[−][src]Struct sgx_tseal::SgxSealedData
The structure about the sealed data.
Methods
impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, T>
[src]
The encrypt_text to seal is T, and T must have Copy and ContiguousMemory trait.
pub fn seal_data(additional_text: &[u8], encrypt_text: &'a T) -> SgxResult<Self>
[src]
This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted.
Description
The seal_data function retrieves a key unique to the enclave and uses
that key to encrypt the input data buffer. This function can be utilized to preserve secret
data after the enclave is destroyed. The sealed data blob can be
unsealed on future instantiations of the enclave.
The additional data buffer will not be encrypted but will be part of the MAC
calculation that covers the encrypted data as well. This data may include
information about the application, version, data, etc which can be utilized to
identify the sealed data blob since it will remain plain text
Use calc_raw_sealed_data_size
to calculate the number of bytes to
allocate for the SgxSealedData
structure. The input sealed data buffer and
text2encrypt buffers must be allocated within the enclave.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
additional_text
Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.
encrypt_text
Pointer to the data stream to be encrypted, which is &T. Must be within the enclave.
Return value
The sealed data in SgxSealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
Indicates an error if the parameters do not meet any of the following conditions:
- additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
- encrypt_text must be non-zero.
- encrypt_text buffer must be within the enclave.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub fn seal_data_ex(
key_policy: u16,
attribute_mask: sgx_attributes_t,
misc_mask: sgx_misc_select_t,
additional_text: &[u8],
encrypt_text: &'a T
) -> SgxResult<Self>
[src]
key_policy: u16,
attribute_mask: sgx_attributes_t,
misc_mask: sgx_misc_select_t,
additional_text: &[u8],
encrypt_text: &'a T
) -> SgxResult<Self>
This function is used to AES-GCM encrypt the input data. Two input data sets
are provided: one is the data to be encrypted; the second is optional additional
data that will not be encrypted but will be part of the GCM MAC calculation
which also covers the data to be encrypted. This is the expert mode
version of function seal_data
.
Descryption
The seal_data_ex
is an extended version of seal_data
. It
provides parameters for you to identify how to derive the sealing key (key
policy and attributes_mask). Typical callers of the seal library should be
able to use seal_data
and the default values provided for key_
policy (MR_SIGNER) and an attribute mask which includes the RESERVED,
INITED and DEBUG bits. Users of this function should have a clear understanding
of the impact on using a policy and/or attribute_mask that is different from that in seal_data.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
key_policy
Specifies the policy to use in the key derivation. Function sgx_seal_data uses the MRSIGNER policy.
Key policy name | Value | Description |
---|---|---|
KEYPOLICY_MRENCLAVE | 0x0001 | -Derive key using the enclave??s ENCLAVE measurement register |
KEYPOLICY_MRSIGNER | 0x0002 | -Derive key using the enclave??s SIGNER measurement register |
attribute_mask
Identifies which platform/enclave attributes to use in the key derivation. See the definition of sgx_attributes_t to determine which attributes will be checked. Function sgx_seal_data uses flags=0xfffffffffffffff3,?xfrm=0.
misc_mask
The misc mask bits for the enclave. Reserved for future function extension.
additional_text
Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.
encrypt_text
Pointer to the data stream to be encrypted, which is &T. Must not be NULL. Must be within the enclave.
Return value
The sealed data in SgxSealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
Indicates an error if the parameters do not meet any of the following conditions:
- additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
- encrypt_text must be non-zero.
- encrypt_text buffer must be within the enclave.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, T>>
[src]
This function is used to AES-GCM decrypt the input sealed data structure. Two output data sets result: one is the decrypted data; the second is the optional additional data that was part of the GCM MAC calculation but was not encrypted. This function provides the converse of seal_data and seal_data_ex.
Descryption
The unseal_data function AES-GCM decrypts the sealed data so that the enclave data can be restored. This function can be utilized to restore secret data that was preserved after an earlier instantiation of this enclave saved this data.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Return value
The unsealed data in SgxUnsealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
The size of T may be zero.
SGX_ERROR_INVALID_CPUSVN
The CPUSVN in the sealed data blob is beyond the CPUSVN value of the platform. SGX_ERROR_INVALID_ISVSVN The ISVSVN in the sealed data blob is greater than the ISVSVN value of the enclave.
SGX_ERROR_MAC_MISMATCH
The tag verification failed during unsealing. The error may be caused by a platform update, software update, or sealed data blob corruption. This error is also reported if other corruption of the sealed data structure is detected.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub unsafe fn from_raw_sealed_data_t(
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<Self>
[src]
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<Self>
Convert a pointer of sgx_sealed_data_t buffer to SgxSealedData.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
p
The mutable pointer of sgx_sealed_data_t buffer.
len
The size of the parameter p
.
