x0002	-Derive key using the enclave??s SIGNER measurement register

attribute_mask

Identifies which platform/enclave attributes to use in the key derivation. See the definition of sgx_attributes_t to determine which attributes will be checked. Function sgx_seal_data uses flags=0xfffffffffffffff3,?xfrm=0.

misc_mask

The misc mask bits for the enclave. Reserved for future function extension.

additional_text

Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.

encrypt_text

Pointer to the data stream to be encrypted, which is &[T]. Must not be NULL. Must be within the enclave.

Return value

The sealed data in SgxSealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

Indicates an error if the parameters do not meet any of the following conditions:

additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
encrypt_text must be non-zero.
encrypt_text buffer must be within the enclave.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, [T]>>`[src]

This function is used to AES-GCM decrypt the input sealed data structure. Two output data sets result: one is the decrypted data; the second is the optional additional data that was part of the GCM MAC calculation but was not encrypted. This function provides the converse of seal_data and seal_data_ex.

Descryption

The unseal_data function AES-GCM decrypts the sealed data so that the enclave data can be restored. This function can be utilized to restore secret data that was preserved after an earlier instantiation of this enclave saved this data.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Return value

The unsealed data in SgxUnsealedData.

Errors

SGX_ERROR_INVALID_PARAMETER

The size of T may be zero.

SGX_ERROR_INVALID_CPUSVN

The CPUSVN in the sealed data blob is beyond the CPUSVN value of the platform. SGX_ERROR_INVALID_ISVSVN The ISVSVN in the sealed data blob is greater than the ISVSVN value of the enclave.

SGX_ERROR_MAC_MISMATCH

The tag verification failed during unsealing. The error may be caused by a platform update, software update, or sealed data blob corruption. This error is also reported if other corruption of the sealed data structure is detected.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.

`pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32 ) -> Option<Self>`[src]

Convert a pointer of sgx_sealed_data_t buffer to SgxSealedData.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

p

The mutable pointer of sgx_sealed_data_t buffer.

len

The size of the parameter p.

Return value

Some(SgxSealedData)

Indicates the conversion is successfully. The return value is SgxSealedData.

None

Maybe the size of T is zero.

`pub unsafe fn to_raw_sealed_data_t( &self, p: mut sgx_sealed_data_t, len: u32 ) -> Option<mut sgx_sealed_data_t>`[src]

Convert SgxSealedData to the pointer of sgx_sealed_data_t.

Parameters

p

The pointer of sgx_sealed_data_t to save the data in SgxSealedData.

len

The size of the pointer of sgx_sealed_data_t.

Error

Some( mut sgx_sealed_data_t)*

Indicates the conversion is successfully. The return value is the pointer of sgx_sealed_data_t.

None

May be the parameter p and len is not avaliable.

`impl<'a, T: 'a + ?Sized> SgxSealedData<'a, T>`[src]

`pub fn new() -> Self`[src]

Create a SgxSealedData with default values.

`pub fn get_payload_size(&self) -> u32`[src]

Get the size of payload in SgxSealedData.

`pub fn get_payload_tag(&self) -> &[u8; 16]`[src]

Get a slice of payload in SgxSealedData.

`pub fn get_key_request(&self) -> &sgx_key_request_t`[src]

Get the pointer of sgx_key_request_t in SgxSealedData.

`pub fn get_encrypt_txt(&self) -> &[u8]`[src]

Get a slice of encrypt text in SgxSealedData.

`pub fn get_additional_txt(&self) -> &[u8]`[src]

Get a slice of additional text in SgxSealedData.

`pub fn calc_raw_sealed_data_size( add_mac_txt_size: u32, encrypt_txt_size: u32 ) -> u32`[src]

Calculate the size of the sealed data in SgxSealedData.

`pub fn get_add_mac_txt_len(&self) -> u32`[src]

Get the size of the additional mactext in SgxSealedData.

`pub fn get_encrypt_txt_len(&self) -> u32`[src]

Get the size of the encrypt text in SgxSealedData.

