api/ssgx__utils__t__seal__handler_8h_source.html

#ifndef SAFEHERON_SGX_TRUSTED_SEAL_HANDLER_H

#define SAFEHERON_SGX_TRUSTED_SEAL_HANDLER_H


#include <cstdint>

#include <optional>

#include <string>

#include <vector>


#include "sgx_attributes.h"

#include "sgx_key.h"


namespace ssgx {

namespace utils_t {


struct UnsealedData {

    std::vector<uint8_t> additional_mac_text{};

    std::vector<uint8_t> decrypted_text{};

};


class SealHandler {

  private:

    uint16_t key_policy_;

    sgx_attributes_t attribute_mask_{};

    sgx_misc_select_t misc_mask_;

    std::vector<uint8_t> additional_mac_text_{};

    std::string last_error_;


  public:

    explicit SealHandler(uint16_t key_policy = SGX_KEYPOLICY_MRENCLAVE);


    [[maybe_unused]] void SetAttributeMask(sgx_attributes_t attribute_mask) {

        attribute_mask_ = attribute_mask;

    }


    [[maybe_unused]] void SetMiscMask(sgx_misc_select_t misc_mask) {

        misc_mask_ = misc_mask;

    }


    void SetAdditionalMacText(const uint8_t* mac_text, uint32_t length) {

        additional_mac_text_.assign(mac_text, mac_text + length);

    }


    std::optional<std::vector<uint8_t>> SealData(const std::vector<uint8_t>& text_to_encrypt);


    std::optional<std::vector<uint8_t>> SealData(const uint8_t* text_to_encrypt, uint32_t length);


    std::optional<UnsealedData> UnsealData(const std::vector<uint8_t>& sealed_data);


    std::optional<UnsealedData> UnsealData(const uint8_t* sealed_data, uint32_t length);


    [[nodiscard]] std::string GetLastError() const {

        return last_error_;

    }


};


} // namespace utils_t

} // namespace ssgx


#endif // SAFEHERON_SGX_TRUSTED_SEAL_HANDLER_H

ssgx::utils_t::SealHandler
Provides SGX sealing and unsealing operations.
Definition ssgx_utils_t_seal_handler.h:33

ssgx::utils_t::SealHandler::UnsealData
std::optional< UnsealedData > UnsealData(const std::vector< uint8_t > &sealed_data)
Unseals previously sealed data and retrieves the original plaintext.

ssgx::utils_t::SealHandler::SealData
std::optional< std::vector< uint8_t > > SealData(const uint8_t *text_to_encrypt, uint32_t length)
Seals data using AES-GCM encryption (pointer-based version).

ssgx::utils_t::SealHandler::SetAdditionalMacText
void SetAdditionalMacText(const uint8_t *mac_text, uint32_t length)
Sets additional data that will be protected by MAC but not encrypted.
Definition ssgx_utils_t_seal_handler.h:74

ssgx::utils_t::SealHandler::SetMiscMask
void SetMiscMask(sgx_misc_select_t misc_mask)
Sets the miscellaneous mask for key derivation.
Definition ssgx_utils_t_seal_handler.h:65

ssgx::utils_t::SealHandler::SetAttributeMask
void SetAttributeMask(sgx_attributes_t attribute_mask)
Sets the full SGX attribute mask for sealing or key derivation operations.
Definition ssgx_utils_t_seal_handler.h:57

ssgx::utils_t::SealHandler::GetLastError
std::string GetLastError() const
Retrieves the last error message.
Definition ssgx_utils_t_seal_handler.h:116

ssgx::utils_t::SealHandler::SealHandler
SealHandler(uint16_t key_policy=SGX_KEYPOLICY_MRENCLAVE)
Constructs a SealHandler with a specified key policy.

ssgx::utils_t::SealHandler::SealData
std::optional< std::vector< uint8_t > > SealData(const std::vector< uint8_t > &text_to_encrypt)
Seals data using AES-GCM encryption.

ssgx::utils_t::SealHandler::UnsealData
std::optional< UnsealedData > UnsealData(const uint8_t *sealed_data, uint32_t length)
Unseals previously sealed data using pointer-based input.

ssgx
Definition ssgx_attestation_t.h:6

ssgx::utils_t::UnsealedData
Represents unsealed data, including decrypted text and optional additional MAC text.
Definition ssgx_utils_t_seal_handler.h:22

ssgx::utils_t::UnsealedData::additional_mac_text
std::vector< uint8_t > additional_mac_text
MAC-protected additional data.
Definition ssgx_utils_t_seal_handler.h:23

ssgx::utils_t::UnsealedData::decrypted_text
std::vector< uint8_t > decrypted_text
The decrypted content.
Definition ssgx_utils_t_seal_handler.h:24