Return value
Some(SgxSealedData)
Indicates the conversion is successfully. The return value is SgxSealedData.
None
Maybe the size of T is zero.
pub unsafe fn to_raw_sealed_data_t(
&self,
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<*mut sgx_sealed_data_t>
[src]
&self,
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<*mut sgx_sealed_data_t>
Convert SgxSealedData to the pointer of sgx_sealed_data_t.
Parameters
p
The pointer of sgx_sealed_data_t to save the data in SgxSealedData.
len
The size of the pointer of sgx_sealed_data_t.
Error
Some( mut sgx_sealed_data_t)*
Indicates the conversion is successfully. The return value is the pointer of sgx_sealed_data_t.
None
May be the parameter p and len is not avaliable.
impl<'a, T: 'a + Copy + ContiguousMemory> SgxSealedData<'a, [T]>
[src]
The encrypt_text to seal is [T], and T must have Copy and ContiguousMemory trait.
pub fn seal_data(
additional_text: &[u8],
encrypt_text: &'a [T]
) -> SgxResult<Self>
[src]
additional_text: &[u8],
encrypt_text: &'a [T]
) -> SgxResult<Self>
This function is used to AES-GCM encrypt the input data. Two input data sets are provided: one is the data to be encrypted; the second is optional additional data that will not be encrypted but will be part of the GCM MAC calculation which also covers the data to be encrypted.
Descryption
The seal_data function retrieves a key unique to the enclave and uses
that key to encrypt the input data buffer. This function can be utilized to preserve secret
data after the enclave is destroyed. The sealed data blob can be
unsealed on future instantiations of the enclave.
The additional data buffer will not be encrypted but will be part of the MAC
calculation that covers the encrypted data as well. This data may include
information about the application, version, data, etc which can be utilized to
identify the sealed data blob since it will remain plain text
Use calc_raw_sealed_data_size
to calculate the number of bytes to
allocate for the SgxSealedData
structure. The input sealed data buffer and
text2encrypt buffers must be allocated within the enclave.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
additional_text
Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.
encrypt_text
Pointer to the data stream to be encrypted, which is &[T]. Must be within the enclave.
Return value
The sealed data in SgxSealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
Indicates an error if the parameters do not meet any of the following conditions:
- additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
- encrypt_text must be non-zero.
- encrypt_text buffer must be within the enclave.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub fn seal_data_ex(
key_policy: u16,
attribute_mask: sgx_attributes_t,
misc_mask: sgx_misc_select_t,
additional_text: &[u8],
encrypt_text: &'a [T]
) -> SgxResult<Self>
[src]
key_policy: u16,
attribute_mask: sgx_attributes_t,
misc_mask: sgx_misc_select_t,
additional_text: &[u8],
encrypt_text: &'a [T]
) -> SgxResult<Self>
This function is used to AES-GCM encrypt the input data. Two input data sets
are provided: one is the data to be encrypted; the second is optional additional
data that will not be encrypted but will be part of the GCM MAC calculation
which also covers the data to be encrypted. This is the expert mode
version of function seal_data
.
Descryption
The seal_data_ex
is an extended version of seal_data
. It
provides parameters for you to identify how to derive the sealing key (key
policy and attributes_mask). Typical callers of the seal library should be
able to use seal_data
and the default values provided for key_
policy (MR_SIGNER) and an attribute mask which includes the RESERVED,
INITED and DEBUG bits. Users of this function should have a clear understanding
of the impact on using a policy and/or attribute_mask that is different from that in seal_data.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
key_policy
Specifies the policy to use in the key derivation. Function sgx_seal_data uses the MRSIGNER policy.
Key policy name | Value | Description |
---|---|---|
KEYPOLICY_MRENCLAVE | 0x0001 | -Derive key using the enclave??s ENCLAVE measurement register |
KEYPOLICY_MRSIGNER | 0x0002 | -Derive key using the enclave??s SIGNER measurement register |
attribute_mask
Identifies which platform/enclave attributes to use in the key derivation. See the definition of sgx_attributes_t to determine which attributes will be checked. Function sgx_seal_data uses flags=0xfffffffffffffff3,?xfrm=0.
misc_mask
The misc mask bits for the enclave. Reserved for future function extension.
additional_text
Pointer to the additional Message Authentication Code (MAC) data. This additional data is optional and no data is necessary.
encrypt_text
Pointer to the data stream to be encrypted, which is &[T]. Must not be NULL. Must be within the enclave.
