api

Documentation

Overview

Package api implements the key manager management API and common data types.

Index

• Constants
• type EnclavePolicySGX
• type Genesis
• type InitResponse
• type KeymanagerClient
• type PolicySGX
• type SignedInitResponse
• type SignedPolicySGX
• type Status

Constants

const (
	// ModuleName is a unique module name for the keymanager module.
	ModuleName = "keymanager"

	// ChecksumSize is the length of checksum in bytes.
	ChecksumSize = 32

	// EnclaveRPCEndpoint is the name of the key manager EnclaveRPC endpoint.
	EnclaveRPCEndpoint = "key-manager"
)

Types

type EnclavePolicySGX

type EnclavePolicySGX struct {
	// MayQuery is the map of runtime IDs to the vector of enclave IDs that
	// may query private key material.
	//
	// TODO: This could be made more sophisticated and seggregate based on
	// contract ID as well, but for now punt on the added complexity.
	MayQuery map[common.Namespace][]sgx.EnclaveIdentity `json:"may_query"`

	// MayReplicate is the vector of enclave IDs that may retrieve the master
	// secret (Note: Each enclave ID may always implicitly replicate from other
	// instances of itself).
	MayReplicate []sgx.EnclaveIdentity `json:"may_replicate"`
}

EnclavePolicySGX is the per-SGX key manager enclave ID access control policy.

type Genesis

type Genesis struct {
	Statuses []*Status `json:"statuses,omitempty"`
}

Genesis is the key manager management genesis state.

type InitResponse

type InitResponse struct {
	IsSecure       bool   `json:"is_secure"`
	Checksum       []byte `json:"checksum"`
	PolicyChecksum []byte `json:"policy_checksum"`
}

InitResponse is the initialization RPC response, returned as part of a SignedInitResponse from the key manager enclave.

type KeymanagerClient

type KeymanagerClient struct {
	// contains filtered or unexported fields
}

KeymanagerClient is a gRPC keymanager client.

type PolicySGX

type PolicySGX struct {
	// Serial is the monotonically increasing policy serial number.
	Serial uint32 `json:"serial"`

	// ID is the runtime ID that this policy is valid for.
	ID common.Namespace `json:"id"`

	// Enclaves is the per-key manager enclave ID access control policy.
	Enclaves map[sgx.EnclaveIdentity]*EnclavePolicySGX `json:"enclaves"`
}

PolicySGX is a key manager access control policy for the replicated SGX key manager.

type SignedInitResponse

type SignedInitResponse struct {
	InitResponse InitResponse `json:"init_response"`
	Signature    []byte       `json:"signature"`
}

SignedInitResponse is the signed initialization RPC response, returned from the key manager enclave.

type SignedPolicySGX

type SignedPolicySGX struct {
	Policy PolicySGX `json:"policy"`

	Signatures []signature.Signature `json:"signatures"`
}

SignedPolicySGX is a signed SGX key manager access control policy.

type Status

type Status struct {
	// ID is the runtime ID of the key manager.
	ID common.Namespace `json:"id"`

	// IsInitialized is true iff the key manager is done initializing.
	IsInitialized bool `json:"is_initialized"`

	// IsSecure is true iff the key manager is secure.
	IsSecure bool `json:"is_secure"`

	// Checksum is the key manager master secret verification checksum.
	Checksum []byte `json:"checksum"`

	// Nodes is the list of currently active key manager node IDs.
	Nodes []signature.PublicKey `json:"nodes"`

	// Policy is the key manager policy.
	Policy *SignedPolicySGX `json:"policy"`
}

Status is the current key manager status.