Documentation
¶
Overview ¶
Package api implements the key manager management API and common data types.
Index ¶
Constants ¶
View Source
const ( // ModuleName is a unique module name for the keymanager module. ModuleName = "keymanager" // ChecksumSize is the length of checksum in bytes. ChecksumSize = 32 // EnclaveRPCEndpoint is the name of the key manager EnclaveRPC endpoint. EnclaveRPCEndpoint = "key-manager" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnclavePolicySGX ¶
type EnclavePolicySGX struct {
// MayQuery is the map of runtime IDs to the vector of enclave IDs that
// may query private key material.
//
// TODO: This could be made more sophisticated and seggregate based on
// contract ID as well, but for now punt on the added complexity.
MayQuery map[common.Namespace][]sgx.EnclaveIdentity `json:"may_query"`
// MayReplicate is the vector of enclave IDs that may retrieve the master
// secret (Note: Each enclave ID may always implicitly replicate from other
// instances of itself).
MayReplicate []sgx.EnclaveIdentity `json:"may_replicate"`
}
EnclavePolicySGX is the per-SGX key manager enclave ID access control policy.
type Genesis ¶
type Genesis struct {
Statuses []*Status `json:"statuses,omitempty"`
}
Genesis is the key manager management genesis state.
type InitResponse ¶
type InitResponse struct {
IsSecure bool `json:"is_secure"`
Checksum []byte `json:"checksum"`
PolicyChecksum []byte `json:"policy_checksum"`
}
InitResponse is the initialization RPC response, returned as part of a SignedInitResponse from the key manager enclave.
type KeymanagerClient ¶
type KeymanagerClient struct {
// contains filtered or unexported fields
}
KeymanagerClient is a gRPC keymanager client.
type PolicySGX ¶
type PolicySGX struct {
// Serial is the monotonically increasing policy serial number.
Serial uint32 `json:"serial"`
// ID is the runtime ID that this policy is valid for.
ID common.Namespace `json:"id"`
// Enclaves is the per-key manager enclave ID access control policy.
Enclaves map[sgx.EnclaveIdentity]*EnclavePolicySGX `json:"enclaves"`
}
PolicySGX is a key manager access control policy for the replicated SGX key manager.
type SignedInitResponse ¶
type SignedInitResponse struct {
InitResponse InitResponse `json:"init_response"`
Signature []byte `json:"signature"`
}
SignedInitResponse is the signed initialization RPC response, returned from the key manager enclave.
type SignedPolicySGX ¶
type SignedPolicySGX struct {
Policy PolicySGX `json:"policy"`
Signatures []signature.Signature `json:"signatures"`
}
SignedPolicySGX is a signed SGX key manager access control policy.
type Status ¶
type Status struct {
// ID is the runtime ID of the key manager.
ID common.Namespace `json:"id"`
// IsInitialized is true iff the key manager is done initializing.
IsInitialized bool `json:"is_initialized"`
// IsSecure is true iff the key manager is secure.
IsSecure bool `json:"is_secure"`
// Checksum is the key manager master secret verification checksum.
Checksum []byte `json:"checksum"`
// Nodes is the list of currently active key manager node IDs.
Nodes []signature.PublicKey `json:"nodes"`
// Policy is the key manager policy.
Policy *SignedPolicySGX `json:"policy"`
}
Status is the current key manager status.
Source Files
Click to show internal directories.
Click to hide internal directories.