Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Remote Attestation - sgx_ra_proc_msg2 fails with SGX_ERROR_UNEXPECTED

Subramanyan__Bala
Beginner
‎09-17-2019 08:22 AM
506 Views

Note: I am currently working on SIMULATION MODE

I am in the process of implementing RA and currently have successfully generated MSG2 at the service provider side and trying to generate MSG3 at the client upon receiving the MSG2. However it fails with an error SGX_ERROR_UNEXPECTED at the step:

sgx_ra_proc_msg2(this->getContext(), this->getID(), sgx_ra_proc_msg2_trusted, sgx_ra_get_msg3_trusted, msg2, msg2_size, &msg3,&msg3_size);

It throws the above error message upon entering the function "sgx_ra_proc_msg2_trusted" in the above method 

sgx_status_t ret = sgx_ra_proc_msg2_trusted(eid, &status, context, (sgx_ra_msg2_t *)p_msg2, &qe_target_info, &report, &nonce);

The value of status = SGX_ERROR_UNEXPECTED and fails to proceed.

The value of my context object is {0} (maybe coz I am working in simulation mode??? is this a reason for this error?)

0 Kudos

Link Copied

2 Replies
Junli_S_Intel
Employee
‎09-17-2019 06:27 PM
506 Views

Please refer the RemoteAttestation Sample code.  If you working in simulation mode, please make sure you have used the simulation library.

0 Kudos
Copy link
Subramanyan__Bala
Beginner
‎09-23-2019 03:06 AM
506 Views

Hi Junli,

Thanks for the reply.... I did follow the Sample code & simulation library is installed.

However when I follow through the steps I get the error SGX_INVALID_SIGNATURE when performing

ret = sgx_ra_proc_msg2(this->getContext(), this->getID(), sgx_ra_proc_msg2_trusted, sgx_ra_get_msg3_trusted,
                msg2, msg2_size, &msg3, &msg3_size);

 

However, when debugging the same in the service provider after creating the signature

// Sign gb_ga
    sgx_status = sgx_ecdsa_sign((uint8_t *)&gb_ga, sizeof(gb_ga), (sgx_ec256_private_t *)&g_sp_priv_key,
        (sgx_ec256_signature_t *)&msg2.sign_gb_ga, ecc_state);

 

I tried adding a verification step to check the signature

//Just a verification step, the result of p_result should be zero for a valid signature signing
    uint8_t p_result;
    sgx_status = sgx_ecdsa_verify((uint8_t *)&gb_ga, sizeof(gb_ga), (sgx_ec256_public_t *)&g_sp_pub_key,
        (sgx_ec256_signature_t *)&msg2.sign_gb_ga, &p_result, ecc_state);

Its is successful with p_result = 0 which means its valid signature, however when on the client end it throws invalid signature.

Note: I have cross verified the msg2 values (g_b, sign_ga_gb, etc) and they have been correctly passed from SP to Client. 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.