Hi,

Sam_S_ · ‎01-16-2017

Hi,

I have successfully managed to retrieve the SigRL from IAS but am now struggling with the Quote attestation.

I call the sgx_ra_proc_msg2 function like this:

ret = sgx_ra_proc_msg2(this->enclave->getContext(),
		                       this->enclave->getID(),
		                       sgx_ra_proc_msg2_trusted,
		                       sgx_ra_get_msg3_trusted,
		                       p_msg2,
		                       size,
		                       &p_msg3,
		                       &msg3_size);

which returns with SGX_SUCCESS.

Then I take the quote, convert it to a std::string and and encode it to Base64:

std::string quoteStr = ConvertToString(p_msg3->quote);
quoteStr = EncodeToBase64(quoteStr);

This quote will then be put in JSON format as described here https://software.intel.com/sites/default/files/managed/3d/c8/IAS_1_0_API_spec_1_1_Final.pdf, which gives me

{"isvEnclaveQuote": "MDIwMDAxMDBlMzBhMDAwMDA0MDA...RiMjUyYTgxOGE4NTIzMzQxZDY3"}

When I now send this as a payload to the IAS it always returns with a "400 Bad Request", which according to the API above, indicates an invalid payload!?

Am I doing something wrong here with the encoding?

Thanks

Surenthar_S_Intel · ‎01-18-2017

Hi,

Which version of intel SGX SDK are you using? if it version 1.1/1.5 means, it will not work.

Please refer the link for your reference: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/698436

-Surenthar

Sam_S_ · ‎01-20-2017

Hi,

I'm using the latest version for Linux which is 1.7.

I don't see how the above mentioned format is not correct!?

{"isvEnclaveQuote": "MDIwMDAxMDBlMzBhMDAwMDA0MDA...RiMjUyYTgxOGE4NTIzMzQxZDY3"}

Can I do anything else to locally check the correctness of the received Quote from the call to sgx_ra_proc_msg2?

Thank you

Sam_S_ · ‎01-23-2017

Is there anyone who can help me with this problem it's quite urgent!? Or at least tell me where I can find proper help?

Thank you

Surenthar_S_Intel · ‎01-25-2017

Hi,

Sample Remote attestation code available at https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example. Please Check whether this sample is working well with your client on your machine. If it works well, please go through this sample to find the process of building the attestation verification evidence request message to IAS which is detailed in RasPRef/Msg4Builder.CS.

-Surenthar

faur__anca · ‎04-17-2019

Hi,

I am in a similar situation to the one described by Sam.

I use SGX SDK version 2.1 on Windows and I requested the SPID for a linkable self-signed certificate (with CA set to True) from the link https://software.intel.com/en-us/form/sgx-onboarding .

I am able to obtain the SIGRL from IAS, but when I try to send the quote to IAS, I obtain a 400 errror code with the message "Bad Request" (Invalid Payload).

I also tried to run the https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example solution (with the service provider flag set to a linkable quote), but the result is the same.

Can there be a problem with my service provider's certicate or that certificate should be ok if IAS gave me the SIGRL? Or do you have any ideas how to debug this?

Thank you

Junli_S_Intel · ‎04-17-2019

please pay attention to your quote's type: linkable or unlinkable? It should match to your SPID when you apply it.

faur__anca · ‎04-19-2019

Thank you, Junli, it was indeed a problem with the SPID I have provided.

Attest Quote by IAS