Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Fredrik_T_
Beginner
167 Views

[IAS] Verify Attestation Evidence - quote encoding

Jump to solution

I receive a HTTP 400 Bad Request when verifying a simulation enclave quote via the endpoint

https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v1/report

I suspect the encoding of the quote is the issue. [1] only states that isvEnclaveQuote in the request JSON body should be an "encoded quote". No further details are given. Or perhaps the problem is the simulation mode.

The reponse format and example 3.2.2.6 suggest that the encoding should be base64 (MIME, UTF-7?). However, my base64-encoded quote results in the 400 error.

Example

  • request id 67f2ec3a6bc24584babad97fcebe4205
  • request body
{"isvEnclaveQuote":"AQAAAAsAAAABAO7u7u7u7lFTVWRSRiByhNQxZhBFdUOmv+WcPUuMgFKq/T6jqBtaSCDzN2rmsvIDTTt6S0ineAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAHAAAAAAAAADgGCOFYFVrCFQJGVDFQ0ERfuKsSGLSiR9LmG3ZFL/CNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGNW2jbyeETOnoFM7d5+hpuMI0IFEq3+Xqp0yMIjPrfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAIAAO7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7o+d8y5/NZ/o1rVIc2gBAADu7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u5dXZ3Hhlw9mNFPs0jToyZr"}

 

I base-64 encode the quote using libb64 like so:

char *c, *out;
c = out = malloc(quote_size * 2);
...
c += base64_encode_block((char*) quote, quote_size, c, &state);
c += base64_encode_blockend(c, &state);

The result looks similar to the beginning and end of the encoded examples.

 

[1] Intel® Software Guard Extensions: Intel® Attestation Service API

0 Kudos
1 Solution
167 Views

We are working on a sample to be posted to IDZ by end of June and one of the feature of the service provider is a simulation mode for IAS. This would allow folks to test attestation without contacting the real IAS

View solution in original post

6 Replies
167 Views

 

Simulation mode isn’t valid for Remote Attestation is because it’s untrusted code, not a true SGX enclave. If the IAS were to allow simulation enclaves to attest, then that would really undermine the security of the attestation service. The whole point of it is to be able to authoritatively say that an enclave was generated by trusted hardware.

Fredrik_T_
Beginner
167 Views

Thanks Kuppusamy. I still suggest specifying the encoding in more detail in the documentation.

A development IAS endpoint for simulation mode enclaves would be helpful.

167 Views

IAS endpoint is proving that the client is running its Software in an enclave on an SGX platform. 

Fredrik_T_
Beginner
167 Views

Yes, I understand that.

I was sugessting an IAS development endpoint that attests simulation enclaves (as provided by the SDK) for development, not productive, purposes.

168 Views

We are working on a sample to be posted to IDZ by end of June and one of the feature of the service provider is a simulation mode for IAS. This would allow folks to test attestation without contacting the real IAS

View solution in original post

167 Views
Reply