Trait Implementations

`impl<'a, T: 'a + Clone + ?Sized> Clone for SgxSealedData<'a, T>`[src]

`fn clone(&self) -> SgxSealedData<'a, T>`[src]

`fn clone_from(&mut self, source: &Self)`
1.0.0
[src]

Performs copy-assignment from source. Read more

`impl<'a, T: 'a + ?Sized> Default for SgxSealedData<'a, T>`[src]

`fn default() -> SgxSealedData<'a, T>`[src]

Auto Trait Implementations

`impl<'a, T: ?Sized> Send for SgxSealedData<'a, T> where T: Sync,`

`impl<'a, T: ?Sized> Sync for SgxSealedData<'a, T> where T: Sync,`

Blanket Implementations

`impl<T> From for T`[src]

`fn from(t: T) -> T`[src]

`impl<T, U> TryFrom for T where U: Into<T>,` [src]

`type Error = !`

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

`fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>`[src]

`impl<T, U> TryInto for T where U: TryFrom<T>,` [src]

`type Error = <U as TryFrom<T>>::Error`

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

[−][src]Struct sgx_tseal::SgxSealedData

Methods

impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, T>[src]

pub fn seal_data(additional_text: &[u8], encrypt_text: &'a T) -> SgxResult<Self>[src]

pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a T) -> SgxResult<Self>[src]

pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, T>>[src]

pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32) -> Option<Self>[src]

pub unsafe fn to_raw_sealed_data_t( &self, p: *mut sgx_sealed_data_t, len: u32) -> Option<*mut sgx_sealed_data_t>[src]

impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, [T]>[src]

pub fn seal_data( additional_text: &[u8], encrypt_text: &'a [T]) -> SgxResult<Self>[src]

pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a [T]) -> SgxResult<Self>[src]

pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, [T]>>[src]

pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32) -> Option<Self>[src]

pub unsafe fn to_raw_sealed_data_t( &self, p: *mut sgx_sealed_data_t, len: u32) -> Option<*mut sgx_sealed_data_t>[src]

impl<'a, T: 'a + ?Sized> SgxSealedData<'a, T>[src]

pub fn new() -> Self[src]

pub fn get_payload_size(&self) -> u32[src]

pub fn get_payload_tag(&self) -> &[u8; 16][src]

pub fn get_key_request(&self) -> &sgx_key_request_t[src]

pub fn get_encrypt_txt(&self) -> &[u8][src]

pub fn get_additional_txt(&self) -> &[u8][src]

pub fn calc_raw_sealed_data_size( add_mac_txt_size: u32, encrypt_txt_size: u32) -> u32[src]

pub fn get_add_mac_txt_len(&self) -> u32[src]

pub fn get_encrypt_txt_len(&self) -> u32[src]

Trait Implementations

impl<'a, T: 'a + Clone + ?Sized> Clone for SgxSealedData<'a, T>[src]

fn clone(&self) -> SgxSealedData<'a, T>[src]

fn clone_from(&mut self, source: &Self)1.0.0[src]

impl<'a, T: 'a + ?Sized> Default for SgxSealedData<'a, T>[src]

fn default() -> SgxSealedData<'a, T>[src]

Auto Trait Implementations

impl<'a, T: ?Sized> Send for SgxSealedData<'a, T> where T: Sync,

impl<'a, T: ?Sized> Sync for SgxSealedData<'a, T> where T: Sync,

Blanket Implementations

impl<T> From for T[src]

fn from(t: T) -> T[src]

impl<T, U> TryFrom for T where U: Into<T>, [src]

type Error = !

