已解决: Problem with 'sgx_ra_msg3_t' mac field

Fabio_S_2 · ‎01-26-2020

On the latest version of developer reference (2.8 - p368), the 'mac' field is described as:

"AES-CMAC of g_a, ps_sec_prop, GID, and quote[], using SMK."

But the CMAC function returns a different value. If I remove the GID, the CMAC function result matches the mac field value. Someone else had the same problem?

JesusG_Intel · ‎01-28-2020

Hello Fabio, you are correct. The developer reference has a typo, it should not include the GID in the mac calculation. It should read: "AES-CMAC of g_a, ps_sec_prop, and quote[], using SMK.” The correct CMAC calculation for msg3 can be seen in Figure 3, which shows the full Remote Attestation Flow, on this page.

We will fix this error in the next revision of the document. Thank you for pointing it out.

Regards,

Jesus

在原帖中查看解决方案

JesusG_Intel · ‎01-28-2020

Hello Fabio, you are correct. The developer reference has a typo, it should not include the GID in the mac calculation. It should read: "AES-CMAC of g_a, ps_sec_prop, and quote[], using SMK.” The correct CMAC calculation for msg3 can be seen in Figure 3, which shows the full Remote Attestation Flow, on this page.

We will fix this error in the next revision of the document. Thank you for pointing it out.

Regards,

Jesus