How to verify X-IASReport-Signature?

you_w_ · ‎09-18-2017

Hi all: I want to verify X-IASReport-Signature with IAS public key. I have get the IAS public Key from IAS public certificate with openssl:

openssl x509 -in AttestationReportSigningCACert.pem -pubkey -noout > k.key
openssl rsa -in k.key -pubin -text -noout

Public-Key: (3072 bit)
Modulus:
    00:9f:3c:64:7e:b5:77:3c:bb:51:2d:27:32:c0:d7:
    41:5e:bb:55:a0:fa:9e:de:2e:64:91:99:e6:82:1d:
    b9:10:d5:31:77:37:09:77:46:6a:6a:5e:47:86:cc:
    d2:dd:eb:d4:14:9d:6a:2f:63:25:52:9d:d1:0c:c9:
    87:37:b0:77:9c:1a:07:e2:9c:47:a1:ae:00:49:48:
    47:6c:48:9f:45:a5:a1:5d:7a:c8:ec:c6:ac:c6:45:
    ad:b4:3d:87:67:9d:f5:9c:09:3b:c5:a2:e9:69:6c:
    54:78:54:1b:97:9e:75:4b:57:39:14:be:55:d3:2f:
    f4:c0:9d:df:27:21:99:34:cd:99:05:27:b3:f9:2e:
    d7:8f:bf:29:24:6a:be:cb:71:24:0e:f3:9c:2d:71:
    07:b4:47:54:5a:7f:fb:10:eb:06:0a:68:a9:85:80:
    21:9e:36:91:09:52:68:38:92:d6:a5:e2:a8:08:03:
    19:3e:40:75:31:40:4e:36:b3:15:62:37:99:aa:82:
    50:74:40:97:54:a2:df:e8:f5:af:d5:fe:63:1e:1f:
    c2:af:38:08:90:6f:28:a7:90:d9:dd:9f:e0:60:93:
    9b:12:57:90:c5:80:5d:03:7d:f5:6a:99:53:1b:96:
    de:69:de:33:ed:22:6c:c1:20:7d:10:42:b5:c9:ab:
    7f:40:4f:c7:11:c0:fe:47:69:fb:95:78:b1:dc:0e:
    c4:69:ea:1a:25:e0:ff:99:14:88:6e:f2:69:9b:23:
    5b:b4:84:7d:d6:ff:40:b6:06:e6:17:07:93:c2:fb:
    98:b3:14:58:7f:9c:fd:25:73:62:df:ea:b1:0b:3b:
    d2:d9:76:73:a1:a4:bd:44:c4:53:aa:f4:7f:c1:f2:
    d3:d0:f3:84:f7:4a:06:f8:9c:08:9f:0d:a6:cd:b7:
    fc:ee:e8:c9:82:1a:8e:54:f2:5c:04:16:d1:8c:46:
    83:9a:5f:80:12:fb:dd:3d:c7:4d:25:62:79:ad:c2:
    c0:d5:5a:ff:6f:06:22:42:5d:1b
Exponent: 65537 (0x10001)

I write rsa3072_verify() mostly like https://github.com/01org/linux-sgx/blob/master/sdk/tlibcrypto/sgx_rsa3072.cpp with IPP crypto library.

The steps I deal with IAS reponse are :

Get X-IASReport-Signature string from response header and convert to byte array sig;
Get response body and convert to byte array;
compute sha256 hash of response body hash;
Verify the hash with rsa3072_verify(hash, hash_size, &public_key, &sig, &result);

But I always get invalid return code. My Question is:

Is my verify steps right ? What are the correct steps ? Thanks .

you_w_ · ‎09-19-2017

ret = g_sp_extended_epid_group_id->verify_attestation_evidence(quote, pro_desc, &attestation_report);
fprintf(OUTPUT, "\n\tsignature:%s", attestation_report.signature);
fprintf(OUTPUT, "\n\tdata: %s", attestation_report.data);

uint8_t * arr;
StringToByteArray(string(attestation_report.data), &arr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, arr, strlen(attestation_report.data));

uint8_t * sigarr;
string sigstr = Base64decode(string(attestation_report.signature));
StringToByteArray( sigstr, &sigarr);
SERVER_PRINT_BYTE_ARRAY(OUTPUT, sigarr, sigstr.size());

Here Ican get the correct signature and response_body----data, Then I convert them to uint8_t array and get hash though this function;

ipp_ret = ippsHashMessage((const Ipp8u *) p_src, src_len, (Ipp8u *)p_hash, IPP_ALG_HASH_SHA256);

At last verify the hash and signature with public key;

int check_valid_quote_sig(const uint8_t *signature, const uint8_t *data)
{
    int res=0;
    barbi_rsa3072_public_key_t pub_key;
    memcpy(pub_key.mod, private_key_mod, sizeof(uint8_t) * 384);
    memcpy(pub_key.exp, pub_key_exp, sizeof(uint8_t) * 4);
    barbi_rsa_result_t result;
    barbi_sha256_hash_t hash;
    barbi_rsa3072_signature_t signature_to_verify;
    memcpy(&signature_to_verify, signature, sizeof(barbi_rsa3072_signature_t));
    barbi_ipp_sha256_msg(data, sizeof(data), &hash);
    barbi_rsa3072_verify(hash, sizeof(hash), &pub_key, &signature_to_verify, &result);

    if (BARBI_RSA_VALID == result){
        printf("\n\nVerify result: valid\n");
        res = 1;
    }else{
        printf("Verify result: Invalid. \n");
        res = 0;
    }
    return res;
}

Hoang_N_Intel · ‎09-27-2017

Your verification steps are correct. I do a quick verification in C# using the same steps and it works fine under my environment.

Here is the code fragment that I used for the same set of steps:

string signatureString = response.Headers["x-iasreport-signature"];
string bodyString = response.GetResponseBodyString();
byte[] signature = Convert.FromBase64String(signatureString);
byte[] data = Encoding.UTF8.GetBytes(bodyString);
var rsa = (RSACryptoServiceProvider)cert.PublicKey.Key; // get the public key
if (!rsa.VerifyData(data, "SHA256", signature))
throw new Exception();

Can you provide your running environment? Windows or Linux? Which version? and whether you have a separate running service provider application? or is it just all done in a simple client appl library?

you_w_ · ‎10-10-2017

Hi Hoang Nguyen

Due to recent Chinese National Holiday(8 days), I haven't check my question. This is a brief description of my environment:

OS: Ubuntu 16.04

CPU: E3 1230 v5

SDK version: 1.9

I think I done remote attestation all in a simple client app library now. If I can pass all the tests, Then I will use the library in separate service provider.

Thanks

you.w

you_w_ · ‎10-26-2017

Maybe my usage of ipp crypto library is wrong, I reimplement the verification with openssl lib and now it works well.

Thanks

you