<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic ret = g_sp_extended_epid in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126312#M1761</link>
    <description>&lt;PRE class="brush:cpp;"&gt;ret = g_sp_extended_epid_group_id-&amp;gt;verify_attestation_evidence(quote, pro_desc, &amp;amp;attestation_report);
fprintf(OUTPUT, "\n\tsignature:%s", attestation_report.signature);
fprintf(OUTPUT, "\n\tdata: %s", attestation_report.data);

uint8_t * arr;
StringToByteArray(string(attestation_report.data), &amp;amp;arr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, arr, strlen(attestation_report.data));

uint8_t * sigarr;
string sigstr = Base64decode(string(attestation_report.signature));
StringToByteArray( sigstr, &amp;amp;sigarr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, sigarr, sigstr.size());

&lt;/PRE&gt;

&lt;P&gt;&lt;STRONG&gt;Here &lt;/STRONG&gt;Ican get the correct signature and response_body----data, Then I convert them to uint8_t array and get hash though this function;&lt;/P&gt;

&lt;DIV style="color: #d4d4d4;background-color: #1e1e1e;font-family: 'Droid Sans Mono', 'Courier New', monospace, 'Droid Sans Fallback';font-weight: normal;font-size: 14px;line-height: 19px;white-space: pre;"&gt;
	&lt;DIV&gt;&lt;SPAN style="color: #d4d4d4;"&gt;ipp_ret &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;=&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt; &lt;/SPAN&gt;&lt;SPAN style="color: #dcdcaa;"&gt;ippsHashMessage&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;((&lt;/SPAN&gt;&lt;SPAN style="color: #569cd6;"&gt;const&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt; Ipp8u &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;*&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;) p_src, src_len, (Ipp8u &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;*&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;)p_hash, IPP_ALG_HASH_SHA256);&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;/DIV&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;At last verify the hash and signature with public key;&lt;/P&gt;

&lt;PRE class="brush:cpp;"&gt;int check_valid_quote_sig(const uint8_t *signature, const uint8_t *data)
{
    int res=0;
    barbi_rsa3072_public_key_t pub_key;
    memcpy(pub_key.mod, private_key_mod, sizeof(uint8_t) * 384);
    memcpy(pub_key.exp, pub_key_exp, sizeof(uint8_t) * 4);
    barbi_rsa_result_t result;
    barbi_sha256_hash_t hash;
    barbi_rsa3072_signature_t signature_to_verify;
    memcpy(&amp;amp;signature_to_verify, signature, sizeof(barbi_rsa3072_signature_t));
    barbi_ipp_sha256_msg(data, sizeof(data), &amp;amp;hash);
    barbi_rsa3072_verify(hash, sizeof(hash), &amp;amp;pub_key, &amp;amp;signature_to_verify, &amp;amp;result);

    if (BARBI_RSA_VALID == result){
        printf("\n\nVerify result: valid\n");
        res = 1;
    }else{
        printf("Verify result: Invalid. \n");
        res = 0;
    }
    return res;
}&lt;/PRE&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Tue, 19 Sep 2017 07:01:00 GMT</pubDate>
    <dc:creator>you_w_</dc:creator>
    <dc:date>2017-09-19T07:01:00Z</dc:date>
    <item>
      <title>How to verify X-IASReport-Signature?</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126311#M1760</link>
      <description>&lt;P&gt;Hi all: I want to verify X-IASReport-Signature with IAS public key. I have get the IAS public Key from IAS public certificate with openssl:&lt;/P&gt;

&lt;PRE class="brush:bash;"&gt;openssl x509 -in AttestationReportSigningCACert.pem -pubkey -noout &amp;gt; k.key
openssl rsa -in k.key -pubin -text -noout
&lt;/PRE&gt;

