def get_enclave_public_info(self):
"""
Return information about the enclave
Returns :
@returns A dict of sealed data
"""
signup_cpp_obj = enclave.SignupInfoKME()
return signup_cpp_obj.UnsealEnclaveData()
def _create_signup_info(self, ias_nonce):
"""
Create enclave signup data
Parameters :
@param ias_nonce - Used in IAS request to verify attestation
as a distinguishing factor
Returns :
@returns signup_info_obj - Signup info data
"""
# Part of what is returned with the signup data is an enclave quote, we
# want to update the revocation list first.
self._update_sig_rl()
# Now, let the enclave create the signup data
signup_cpp_obj = enclave.SignupInfoKME()
if "wpe_mrenclave" in self._config:
self._wpe_mrenclave = self._config["wpe_mrenclave"]
else:
self._wpe_mrenclave = hex_utils.mrenclave_hex_string(
enclave_info.TCF_HOME + "/" +
self._config["wpe_mrenclave_read_from_file"])
# @TODO : Passing in_ext_data_signature as empty string "" as of now
signup_data = signup_cpp_obj.CreateEnclaveData(self._wpe_mrenclave, "")
logger.info("WPE MRenclave value {}".format(self._wpe_mrenclave))
if signup_data is None:
return None
signup_info = self._get_signup_info(signup_data, signup_cpp_obj,
ias_nonce)
# Now we can finally serialize the signup info and create a
# corresponding signup info object. Because we don't want the
# sealed signup data in the serialized version, we set it separately.
signup_info_obj = signup_cpp_obj.DeserializeSignupInfo(
json.dumps(signup_info))
signup_info_obj.sealed_signup_data = \
signup_data['sealed_enclave_data']
file_utils.write_to_file(
signup_info_obj.sealed_signup_data,
self._get_sealed_data_file_name(self._config["sealed_data_path"],
self._worker_id))
# Now we can return the real object
return signup_info_obj
def _create_signup_info(self, ias_nonce, config):
"""
Create enclave signup data
Parameters :
@param ias_nonce - Used in IAS request to verify attestation
as a distinguishing factor
@param config - A dictionary of configurations
Returns :
@returns signup_info_obj - Signup info data
"""
# Part of what is returned with the signup data is an enclave quote, we
# want to update the revocation list first.
self._update_sig_rl()
# Now, let the enclave create the signup data
signup_cpp_obj = enclave.SignupInfoKME()
# @TODO : Passing in_ext_data_signature as empty string "" as of now
signup_data = signup_cpp_obj.CreateEnclaveData(
config['wpe_mrenclave'], "")
logger.info("WPE MRenclave value {}".format(config['wpe_mrenclave']))
if signup_data is None:
return None
signup_info = self._get_signup_info(
signup_data, signup_cpp_obj, ias_nonce)
# Now we can finally serialize the signup info and create a
# corresponding signup info object. Because we don't want the
# sealed signup data in the serialized version, we set it separately.
signup_info_obj = signup_cpp_obj.DeserializeSignupInfo(
json.dumps(signup_info))
signup_info_obj.sealed_signup_data = \
signup_data['sealed_enclave_data']
# Now we can return the real object
return signup_info_obj
def _create_signup_info(self):
"""
Create enclave signup data
Returns :
@returns signup_info_obj - Signup info data
"""
signup_cpp_obj = enclave.SignupInfoKME()
if "wpe_mrenclave" in self._config:
self._wpe_mrenclave = self._config["wpe_mrenclave"]
else:
tcf_home = os.environ.get("TCF_HOME", '../../../')
self._wpe_mrenclave = hex_utils.mrenclave_hex_string(
tcf_home + "/" + self._config["wpe_mrenclave_read_from_file"])
# @TODO : Passing in_ext_data_signature as empty string "" as of now
signup_data = signup_cpp_obj.CreateEnclaveData(self._wpe_mrenclave, "")
logger.info("WPE MRenclave value {}".format(self._wpe_mrenclave))
if signup_data is None:
return None
signup_info = self._get_signup_info(signup_data, signup_cpp_obj)
# Now we can finally serialize the signup info and create a
# corresponding signup info object. Because we don't want the
# sealed signup data in the serialized version, we set it separately.
signup_info_obj = signup_cpp_obj.DeserializeSignupInfo(
json.dumps(signup_info))
signup_info_obj.sealed_signup_data = \
signup_data['sealed_enclave_data']
file_utils.write_to_file(
signup_info_obj.sealed_signup_data,
self._get_sealed_data_file_name(self._config["sealed_data_path"],
self._worker_id))
# Now we can return the real object
return signup_info_obj