- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I receive a HTTP 400 Bad Request when verifying a simulation enclave quote via the endpoint
https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v1/report
I suspect the encoding of the quote is the issue. [1] only states that isvEnclaveQuote in the request JSON body should be an "encoded quote". No further details are given. Or perhaps the problem is the simulation mode.
The reponse format and example 3.2.2.6 suggest that the encoding should be base64 (MIME, UTF-7?). However, my base64-encoded quote results in the 400 error.
Example
- request id 67f2ec3a6bc24584babad97fcebe4205
- request body
{"isvEnclaveQuote":"AQAAAAsAAAABAO7u7u7u7lFTVWRSRiByhNQxZhBFdUOmv+WcPUuMgFKq/T6jqBtaSCDzN2rmsvIDTTt6S0ineAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAHAAAAAAAAADgGCOFYFVrCFQJGVDFQ0ERfuKsSGLSiR9LmG3ZFL/CNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGNW2jbyeETOnoFM7d5+hpuMI0IFEq3+Xqp0yMIjPrfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAIAAO7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7o+d8y5/NZ/o1rVIc2gBAADu7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u5dXZ3Hhlw9mNFPs0jToyZr"}
I base-64 encode the quote using libb64 like so:
char *c, *out; c = out = malloc(quote_size * 2); ... c += base64_encode_block((char*) quote, quote_size, c, &state); c += base64_encode_blockend(c, &state);
The result looks similar to the beginning and end of the encoded examples.
[1] Intel® Software Guard Extensions: Intel® Attestation Service API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are working on a sample to be posted to IDZ by end of June and one of the feature of the service provider is a simulation mode for IAS. This would allow folks to test attestation without contacting the real IAS
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Simulation mode isn’t valid for Remote Attestation is because it’s untrusted code, not a true SGX enclave. If the IAS were to allow simulation enclaves to attest, then that would really undermine the security of the attestation service. The whole point of it is to be able to authoritatively say that an enclave was generated by trusted hardware.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Kuppusamy. I still suggest specifying the encoding in more detail in the documentation.
A development IAS endpoint for simulation mode enclaves would be helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IAS endpoint is proving that the client is running its Software in an enclave on an SGX platform.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I understand that.
I was sugessting an IAS development endpoint that attests simulation enclaves (as provided by the SDK) for development, not productive, purposes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are working on a sample to be posted to IDZ by end of June and one of the feature of the service provider is a simulation mode for IAS. This would allow folks to test attestation without contacting the real IAS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remote Attestation sample now live
-Surenthar.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page