- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Intel
When I run the RA sample code of sgx-ra-sample. The server can not retrieve the sigrl. And the debuging information as following.
./run-server
+++ IAS Primary Subscription Key set to '2b2d........................a0f3'
+++ IAS Secondary Subscription Key set to 'd9f3........................98a3'
+++ Using default CA bundle /etc/ssl/certs/ca-certificates.crt
Using default private key
+++ using private key:
+++ IAS Subscription Key[0]: '2b2d22*********9ba422a0f3'
+++ IAS Subscription Key[0] (Hex): 326232643232323833*****************9626134323261306633
+++ One-time pad: 0e3c89d9f5ac7e862e2b78839f1e0be444f632ac576a1db1f1bccabb9729395b
+++ Encrypted Subscription Key[0]: 3c5ebbbdc79e4cbe1d4819bbab2b6f857c9705cd320824d39088f889f6195f68
+++ IAS Subscription Key[1]: 'd9f3987**************e308298a3'
+++ IAS Subscription Key[1] (Hex): 643966333938376236383231*********31653330383239386133
+++ One-time pad: 576c5c70ddb53935c0f04353cef9818352444f503178bcd966c6a0ca3883dbbd
+++ Encrypted Subscription Key[1]: 33553a43e48d0e57f6c87162fac8e3b330717a3654198dbc55f698f801bbba8e
Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
+++ read 145 bytes from socket
---- read buffer -----------------------------------------------------------
000000001e029b609f672dd5f17810ad57c0ee2d2e52c95bf71edef6b38f94f8de14dcbaf786e8462b1edb9d46baa0b86bdbd51371001fd39b33e912854475c1b15d6117b90b0000
----------------------------------------------------------------------------
---- Msg0 Details (from Client) --------------------------------------------
msg0.extended_epid_group_id = 0
----------------------------------------------------------------------------
---- Msg1 Details (from Client) --------------------------------------------
msg1.g_a.gx = 1e029b609f672dd5f17810ad57c0ee2d2e52c95bf71edef6b38f94f8de14dcba
msg1.g_a.gy = f786e8462b1edb9d46baa0b86bdbd51371001fd39b33e912854475c1b15d6117
msg1.gid = b90b0000
----------------------------------------------------------------------------
+++ generating session key Gb
+++ deriving KDK
+++ shared secret= 2fb265db790486583c57b5a62e567c425131b3d48d7e07f270d149eb8eac7dfa
+++ reversed = fa7dac8eeb49d170f2077e8dd4b33151427c562ea6b5573c58860479db65b22f
+++ KDK = 10bf97d83de3e040a4d510050fab1bab
+++ deriving SMK
+++ SMK = 50a986b2a1daae0d20420b3fb87b97fd
+++ Trying agent_wget
---- IAS sigrl HTTP Request ------------------------------------------------
HTTP GET https://api.trustedservices.intel.com/sgx/dev/attestation/v4/sigrl/00000bb9
----------------------------------------------------------------------------
+++ Reconstructed Subscription Key: '2b2d22283ca845da8a7aeb9ba422a0f3'
+++ IAS Subscription Key (Hex): 3262326432323238336361383435646138613761656239626134323261306633
+++ One-time pad: 0e3c89d9f5ac7e862e2b78839f1e0be444f632ac576a1db1f1bccabb9729395b
+++ Encrypted SubscriptionKey: 3c5ebbbdc79e4cbe1d4819bbab2b6f857c9705cd320824d39088f889f6195f68
+++ Exec: wget --output-document=- --save-headers --content-on-error --no-http-keep-alive --header=Ocp-Apim-Subscription-Key: 2b2d22283ca845da8a7aeb9ba422a0f3 https://api.trustedservices.intel.com/sgx/dev/attestation/v4/sigrl/00000bb9
--2020-09-12 16:12:15-- https://api.trustedservices.intel.com/sgx/dev/attestation/v4/sigrl/00000bb9
Resolving api.trustedservices.intel.com (api.trustedservices.intel.com)... 40.87.90.88
Connecting to api.trustedservices.intel.com (api.trustedservices.intel.com)|40.87.90.88|:443... connected.
ERROR: cannot verify api.trustedservices.intel.com's certificate, issued by ‘CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Unable to locally verify the issuer's authority.
To connect to api.trustedservices.intel.com insecurely, use `--no-check-certificate'.
---- IAS sigrl HTTP Response -----------------------------------------------
HTTP/0.0 0
----------------------------------------------------------------------------
+++ RET = 94601062678584
, ret+++ SubscriptionKeyID = 0
could not retrieve the sigrl
error processing msg1
Waiting for a client to connect...
OS is Ubuntu18.04, Openssl version is 1.1.0l.
This is my setting file.
# Use Bourne Shell style syntax for this file.
#======================================================================
# Global options
#======================================================================
# Set to non-zero to query the production IAS instead of development.
# Note that the SPID and certificate are different for production
# and development, so if you change this you'll need to change them,
# too.
QUERY_IAS_PRODUCTION=0
# Your Service Provider ID. This should be a 32-character hex string.
# [REQUIRED]
SPID=DD93FDDB1C578E662CA45AF1AD050862
# Set to a non-zero value if this SPID is associated with linkable
# quotes. If you change this, you'll need to change SPID,
# IAS_PRIMARY_SUBSCRIPTION_KEY and IAS_SECONDARY_SUBSCRIPTION_KEY too.
LINKABLE=0
#======================================================================
# Client options
#======================================================================
# Set to non-zero to have the client generate a random nonce.
RANDOM_NONCE=1
# Set to non-zero to have the client generate a platform manifest.
# This requires a PSE session, and thus support for platform
# services.
#
# (Note that server hardware does not support platform services)
USE_PLATFORM_SERVICES=0
#======================================================================
# Service provider (server) options
#======================================================================
# Intel Attestation Service Primary Subscription Key
# More Info: https://api.portal.trustedservices.intel.com/EPID-attestation
# Associated SPID above is required
IAS_PRIMARY_SUBSCRIPTION_KEY=2b2d222*********b9ba422a0f3
# Intel Attestation Service Secondary Subscription Key
# This will be used in case the primary subscription key does not work
IAS_SECONDARY_SUBSCRIPTION_KEY=d9f3987b682********308298a3
# The Intel IAS SGX Report Signing CA file. You are sent this certificate
# when you apply for access to SGX Developer Services at
# http://software.intel.com/sgx [REQUIRED]
IAS_REPORT_SIGNING_CA_FILE=/home/lu/SGX/sgx-ra-sample/Intel_SGX_Attestation_RootCA.pem
# Set to the URL for your proxy server to force the use of a proxy
# when communicating with IAS (overriding any environment variables).
# IAS_PROXY_URL=
# Set to non-zero to disable the use of a proxy server and force a
# direct connection when communicating with IAS (overriding any
# environment variables).
# IAS_DISABLE_PROXY=0
#======================================================================
# Debugging options
#======================================================================
# Set to non-zero for verbose output
VERBOSE=1
# Set to non-zero for debugging output
DEBUG=1
I don't know what is going wrong...It's very appreciated for anyone to give some advice.
Thanks and best regards,
LU
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved this problem by updating openssl from 1.1.0 to 1.1.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I have met the same problem, and I have updating openssl from 1.1.0 to 1.1.1j. However, the problem still exists. I wonder if it would be convenient for you to tell me the version of openssl you used. And whether errors will be reported when building sgx-ra-sample under openssl 1.1.1.
Best regards to you.
SunnySun
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page