def _create_signup_info(self, ex_data):
"""
Create enclave signup data
Parameters :
@param ex_data - Ex_data containing the public verification key
generated by KME
Returns :
@returns signup_info_obj - Signup info data
"""
signup_cpp_obj = enclave.SignupInfoWPE()
# @TODO : Passing in_ext_data_signature & in_kme_attestation as
# empty string "" as of now
signup_data = signup_cpp_obj.CreateEnclaveData(ex_data, "", "")
if signup_data is None:
return None
signup_info = self._get_signup_info(signup_data, signup_cpp_obj)
# Now we can finally serialize the signup info and create a
# corresponding signup info object.
signup_info_obj = signup_cpp_obj.DeserializeSignupInfo(
json.dumps(signup_info))
# Now we can return the real object
return signup_info_obj
def _create_signup_data(self):
"""
Create WPE signup data.
Returns :
signup_data - Relevant signup data to be used for requests to the
enclave
"""
# Instantiate enclaveinfo & initialize enclave in the process
signup_data = enclave_info.WorkOrderProcessorEnclaveInfo(
self._config.get("EnclaveModule"))
self._wpe_requester = WPERequester(self._config)
signup_cpp_obj = enclave.SignupInfoWPE()
# Generate a nonce in trusted code
verification_key_nonce = signup_cpp_obj.GenerateNonce(32)
logger.info("Nonce generated by requester WPE : %s",
verification_key_nonce)
response = self._wpe_requester.get_unique_verification_key(
verification_key_nonce)
# Received response contains result,verification_key and
# verification_key_signature delimited by ' '
self._unique_verification_key = response.split(' ')[1]
# signup enclave
signup_data.create_enclave_signup_data(self._unique_verification_key)
# return signup data
logger.info("WPE signup data {}".format(signup_data.proof_data))
return signup_data
def _create_signup_info(self, ias_nonce, ex_data):
"""
Create enclave signup data
Parameters :
@param ias_nonce - Used in IAS request to verify attestation
as a distinguishing factor
@param ex_data - Ex_data containing the public verification key
generated by KME
Returns :
@returns signup_info_obj - Signup info data
"""
# Part of what is returned with the signup data is an enclave quote, we
# want to update the revocation list first.
self._update_sig_rl()
# Now, let the enclave create the signup data
signup_cpp_obj = enclave.SignupInfoWPE()
# @TODO : Passing in_ext_data_signature & in_kme_attestation as
# empty string "" as of now
signup_data = signup_cpp_obj.CreateEnclaveData(ex_data, "", "")
if signup_data is None:
return None
signup_info = self._get_signup_info(signup_data, signup_cpp_obj,
ias_nonce)
# Now we can finally serialize the signup info and create a
# corresponding signup info object.
signup_info_obj = signup_cpp_obj.DeserializeSignupInfo(
json.dumps(signup_info))
# Now we can return the real object
return signup_info_obj
def get_enclave_public_info(self):
"""
Return information about the enclave
Returns :
@returns A dict of sealed data
"""
signup_cpp_obj = enclave.SignupInfoWPE()
return signup_cpp_obj.UnsealEnclaveData()
def _create_signup_data(self):
"""
Create WPE signup data.
Returns :
signup_data - Relevant signup data to be used for requests to the
enclave
"""
self._wpe_requester = WPERequester(self._config)
# Instantiate enclaveinfo & initialize enclave in the process
signup_data = enclave_info.WorkOrderProcessorEnclaveInfo(
self._config, EnclaveType.WPE)
signup_cpp_obj = enclave.SignupInfoWPE()
# Generate a nonce in trusted code
verification_key_nonce = signup_cpp_obj.GenerateNonce(32)
logger.info("Nonce generated by requester WPE : %s",
verification_key_nonce)
response = self._wpe_requester.get_unique_verification_key(
verification_key_nonce)
if response is None:
logger.error("Failed to get Unique ID from KME")
return None
# Received response contains result,verification_key and
# verification_key_signature delimited by ' '
self._unique_verification_key = response.split(' ')[1]
self._unique_verification_key_signature = response.split(' ')[2]
# Verify unique verification key signature using unique id
result = signup_cpp_obj.VerifyUniqueIdSignature(
self._unique_verification_key,
self._unique_verification_key_signature)
if result != 0:
logger.error("Failed to verify unique id signature")
return None
self.mr_enclave = signup_data.get_enclave_measurement()
# signup enclave
signup_data.create_enclave_signup_data(self._unique_verification_key)
# return signup data
logger.info("WPE signup data {}".format(signup_data.proof_data))
return signup_data