&lt;PRE class="brush:bash;"&gt;Public-Key: (3072 bit)
Modulus:
    00:9f:3c:64:7e:b5:77:3c:bb:51:2d:27:32:c0:d7:
    41:5e:bb:55:a0:fa:9e:de:2e:64:91:99:e6:82:1d:
    b9:10:d5:31:77:37:09:77:46:6a:6a:5e:47:86:cc:
    d2:dd:eb:d4:14:9d:6a:2f:63:25:52:9d:d1:0c:c9:
    87:37:b0:77:9c:1a:07:e2:9c:47:a1:ae:00:49:48:
    47:6c:48:9f:45:a5:a1:5d:7a:c8:ec:c6:ac:c6:45:
    ad:b4:3d:87:67:9d:f5:9c:09:3b:c5:a2:e9:69:6c:
    54:78:54:1b:97:9e:75:4b:57:39:14:be:55:d3:2f:
    f4:c0:9d:df:27:21:99:34:cd:99:05:27:b3:f9:2e:
    d7:8f:bf:29:24:6a:be:cb:71:24:0e:f3:9c:2d:71:
    07:b4:47:54:5a:7f:fb:10:eb:06:0a:68:a9:85:80:
    21:9e:36:91:09:52:68:38:92:d6:a5:e2:a8:08:03:
    19:3e:40:75:31:40:4e:36:b3:15:62:37:99:aa:82:
    50:74:40:97:54:a2:df:e8:f5:af:d5:fe:63:1e:1f:
    c2:af:38:08:90:6f:28:a7:90:d9:dd:9f:e0:60:93:
    9b:12:57:90:c5:80:5d:03:7d:f5:6a:99:53:1b:96:
    de:69:de:33:ed:22:6c:c1:20:7d:10:42:b5:c9:ab:
    7f:40:4f:c7:11:c0:fe:47:69:fb:95:78:b1:dc:0e:
    c4:69:ea:1a:25:e0:ff:99:14:88:6e:f2:69:9b:23:
    5b:b4:84:7d:d6:ff:40:b6:06:e6:17:07:93:c2:fb:
    98:b3:14:58:7f:9c:fd:25:73:62:df:ea:b1:0b:3b:
    d2:d9:76:73:a1:a4:bd:44:c4:53:aa:f4:7f:c1:f2:
    d3:d0:f3:84:f7:4a:06:f8:9c:08:9f:0d:a6:cd:b7:
    fc:ee:e8:c9:82:1a:8e:54:f2:5c:04:16:d1:8c:46:
    83:9a:5f:80:12:fb:dd:3d:c7:4d:25:62:79:ad:c2:
    c0:d5:5a:ff:6f:06:22:42:5d:1b
Exponent: 65537 (0x10001)
&lt;/PRE&gt;

&lt;P&gt;I write rsa3072_verify() mostly like &lt;A href="https://github.com/01org/linux-sgx/blob/master/sdk/tlibcrypto/sgx_rsa3072.cpp"&gt;https://github.com/01org/linux-sgx/blob/master/sdk/tlibcrypto/sgx_rsa3072.cpp&lt;/A&gt; with IPP crypto library.&lt;/P&gt;

&lt;P&gt;The steps I deal with IAS reponse are :&lt;/P&gt;

&lt;OL&gt;
	&lt;LI&gt;Get X-IASReport-Signature string from response header and convert to byte array &lt;STRONG&gt;sig&lt;/STRONG&gt;;&lt;/LI&gt;
	&lt;LI&gt;Get response body and convert to byte array;&lt;/LI&gt;
	&lt;LI&gt;compute sha256 hash of response body &lt;STRONG&gt;hash&lt;/STRONG&gt;;&lt;/LI&gt;
	&lt;LI&gt;Verify the &lt;STRONG&gt;hash&lt;/STRONG&gt; with rsa3072_verify(&lt;STRONG&gt;hash&lt;/STRONG&gt;, hash_size, &amp;amp;public_key, &amp;amp;&lt;STRONG&gt;sig&lt;/STRONG&gt;, &amp;amp;&lt;STRONG&gt;result&lt;/STRONG&gt;);&lt;/LI&gt;
&lt;/OL&gt;

&lt;P&gt;But I always get invalid return code.&amp;nbsp; My Question is:&lt;/P&gt;

&lt;P&gt;Is my verify steps right ?&amp;nbsp; What are the correct&amp;nbsp; steps ? Thanks .&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 18 Sep 2017 07:27:11 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126311#M1760</guid>
      <dc:creator>you_w_</dc:creator>
      <dc:date>2017-09-18T07:27:11Z</dc:date>
    </item>
    <item>
      <title>ret = g_sp_extended_epid</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126312#M1761</link>
      <description>&lt;PRE class="brush:cpp;"&gt;ret = g_sp_extended_epid_group_id-&amp;gt;verify_attestation_evidence(quote, pro_desc, &amp;amp;attestation_report);
fprintf(OUTPUT, "\n\tsignature:%s", attestation_report.signature);
fprintf(OUTPUT, "\n\tdata: %s", attestation_report.data);

uint8_t * arr;
StringToByteArray(string(attestation_report.data), &amp;amp;arr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, arr, strlen(attestation_report.data));

uint8_t * sigarr;
string sigstr = Base64decode(string(attestation_report.signature));
StringToByteArray( sigstr, &amp;amp;sigarr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, sigarr, sigstr.size());

&lt;/PRE&gt;

&lt;P&gt;&lt;STRONG&gt;Here &lt;/STRONG&gt;Ican get the correct signature and response_body----data, Then I convert them to uint8_t array and get hash though this function;&lt;/P&gt;

