Package org.signal.libsignal.sgxsession

Class SgxClient

  • All Implemented Interfaces:
    org.signal.libsignal.internal.NativeHandleGuard.Owner 
    
public class SgxClient
extends NativeHandleGuard.SimpleOwner

    SgxClient provides bindings to interact with a Signal SGX service.

    Interaction with the service is done over a websocket, which is handled by the client. Once the websocket has been initiated, the client establishes a connection in the following manner:

    • connect to the service websocket, read service attestation
    • instantiate SgxClient with the attestation message
    • send SgxClient.initialRequest()
    • receive a response and pass to SgxClient.completeHandshake()
    After a connection has been established, a client may send or receive messages. To send a message, they formulate the plaintext, then pass it to SgxClient.establishedSend() to get the ciphertext message to pass along. When a message is received (as ciphertext), it is passed to SgxClient.establishedRecv(), which decrypts and verifies it, passing the plaintext back to the client for processing.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description

    • Field Summary

      Fields 
      Modifier and Type Field Description

    • Constructor Summary

      Constructors 
      Constructor Description

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description

    • Method Summary

      Modifier and Type Method Description
      Array<byte> initialRequest() Initial request to send to SGX service, which begins post-attestation handshake.
      void completeHandshake(Array<byte> handshakeResponse) Called by client upon receipt of first non-attestation message from service, to complete handshake.
      Array<byte> establishedSend(Array<byte> plaintextToSend) Called by client after completeHandshake has succeeded, to encrypt a message to send.
      Array<byte> establishedRecv(Array<byte> receivedCiphertext) Called by client after completeHandshake has succeeded, to decrypt a received message.

      • Methods inherited from class org.signal.libsignal.internal.NativeHandleGuard.SimpleOwner

        unsafeNativeHandleWithoutGuard

      • Methods inherited from class org.signal.libsignal.internal.NativeHandleGuard.Owner

        guard, guardedMap, guardedMapChecked, guardedRun, guardedRunChecked

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

    • Method Detail

      • initialRequest

         Array<byte> initialRequest()

        Initial request to send to SGX service, which begins post-attestation handshake.

      • completeHandshake

         void completeHandshake(Array<byte> handshakeResponse)

        Called by client upon receipt of first non-attestation message from service, to complete handshake.

      • establishedSend

         Array<byte> establishedSend(Array<byte> plaintextToSend)

        Called by client after completeHandshake has succeeded, to encrypt a message to send.

      • establishedRecv

         Array<byte> establishedRecv(Array<byte> receivedCiphertext)

        Called by client after completeHandshake has succeeded, to decrypt a received message.