Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
19 Views

Attest Quote by IAS

Hi,

I have successfully managed to retrieve the SigRL from IAS but am now struggling with the Quote attestation.

I call the sgx_ra_proc_msg2 function like this:

ret = sgx_ra_proc_msg2(this->enclave->getContext(),
		                       this->enclave->getID(),
		                       sgx_ra_proc_msg2_trusted,
		                       sgx_ra_get_msg3_trusted,
		                       p_msg2,
		                       size,
		                       &p_msg3,
		                       &msg3_size);

 

which returns with SGX_SUCCESS.

Then I take the quote, convert it to a std::string and and encode it to Base64:

std::string quoteStr = ConvertToString(p_msg3->quote);
quoteStr = EncodeToBase64(quoteStr);

This quote will then be put in JSON format as described here https://software.intel.com/sites/default/files/managed/3d/c8/IAS_1_0_API_spec_1_1_Final.pdf, which gives me

{"isvEnclaveQuote": "MDIwMDAxMDBlMzBhMDAwMDA0MDA...RiMjUyYTgxOGE4NTIzMzQxZDY3"}

When I now send this as a payload to the IAS it always returns with a "400 Bad Request", which according to the API above, indicates an invalid payload!?

Am I doing something wrong here with the encoding?

 

Thanks

 

0 Kudos
7 Replies
Highlighted
19 Views

Hi,

Which version of intel SGX SDK are you using? if it version 1.1/1.5 means, it will not work.

Please refer the link for your reference: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/698436

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
Beginner
19 Views

Hi,

I'm using the latest version for Linux which is 1.7.

I don't see how the above mentioned format is not correct!?

{"isvEnclaveQuote": "MDIwMDAxMDBlMzBhMDAwMDA0MDA...RiMjUyYTgxOGE4NTIzMzQxZDY3"}

Can I do anything else to locally check the correctness of the received Quote from the call to sgx_ra_proc_msg2?

Thank you

0 Kudos
Highlighted
Beginner
19 Views

Is there anyone who can help me with this problem it's quite urgent!? Or at least tell me where I can find proper help?

 

Thank you

0 Kudos
Highlighted
19 Views

Hi,

Sample Remote attestation code available at https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-.... Please Check whether this sample is working well with your client on your machine. If it works well, please go through this sample to find the process of building the attestation verification evidence request message to IAS which is detailed in RasPRef/Msg4Builder.CS.

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
Beginner
19 Views

Hi,

I am in a similar situation to the one described by Sam.

I use SGX SDK version 2.1 on Windows and I requested the SPID for a linkable self-signed certificate (with CA set to True) from the link https://software.intel.com/en-us/form/sgx-onboarding .

I am able to obtain the SIGRL from IAS, but when I try to send the quote to IAS, I obtain a 400 errror code with the message "Bad Request" (Invalid Payload).

I also tried to run the  https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example solution (with the service provider flag set to a linkable quote), but the result is the same.

Can there be a problem with my service provider's certicate or that certificate should be ok if IAS gave me the SIGRL? Or do you have any ideas how to debug this?

Thank you

 

 

 

0 Kudos
Highlighted
Employee
19 Views

please pay attention to your quote's type: linkable or unlinkable? It should match to your SPID when you apply it. 

0 Kudos
Highlighted
Beginner
19 Views

Thank you, Junli, it was indeed a problem with the SPID I have provided.

0 Kudos