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

impl<T, U> TryInto for T where U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

impl<T, U> Into for T where U: From<T>, [src]

fn into(self) -> U[src]

impl<T> Borrow for T where T: ?Sized, [src]

fn borrow(&self) -> &T[src]

impl<T> BorrowMut for T where T: ?Sized, [src]

fn borrow_mut(&mut self) -> &mut T[src]

impl<T> Any for T where T: 'static + ?Sized, [src]

fn type_id(&self) -> TypeId[src]

impl<T> ToOwned for T where T: Clone, [src]

type Owned = T

fn to_owned(&self) -> T[src]

fn clone_into(&self, target: &mut T)[src]

`impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, T>`[src]

`pub fn seal_data(additional_text: &[u8], encrypt_text: &'a T) -> SgxResult<Self>`[src]

`pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a T ) -> SgxResult<Self>`[src]

`pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, T>>`[src]

`pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32 ) -> Option<Self>`[src]

`pub unsafe fn to_raw_sealed_data_t( &self, p: mut sgx_sealed_data_t, len: u32 ) -> Option<mut sgx_sealed_data_t>`[src]

`impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, [T]>`[src]

`pub fn seal_data( additional_text: &[u8], encrypt_text: &'a [T] ) -> SgxResult<Self>`[src]

`pub fn seal_data_ex( key_policy: u16, attribute_mask: sgx_attributes_t, misc_mask: sgx_misc_select_t, additional_text: &[u8], encrypt_text: &'a [T] ) -> SgxResult<Self>`[src]

`pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, [T]>>`[src]

`pub unsafe fn from_raw_sealed_data_t( p: *mut sgx_sealed_data_t, len: u32 ) -> Option<Self>`[src]

`pub unsafe fn to_raw_sealed_data_t( &self, p: mut sgx_sealed_data_t, len: u32 ) -> Option<mut sgx_sealed_data_t>`[src]

`impl<'a, T: 'a + ?Sized> SgxSealedData<'a, T>`[src]

`pub fn new() -> Self`[src]

`pub fn get_payload_size(&self) -> u32`[src]

`pub fn get_payload_tag(&self) -> &[u8; 16]`[src]

`pub fn get_key_request(&self) -> &sgx_key_request_t`[src]

`pub fn get_encrypt_txt(&self) -> &[u8]`[src]

`pub fn get_additional_txt(&self) -> &[u8]`[src]

`pub fn calc_raw_sealed_data_size( add_mac_txt_size: u32, encrypt_txt_size: u32 ) -> u32`[src]

`pub fn get_add_mac_txt_len(&self) -> u32`[src]

`pub fn get_encrypt_txt_len(&self) -> u32`[src]

`impl<'a, T: 'a + Clone + ?Sized> Clone for SgxSealedData<'a, T>`[src]

`fn clone(&self) -> SgxSealedData<'a, T>`[src]

`fn clone_from(&mut self, source: &Self)`
1.0.0
[src]

`impl<'a, T: 'a + ?Sized> Default for SgxSealedData<'a, T>`[src]

`fn default() -> SgxSealedData<'a, T>`[src]

`impl<'a, T: ?Sized> Send for SgxSealedData<'a, T> where T: Sync,`

`impl<'a, T: ?Sized> Sync for SgxSealedData<'a, T> where T: Sync,`

`impl<T> From for T`[src]

`fn from(t: T) -> T`[src]

`impl<T, U> TryFrom for T where U: Into<T>,` [src]

`type Error = !`

`fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>`[src]

`impl<T, U> TryInto for T where U: TryFrom<T>,` [src]

`type Error = <U as TryFrom<T>>::Error`

`fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>`[src]

`impl<T, U> Into for T where U: From<T>,` [src]

`fn into(self) -> U`[src]

`impl<T> Borrow for T where T: ?Sized,` [src]

`fn borrow(&self) -> &T`[src]

`impl<T> BorrowMut for T where T: ?Sized,` [src]

`fn borrow_mut(&mut self) -> &mut T`[src]

`impl<T> Any for T where T: 'static + ?Sized,` [src]

`fn type_id(&self) -> TypeId`[src]

`impl<T> ToOwned for T where T: Clone,` [src]

`type Owned = T`

`fn to_owned(&self) -> T`[src]

`fn clone_into(&self, target: &mut T)`[src]