Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1310 Discussions

Remote Attestation - sgx_ra_proc_msg2 fails with SGX_ERROR_UNEXPECTED


Note: I am currently working on SIMULATION MODE

I am in the process of implementing RA and currently have successfully generated MSG2 at the service provider side and trying to generate MSG3 at the client upon receiving the MSG2. However it fails with an error SGX_ERROR_UNEXPECTED at the step:

sgx_ra_proc_msg2(this->getContext(), this->getID(), sgx_ra_proc_msg2_trusted, sgx_ra_get_msg3_trusted, msg2, msg2_size, &msg3,&msg3_size);

It throws the above error message upon entering the function "sgx_ra_proc_msg2_trusted" in the above method 

sgx_status_t ret = sgx_ra_proc_msg2_trusted(eid, &status, context, (sgx_ra_msg2_t *)p_msg2, &qe_target_info, &report, &nonce);

The value of status = SGX_ERROR_UNEXPECTED and fails to proceed.

The value of my context object is {0} (maybe coz I am working in simulation mode??? is this a reason for this error?)

0 Kudos
2 Replies

Please refer the RemoteAttestation Sample code.  If you working in simulation mode, please make sure you have used the simulation library.


Hi Junli,

Thanks for the reply.... I did follow the Sample code & simulation library is installed.

However when I follow through the steps I get the error SGX_INVALID_SIGNATURE when performing

ret = sgx_ra_proc_msg2(this->getContext(), this->getID(), sgx_ra_proc_msg2_trusted, sgx_ra_get_msg3_trusted,
                msg2, msg2_size, &msg3, &msg3_size);


However, when debugging the same in the service provider after creating the signature

// Sign gb_ga
    sgx_status = sgx_ecdsa_sign((uint8_t *)&gb_ga, sizeof(gb_ga), (sgx_ec256_private_t *)&g_sp_priv_key,
        (sgx_ec256_signature_t *)&msg2.sign_gb_ga, ecc_state);


I tried adding a verification step to check the signature

//Just a verification step, the result of p_result should be zero for a valid signature signing
    uint8_t p_result;
    sgx_status = sgx_ecdsa_verify((uint8_t *)&gb_ga, sizeof(gb_ga), (sgx_ec256_public_t *)&g_sp_pub_key,
        (sgx_ec256_signature_t *)&msg2.sign_gb_ga, &p_result, ecc_state);

Its is successful with p_result = 0 which means its valid signature, however when on the client end it throws invalid signature.

Note: I have cross verified the msg2 values (g_b, sign_ga_gb, etc) and they have been correctly passed from SP to Client.