&lt;DIV style="color: #d4d4d4;background-color: #1e1e1e;font-family: 'Droid Sans Mono', 'Courier New', monospace, 'Droid Sans Fallback';font-weight: normal;font-size: 14px;line-height: 19px;white-space: pre;"&gt;
	&lt;DIV&gt;&lt;SPAN style="color: #d4d4d4;"&gt;ipp_ret &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;=&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt; &lt;/SPAN&gt;&lt;SPAN style="color: #dcdcaa;"&gt;ippsHashMessage&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;((&lt;/SPAN&gt;&lt;SPAN style="color: #569cd6;"&gt;const&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt; Ipp8u &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;*&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;) p_src, src_len, (Ipp8u &lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;*&lt;/SPAN&gt;&lt;SPAN style="color: #d4d4d4;"&gt;)p_hash, IPP_ALG_HASH_SHA256);&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;/DIV&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;At last verify the hash and signature with public key;&lt;/P&gt;

&lt;PRE class="brush:cpp;"&gt;int check_valid_quote_sig(const uint8_t *signature, const uint8_t *data)
{
    int res=0;
    barbi_rsa3072_public_key_t pub_key;
    memcpy(pub_key.mod, private_key_mod, sizeof(uint8_t) * 384);
    memcpy(pub_key.exp, pub_key_exp, sizeof(uint8_t) * 4);
    barbi_rsa_result_t result;
    barbi_sha256_hash_t hash;
    barbi_rsa3072_signature_t signature_to_verify;
    memcpy(&amp;amp;signature_to_verify, signature, sizeof(barbi_rsa3072_signature_t));
    barbi_ipp_sha256_msg(data, sizeof(data), &amp;amp;hash);
    barbi_rsa3072_verify(hash, sizeof(hash), &amp;amp;pub_key, &amp;amp;signature_to_verify, &amp;amp;result);

    if (BARBI_RSA_VALID == result){
        printf("\n\nVerify result: valid\n");
        res = 1;
    }else{
        printf("Verify result: Invalid. \n");
        res = 0;
    }
    return res;
}&lt;/PRE&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 19 Sep 2017 07:01:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126312#M1761</guid>
      <dc:creator>you_w_</dc:creator>
      <dc:date>2017-09-19T07:01:00Z</dc:date>
    </item>
    <item>
      <title>Your verification steps are</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126313#M1762</link>
      <description>&lt;P&gt;Your verification steps are correct. I do a quick verification in C# using the same steps and it works fine under my environment.&lt;/P&gt;

&lt;P&gt;Here is the code fragment that I used for the same set of steps:&lt;/P&gt;

&lt;P&gt;string signatureString = response.Headers["x-iasreport-signature"];&lt;BR /&gt;
	string bodyString = response.GetResponseBodyString();&lt;BR /&gt;
	byte[] signature = Convert.FromBase64String(signatureString);&lt;BR /&gt;
	byte[] data = Encoding.UTF8.GetBytes(bodyString);&lt;BR /&gt;
	var rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;&amp;nbsp; // get the public key&lt;BR /&gt;
	if (!rsa.VerifyData(data, "SHA256", signature))&lt;BR /&gt;
	&amp;nbsp; &amp;nbsp;throw new Exception();&lt;/P&gt;

&lt;P&gt;Can you provide your running environment? Windows or Linux? Which version? and whether you have a separate running service provider application? or is it just all done in a simple client appl library?&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 27 Sep 2017 16:01:50 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126313#M1762</guid>
      <dc:creator>Hoang_N_Intel</dc:creator>
      <dc:date>2017-09-27T16:01:50Z</dc:date>
    </item>
    <item>
      <title>Hi Hoang Nguyen</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126314#M1763</link>
      <description>&lt;P&gt;Hi &lt;A href="https://software.intel.com/en-us/user/410336"&gt;Hoang Nguyen&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Due to recent Chinese National Holiday(8 days), I haven't check my question. This is a brief description of my environment:&lt;/P&gt;

&lt;P&gt;OS: Ubuntu 16.04&lt;/P&gt;

&lt;P&gt;CPU: E3 1230 v5&lt;/P&gt;

&lt;P&gt;SDK version: 1.9&lt;/P&gt;

&lt;P&gt;I think&amp;nbsp; I done remote attestation all in a simple client app library now. If I can pass all the tests, Then I will use the library in separate service provider.&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Thanks&lt;/P&gt;

&lt;P&gt;you.w&lt;/P&gt;</description>
      <pubDate>Tue, 10 Oct 2017 09:31:10 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126314#M1763</guid>
      <dc:creator>you_w_</dc:creator>
      <dc:date>2017-10-10T09:31:10Z</dc:date>
    </item>
    <item>
      <title>Maybe my usage of ipp crypto</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126315#M1764</link>
      <description>&lt;P&gt;Maybe my usage of ipp crypto library is wrong, I reimplement the verification&amp;nbsp; with openssl lib and now it works well.&lt;/P&gt;

&lt;P&gt;Thanks&lt;/P&gt;

&lt;P&gt;you&lt;/P&gt;</description>
      <pubDate>Fri, 27 Oct 2017 03:18:26 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-verify-X-IASReport-Signature/m-p/1126315#M1764</guid>
      <dc:creator>you_w_</dc:creator>
      <dc:date>2017-10-27T03:18:26Z</dc:date>
    </item>
  </channel>
</rss>

