Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Attestation error SGX_ERROR_MAC_MISMATCH

mperillo
Beginner
4,862 Views

Hi,

I am developing an enclave providing attestation feature. My code is based on the sample code of the RemoteAttestation project provided by Intel inside the SGX SDK.

 

The service provider side is a python script I am using just to test the attestation feature.

After receiving msg1 from SGX, the python script is generating msg2 (again, I am trying to replicate the service_provider of the RemoteAttestation in the python script). When msg2 is received by the SGX and given to the sgx_ra_proc_msg2 function, it returns SGX_ERROR_MAC_MISMATCH.

 

Given the python function AES_CMAC(secret,data)->Mac, I am computing the Mac inside msg2 in the following way:

tmp = AES_CMAC(0,dh_key), where dh_key is the Diffie Hellman key produced using part of msg1 from Enclave;

smk_key = AES_CMAC(tmp,'SMK');

Mac = AES_CMAC(smk_key, data), where data is the concatenation of: g_b (the public key of service provider for DHKE), SPID, quote_type (1), kdf_id (1), sig (the signature of the concatenation of keys g_b and g_b done under service provide secret key, the enclave has the public key hard-coded).

Note: all data are represented in little endian, as I understand that is what the enclave wants.

 

Two questions:

1. How can I solve this? Am I doing anything wrong?

2. Is there a way to debug inside sgx_ra_proc_msg2? I am compiling in debug hw mode, and tried to step inside the function with the sgx-gdb debugger but it didn't work.

 

General info: I am working with an SGX enabled cpu on Ubuntu 20.04.2 LTS, SGX SDK v2.13.

 

I attach the python script, I guess the error may be there.

0 Kudos
1 Solution
JesusG_Intel
Moderator
4,463 Views

Hello Massimo,

 

sgx-ra-sample is a great example to use to develop your remote attestation application. However, it does not support DCAP.

 

I was finally able to step into sgx_ra_proc_msg2_trusted in linux-sgx/sdk/tkey_exchange/tkey_exchange.cpp. Two issues tripped me up.

 

  1. Ensure that your Makefiles for your untrusted app and for your enclave both point to the debug SGX SDK.
  2. Most of the directories in linux-sgx/linux/installer/deb have files named package-name-dbgsym_${version}-${revision}_amd64.ddeb. Install the .ddeb files using

$ sudo dpkg -i *.ddeb

 

Follow these steps to debug and step into sgx_ra_proc_msg2_trusted:

1. Start debugging using sgx-gdb.

2. Set breakpoint in ukey_exchange.cpp within the function sgx_ra_proc_msg2 at the call to p_proc_msg2

(gdb) b ukey_exchange.cpp:151

3. Step into p_proc_msg2

(gdb) s

4. You are now in the proxy function for sgx_ra_proc_msg2_trusted in enclave_u.c.

5. Set breakpoint in tkey_exchange.cpp line 167, which is the actual sgx_ra_proc_msg2_trusted

(gdb) b tkey_exchange.cpp:167

6. Continue in enclave_u.c and it will break in tkey_exchange.cpp line 167, which is the first line in sgx_ra_proc_msg2_trusted

(gdb) c

7. And you're in!

 

See the attached screenshot where you will see I am stepped into sgx_ra_proc_msg2_trusted.

 

Sincerely,

Jesus G.

Intel Customer Support

 

View solution in original post

0 Kudos
23 Replies
JesusG_Intel
Moderator
4,464 Views

Hello Massimo,

 

sgx-ra-sample is a great example to use to develop your remote attestation application. However, it does not support DCAP.

 

I was finally able to step into sgx_ra_proc_msg2_trusted in linux-sgx/sdk/tkey_exchange/tkey_exchange.cpp. Two issues tripped me up.

 

  1. Ensure that your Makefiles for your untrusted app and for your enclave both point to the debug SGX SDK.
  2. Most of the directories in linux-sgx/linux/installer/deb have files named package-name-dbgsym_${version}-${revision}_amd64.ddeb. Install the .ddeb files using

$ sudo dpkg -i *.ddeb

 

Follow these steps to debug and step into sgx_ra_proc_msg2_trusted:

1. Start debugging using sgx-gdb.

2. Set breakpoint in ukey_exchange.cpp within the function sgx_ra_proc_msg2 at the call to p_proc_msg2

(gdb) b ukey_exchange.cpp:151

3. Step into p_proc_msg2

(gdb) s

4. You are now in the proxy function for sgx_ra_proc_msg2_trusted in enclave_u.c.

5. Set breakpoint in tkey_exchange.cpp line 167, which is the actual sgx_ra_proc_msg2_trusted

(gdb) b tkey_exchange.cpp:167

6. Continue in enclave_u.c and it will break in tkey_exchange.cpp line 167, which is the first line in sgx_ra_proc_msg2_trusted

(gdb) c

7. And you're in!

 

See the attached screenshot where you will see I am stepped into sgx_ra_proc_msg2_trusted.

 

Sincerely,

Jesus G.

Intel Customer Support

 

0 Kudos
mperillo
Beginner
680 Views

Hello Jesus G.,

 

I was finally able to debug and fix my bug with the Mac generation. It was just about endianness of some portion of the Mac generation.

 

I would have liked to find A LOT more details in Intel docs on how this needs to be implemented. But I was happy you could help me to fix it.

 

Thank you!

 

Massimo

0 Kudos
JesusG_Intel
Moderator
664 Views

I'm glad to hear your problem is resolved, Massimo. Thank you for your feedback.


This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply