/aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.

Primary LanguageCApache License 2.0Apache-2.0

AWS Nitro Enclaves SDK for C

Fork from aws nitro enclave sdk. ADD:

  1. generate attestation document with use data and nounce
/**
 * Generates attestation data with user data and nounce specified.
 *
 * @param[in]   allocator        The allocator to use.
 * @param[in]   public_key       The public key used for attestation.
 * @param[in]   user_data        The user data used for attestation.
 * @param[in]   user_data_len    The length of the user_data.
 * @param[in]   user_nounce      The Nounce used for attestation.
 * @param[in]   user_nounce_len  The length of user_nounce.
 * @param[out]  attestation_doc  The public key used for attestation.
 *
 * @return                       Returns the error code. If SUCCESS, then attestation_doc is populated.
 */
AWS_NITRO_ENCLAVES_API
int aws_attestation_request_with_user_data_nounce(
    struct aws_allocator *allocator,
    struct aws_rsa_keypair *keypair,
    unsigned char* user_data,
    int user_data_len,
    unsigned char* user_nounce, 
    int user_nounce_len,
    struct aws_byte_buf *attestion_doc);
  1. Add pybind of attestation interface, source code in pybind/, and the python class is pyattestation, usage:
import pyattestation
atter = pyattestation.attestation()
atter.init_key_pair()
atter.request_attestation_doc(...)

License

This project is licensed under the Apache-2.0 License.

Dependencies

name version link
aws-lc v1.0.2 https://github.com/awslabs/aws-lc/
s2n-tls v1.3.20 https://github.com/aws/s2n-tls.git
aws-c-common v0.8.0 https://github.com/awslabs/aws-c-common
aws-c-sdkutils v0.1.2 https://github.com/awslabs/aws-c-sdkutils
aws-c-io v0.11.0 https://github.com/awslabs/aws-c-io
aws-c-compression v0.2.14 https://github.com/awslabs/aws-c-compression
aws-c-http v0.6.19 https://github.com/awslabs/aws-c-http
aws-c-cal v0.5.18 https://github.com/awslabs/aws-c-cal
aws-c-auth v0.6.15 https://github.com/awslabs/aws-c-auth
aws-nitro-enclaves-nsm-api v0.2.1 https://github.com/aws/aws-nitro-enclaves-nsm-api
json-c json-c-0.16-20220414 https://github.com/json-c/json-c

Building

Linux - Using containers:

The simplest way to use this SDK is by using one of the available containers as a base:

docker build -f containers/Dockerfile.al2 --target builder -t aws-nitro-enclaves-sdk-c .

Windows

Note that this SDK is currently not supported on Windows. Only the client side sample application (kmstool_instance) is supported on Windows.

Samples

Security issue notifications

If you discover a potential security issue in the Nitro Enclaves SDK for C, we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.