Struct sgx_tdh::SgxDhResponder

pub struct SgxDhResponder { /* fields omitted */ }

DH secure session responder

Methods

impl SgxDhResponder

pub fn init_session() -> Self

Initialize DH secure session responder.

Indicates role of responder the caller plays in the secure session establishment.

The value of role of the responder of the session establishment must be SGX_DH_SESSION_RESPONDER.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

pub fn gen_msg1(&mut self, msg1: &mut SgxDhMsg1) -> SgxError

Generates MSG1 for the responder of DH secure session establishment and records ECC key pair in session structure.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

msg1

A pointer to an SgxDhMsg1 msg1 buffer. The buffer holding the msg1 message, which is referenced by this parameter, must be within the enclave. The DH msg1 contains the responder’s public key and report based target info.

Errors

SGX_ERROR_INVALID_PARAMETER

Any of the input parameters is incorrect.

SGX_ERROR_INVALID_STATE

The API is invoked in incorrect order or state.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

An unexpected error occurred.

pub fn proc_msg2(     &mut self,     msg2: &SgxDhMsg2,     msg3: &mut SgxDhMsg3,     aek: &mut sgx_key_128bit_t,     initiator_identity: &mut sgx_dh_session_enclave_identity_t ) -> SgxError

The responder handles msg2 sent by initiator and then derives AEK, updates session information and generates msg3.

Requirements

Library: libsgx_tservice.a or libsgx_tservice_sim.a (simulation)

Parameters

msg2

Point to dh message 2 buffer generated by session initiator, and the buffer must be in enclave address space.

msg3

Point to dh message 3 buffer generated by session responder in this function, and the buffer must be in enclave address space.

aek

A pointer that points to instance of sgx_key_128bit_t. The aek is derived as follows:

KDK := CMAC(key0, LittleEndian(gab x-coordinate))
AEK = AES-CMAC(KDK, 0x01||"AEK"||0x00||0x80||0x00)

The key0 used in the key extraction operation is 16 bytes of 0x00. The plain text used in the AES-CMAC calculation of the KDK is the Diffie-Hellman shared secret elliptic curve field element in Little Endian format.The plain text used in the AEK calculation includes:

• a counter (0x01)

• a label: the ASCII representation of the string 'AEK' in Little Endian format

• a bit length (0x80)

initiator_identity

A pointer that points to instance of sgx_dh_session_enclave_identity_t. Identity information of initiator includes isv svn, isv product id, the enclave attributes, MRSIGNER, and MRENCLAVE. The buffer must be in enclave address space. The caller should check the identity of the peer and decide whether to trust the peer and use the aek.

Errors

SGX_ERROR_INVALID_PARAMETER

Any of the input parameters is incorrect.

SGX_ERROR_INVALID_STATE

The API is invoked in incorrect order or state.

SGX_ERROR_KDF_MISMATCH

Indicates the key derivation function does not match.

SGX_ERROR_OUT_OF_MEMORY

The enclave is out of memory.

SGX_ERROR_UNEXPECTED

An unexpected error occurred.

Trait Implementations

impl Copy for SgxDhResponder

impl Clone for SgxDhResponder

fn clone(&self) -> SgxDhResponder

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for SgxDhResponder

fn default() -> Self

Returns the "default value" for a type.

impl ContiguousMemory for SgxDhResponder