I have got the quote structure by using sgx_get_quote() function, but I don't know how to encode the quote structure. It seems that we have to base64 encode the quote structure so that we can request the IAS api. So anyone can tell me how to encode quote?
I need some context on your question. Are you doing remote attestation? Or is there some other reason you are generating a quote? If you are doing Remote Attestation, there are high-level functions that take care of obtaining the quote and packing it into the message for the remote service.
Thanks and Regards,
Yes, I'm doing the IAS Remote attestation right now, and my process is like this:
1. init quote structure call sgx_init_quote()
2. create report call sgx_create_report()
3. get quote size call sgx_get_quote_size()
4. get quote call sgx_get_quote()
After the 4 steps I can get a quote pointer, the IAS need us to POST our quote to the Intel server, and it requires base64 encode the quote structure, so I want to know how we should encode the quote structure. Could you please tell me some functions which can pack quote into message for remote attestation?
I am having trouble understanding your usage model. It sounds like you want to have your SGX application attest directly to the IAS, instead of communicating with a remote attestation service which passes the quote on to IAS for verification. Is this correct?
Thanks for mention, actually I do have a service provider which passes the quote to the IAS. The whole workflow can be described as follow:
1. Service Provider challenge SGX applciation.
2. SGX application get quote from its enclave(contains 4 steps I mentioned in my previous post).
3. SGX application encode quote into base64 string.
4. SGX application pass encoded quote to Service Provider.
5. SP contact with IAS, make attestation report by using the received base64 string.
And my question is how to encode the quote structure when SGX application got from enclave, and my current method is just encode the quote structure memory block by using EVP_EncodeBlock() function in Openssl. I just want to make sure whether the encoding is correct.
Maybe my previous post is a little bit confusing, since I just post the workflow on SGX application.
OK. Thank you for responding. Part of the reason why I am asking follow-up questions about your workflow rather than answering your question directly is because I want to make sure you are not making more work for yourself than is necessary.
The SDK includes several high-level routines to facilitate interaction with the service provider, and using them eliminates the need to write code that gets the quote and encodes it on the client side. They also handle the details of the modified sigma protocol for performing the handshake with the service provider. I just want to make sure that you are aware that these functions exist, and that there is a code sample in the SDK that shows how they are used (save for the portion where the RA server interacts with IAS, which is stubbed out). We also have a complete front-to-back code sample for Remote Attestation that should be coming out in the next couple of weeks (it's awaiting final approval for publishing) that will be a fully functioning example for both the client and service provider.
It's OK if you don't choose to use the modified sigma protocol for your remote attestation. If that's the case-- that you will be implementing your own session protocol for interacting with your service provider-- then we'll move on to encoding the quote. I just want to make sure that you, and others that may come across this thread, know that this is only necessary if you don't use the methodology and API's in the SDK.
Thanks for replying this, yes I know that there is some high level functions in SGX SDK which is used in the RemoteAttestation sample code shipped with SDK. And I'm just looking into the function reference in SGX in-depth user guide, and try to implement a simple remote attestation project just for trial. Now, I think the best ideal is to wait for your new sample code, and modify them into my project.