Expand description

§MobileCoin SGX: DCAP QuoteVerify FFI Bindings

Project ChatLicenseTargetCrates.ioDocs StatusDependency Status

FFI linkage for the sgx_dcap_quoteverify library.

Functions§

  • Call quote provider library to free the p_qve_id, p_qveid_issuer_chain buffer and p_root_ca_crl allocated by sgx_qv_get_qve_identity
  • Get supplemental data required size. @param p_data_size[OUT] - Pointer to hold the size of the buffer in bytes required to contain all of the supplemental data.
  • Call quote provider library to get QvE identity.
  • When the Quoting Verification Library is linked to a process, it needs to know the proper enclave loading policy. The library may be linked with a long lived process, such as a service, where it can load the enclaves and leave them loaded (persistent). This better ensures that the enclaves will be available upon quote requests and not subject to EPC limitations if loaded on demand. However, if the QVL is linked with an application process, there may be many applications with the QVL and a better utilization of EPC is to load and unloaded the quote verification enclaves on demand (ephemeral). The library will be shipped with a default policy of loading enclaves and leaving them loaded until the library is unloaded (PERSISTENT). If the policy is set to EPHEMERAL, then the QvE will be loaded and unloaded on-demand. Supported policies: SGX_QL_EPHEMERAL - Default policy. QvE is initialized and terminated on every quote verification function call. SGX_QL_PERSISTENT - All the threads will share single QvE instance, and QvE is initialized on first use and reused until process ends. SGX_QL_EPHEMERAL_QVE_MULTI_THREAD - QvE is loaded per thread and be unloaded before function exit. SGX_QL_PERSISTENT_QVE_MULTI_THREAD - QvE is loaded per thread and only be unloaded before thread exit.
  • Perform ECDSA quote verification.
  • Free quote verification collateral buffer, which returned by tee_qv_get_collateral
  • Get quote verification collateral.