topic Hello again, in Intel® Software Guard Extensions (Intel® SGX)

Fill sgx_report_data_t using sgx_ra_proc_msg2

ssziy — Fri, 24 Jan 2020 23:14:45 GMT

Good evening,

How can I fill with data the sgx_report_data_t field of sgx_report_body_t of sgx_quote_t using the sgx_ra_proc_msg2 wrapper?

Thank you and have a nice weekend.

Hello Stevie,

JesusG_Intel — Tue, 28 Jan 2020 18:17:49 GMT

Hello Stevie,

The sgx_report_data_t field cannot be set by the user since the sgx_ra_proc_msg2 wrapper sets it to NULL. It is not used.

Regards,

Jesus

Thanks for the answer.

ssziy — Tue, 28 Jan 2020 19:42:07 GMT

Thanks for the answer.

With that in mind, does it mean that I need to redo everything that sgx_ra_proc_msg2 does but generating a quote from scratch whose report contains the data I want? Because the first 32-byte report_body.report_data field in Quote is set to SHA256 hash of ga, gb and VK, and the
second 32-byte is set to all 0s. I wish i can use that second 32-byte for a public key hash for exemple.

Thanks once again for the help.

Hello Stevie,

JesusG_Intel — Thu, 30 Jan 2020 17:40:45 GMT

Hello Stevie,

Unfortunately, implementing your own function will not help you. Figure 3 in the RA End-to-End Code Sample shows that the result from sgx_ra_proc_msg2 goes to the Intel SGX Runtime, which means the customizations you make in the report will not be usable in your enclave because the enclave does not get the report.

Regards,

Jesus

Hello again,

ssziy — Thu, 30 Jan 2020 17:58:00 GMT

Hello again,

On the client side, when msg2 is received the application calls the sgx_ra_proc_msg2() function to generate msg3. This call performs the following tasks:
Verifies the service provider signature.
Checks the SigRL.
Returns msg3, which contains the quote used to attest that particular enclave.

My question comes from the fact that a developer is unable to create a msg3 with the extra 32 bytes filled with other data than zeros using the sgx_ra_proc_msg2().

So if a developer wants to take advantage of that extra 32 bytes he needs to build a function wich does everithing the sgx_ra_proc_msg2() does but writing the 32 byte he wants, am I right? To do this he needs to verify SP signature, check the SigRL and generate msg3 quote using sgx_get_quote and sgx_create_report.

If not, how can a developer generate a msg3 with that extra 32 bytes filled with other data than zeros?

Hello Stevie, I'm sorry for

JesusG_Intel — Thu, 30 Jan 2020 23:55:17 GMT

Hello Stevie, I'm sorry for my confusion. Now I understand what you mean. It turns out, another developer has had your same idea, i.e. developing their own wrapper functions, and it was discussed here. I think you'll find this discussion useful. The person who answered the developer, jmechalas, is the same person that wrote the RA End-to-End Code Sample.

In short, yes, you can replace the wrappers with your own functions, but it will be difficult to do and get it right.

Regards,

Jesus

Thanks for everything,

ssziy — Fri, 31 Jan 2020 14:22:00 GMT

Thanks for all the help, everything is clear now.