Return value
The sealed data in SgxSealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
Indicates an error if the parameters do not meet any of the following conditions:
- additional_text buffer can be within or outside the enclave, but cannot cross the enclave boundary.
- encrypt_text must be non-zero.
- encrypt_text buffer must be within the enclave.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub fn unseal_data(&self) -> SgxResult<SgxUnsealedData<'a, [T]>>
[src]
This function is used to AES-GCM decrypt the input sealed data structure. Two output data sets result: one is the decrypted data; the second is the optional additional data that was part of the GCM MAC calculation but was not encrypted. This function provides the converse of seal_data and seal_data_ex.
Descryption
The unseal_data function AES-GCM decrypts the sealed data so that the enclave data can be restored. This function can be utilized to restore secret data that was preserved after an earlier instantiation of this enclave saved this data.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Return value
The unsealed data in SgxUnsealedData.
Errors
SGX_ERROR_INVALID_PARAMETER
The size of T may be zero.
SGX_ERROR_INVALID_CPUSVN
The CPUSVN in the sealed data blob is beyond the CPUSVN value of the platform. SGX_ERROR_INVALID_ISVSVN The ISVSVN in the sealed data blob is greater than the ISVSVN value of the enclave.
SGX_ERROR_MAC_MISMATCH
The tag verification failed during unsealing. The error may be caused by a platform update, software update, or sealed data blob corruption. This error is also reported if other corruption of the sealed data structure is detected.
SGX_ERROR_OUT_OF_MEMORY
The enclave is out of memory.
SGX_ERROR_UNEXPECTED
Indicates a crypto library failure or the RDRAND instruction fails to generate a random number.
pub unsafe fn from_raw_sealed_data_t(
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<Self>
[src]
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<Self>
Convert a pointer of sgx_sealed_data_t buffer to SgxSealedData.
Requirements
Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)
Parameters
p
The mutable pointer of sgx_sealed_data_t buffer.
len
The size of the parameter p
.
Return value
Some(SgxSealedData)
Indicates the conversion is successfully. The return value is SgxSealedData.
None
Maybe the size of T is zero.
pub unsafe fn to_raw_sealed_data_t(
&self,
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<*mut sgx_sealed_data_t>
[src]
&self,
p: *mut sgx_sealed_data_t,
len: u32
) -> Option<*mut sgx_sealed_data_t>
Convert SgxSealedData to the pointer of sgx_sealed_data_t.
Parameters
p
The pointer of sgx_sealed_data_t to save the data in SgxSealedData.
len
The size of the pointer of sgx_sealed_data_t.
Error
Some( mut sgx_sealed_data_t)*
Indicates the conversion is successfully. The return value is the pointer of sgx_sealed_data_t.
None
May be the parameter p and len is not avaliable.
impl<'a, T: 'a + ?Sized> SgxSealedData<'a, T>
[src]
pub fn new() -> Self
[src]
Create a SgxSealedData with default values.
pub fn get_payload_size(&self) -> u32
[src]
Get the size of payload in SgxSealedData.
pub fn get_payload_tag(&self) -> &[u8; 16]
[src]
Get a slice of payload in SgxSealedData.
pub fn get_key_request(&self) -> &sgx_key_request_t
[src]
Get the pointer of sgx_key_request_t in SgxSealedData.
pub fn get_encrypt_txt(&self) -> &[u8]
[src]
Get a slice of encrypt text in SgxSealedData.
pub fn get_additional_txt(&self) -> &[u8]
[src]
Get a slice of additional text in SgxSealedData.
pub fn calc_raw_sealed_data_size(
add_mac_txt_size: u32,
encrypt_txt_size: u32
) -> u32
[src]
add_mac_txt_size: u32,
encrypt_txt_size: u32
) -> u32
Calculate the size of the sealed data in SgxSealedData.
pub fn get_add_mac_txt_len(&self) -> u32
[src]
Get the size of the additional mactext in SgxSealedData.
pub fn get_encrypt_txt_len(&self) -> u32
[src]
Get the size of the encrypt text in SgxSealedData.
Trait Implementations
impl<'a, T: 'a + Clone + ?Sized> Clone for SgxSealedData<'a, T>
[src]
fn clone(&self) -> SgxSealedData<'a, T>
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
Performs copy-assignment from source
. Read more
impl<'a, T: 'a + ?Sized> Default for SgxSealedData<'a, T>
[src]
fn default() -> SgxSealedData<'a, T>
[src]
Auto Trait Implementations
impl<'a, T: ?Sized> Send for SgxSealedData<'a, T> where
T: Sync,
T: Sync,
impl<'a, T: ?Sized> Sync for SgxSealedData<'a, T> where
T: Sync,
T: Sync,
Blanket Implementations
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.