Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
139 Views

attestation query returns 400 Bad request

Jump to solution

I'm implementing a basic remote attestation, but getting the 400 Bad request from IAS. I am using a valid SPID from IAS. What might be the issue here?  

+++ IAS Primary Subscription Key set to '1479........................35a9'
+++ IAS Secondary Subscription Key set to 'd51e........................389c'
+++ Using default CA bundle /etc/ssl/certs/ca-certificates.crt
Using default private key
+++ using private key:

+++ IAS Subscription Key[0]:    '1479..............................35a9'
+++ IAS Subscription Key[0] (Hex):    31343..................6433356139
+++ One-time pad:            00538...................................bd4d5
+++ Encrypted Subscription Key[0]:    3167bad215............................8eb5ec


+++ IAS Subscription Key[1]:    'd51ef315................7dc389c'
+++ IAS Subscription Key[1] (Hex):    64353165..............353137646333383963
+++ One-time pad:            f894c3691...................b4660ea9d3
+++ Encrypted Subscription Key[1]:    9ca1f20c7................aaa4cff2f3d7553690b0

Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
+++ read 145 bytes from socket

---- read buffer -----------------------------------------------------------
0000000098c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea513da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9df0a0000
----------------------------------------------------------------------------

---- Msg0 Details (from Client) --------------------------------------------
msg0.extended_epid_group_id = 0
----------------------------------------------------------------------------

---- Msg1 Details (from Client) --------------------------------------------
msg1.g_a.gx = 98c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea51
msg1.g_a.gy = 3da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9
msg1.gid    = df0a0000
----------------------------------------------------------------------------
+++ generating session key Gb
+++ deriving KDK
+++ shared secret= e930773f9d30d422865b128a41a49f6785ab8c224d764b69d215040c72110722
+++ reversed     = 220711720c0415d2694b764d228cab85679fa4418a125b8622d4309d3f7730e9
+++ KDK = e44fc365fa24046d02e759b6b492aeb5
+++ deriving SMK
+++ SMK = bc2c9846a515cc47bce7a0c29e52e3d4
+++ Trying agent_wget

---- IAS sigrl HTTP Request ------------------------------------------------
HTTP GET https://api.trustedservices.intel.com/sgx/dev/attestation/v3/sigrl/00000adf
----------------------------------------------------------------------------

+++ Reconstructed Subscription Key:    '1479e....................35a9'
+++ IAS Subscription Key (Hex):        3134373965........................433356139
+++ One-time pad:            40a509c38...................a1d1a0786
+++ Encrypted SubscriptionKey:        71913efa............................bd5f6e2e2f66bf

+++ Exec: wget --output-document=- --save-headers --content-on-error --no-http-keep-alive --header=Ocp-Apim-Subscription-Key: 1479e.................d35a9 https://api.trustedservices.intel.com/sgx/dev/attestation/v3/sigrl/00000adf
--2020-06-10 17:31:37--  https://api.trustedservices.intel.com/sgx/dev/attestation/v3/sigrl/00000adf
Resolving api.trustedservices.intel.com (api.trustedservices.intel.com)... 40.87.90.88
Connecting to api.trustedservices.intel.com (api.trustedservices.intel.com)|40.87.90.88|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 0
Saving to: ‘STDOUT’

-                             [ <=>                               ]       0  --.-KB/s    in 0s      

2020-06-10 17:31:37 (0.00 B/s) - written to stdout [0/0]


---- IAS sigrl HTTP Response -----------------------------------------------
HTTP/1.1 200 OK
Content-Length: 0
Request-ID: 8edc242e5b964f02b923c6485457aaf6
Date: Wed, 10 Jun 2020 23:31:37 GMT
Connection: close


----------------------------------------------------------------------------
+++ RET = 94673368359048
, ret+++ SubscriptionKeyID = 0
+++ GbGa = fb1440155c43a34c2bcb2783c443343976c2766fc20fbeeabef876d4a2fe6ad72961e3c8d7b2633cf324fc2f3c0048a97844353577961ae7ee29530bcf2e44d198c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea513da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9
+++ sha256(GbGa) = 9dc9d5f08514d5720198af6e1a377f8033f880cf058e77202afd2ff3485cdecf
+++ r = 68903a85627d0e68a173d00d4c203a5683022b7a68aca65866be6dd0dc61df40
+++ s = f52db39c222ed09ab2bde97516d66f8c738be65bcbaff262f2e66a9361030793

---- Msg2 Details ----------------------------------------------------------
msg2.g_b.gx      = fb1440155c43a34c2bcb2783c443343976c2766fc20fbeeabef876d4a2fe6ad7
msg2.g_b.gy      = 2961e3c8d7b2633cf324fc2f3c0048a97844353577961ae7ee29530bcf2e44d1
msg2.spid        = 60bf489aefae6bf6d996ba26e9ff9f6f
msg2.quote_type  = 0000
msg2.kdf_id      = 0100
msg2.sign_ga_gb  = 40df61dcd06dbe6658a6ac687a2b0283563a204c0dd073a1680e7d62853a906893070361936ae6f262f2afcb5be68b738c6fd61675e9bdb29ad02e229cb32df5
msg2.mac         = 32ab29ca5187e05c4aa5c1a6a06d22fb
msg2.sig_rl_size = 00000000
----------------------------------------------------------------------------

---- Copy/Paste Msg2 Below to Client ---------------------------------------
fb1440155c43a34c2bcb2783c443343976c2766fc20fbeeabef876d4a2fe6ad72961e3c8d7b2633cf324fc2f3c0048a97844353577961ae7ee29530bcf2e44d160bf489aefae6bf6d996ba26e9ff9f6f0000010040df61dcd06dbe6658a6ac687a2b0283563a204c0dd073a1680e7d62853a906893070361936ae6f262f2afcb5be68b738c6fd61675e9bdb29ad02e229cb32df532ab29ca5187e05c4aa5c1a6a06d22fb00000000
----------------------------------------------------------------------------
Waiting for msg3
+++ read 2905 bytes from socket

---- read buffer -----------------------------------------------------------
6e2b2185a196610b52698faf9fc171a298c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea513da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000df0a0000080007000000000060bf489aefae6bf6d996ba26e9ff9f6f6b5347d0e2ff7011fbd496fab452a558040effffff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000070000000000000019b1acb2f7df16b641abb764363ebd237fd31168dae8b319408ba5619ce0227a000000000000000000000000000000000000000000000000000000000000000083d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efee3534426770f9655c71e2adce102c284691d4f6a54d4bbc5ca958476347100000000000000000000000000000000000000000000000000000000000000000a802000000bb4e7540d74711881e67a8ae0831ca3737ce4ad51a2422277f06c07903ee978ff374c7cb030adb3d24054b258946e405e2a1a8901de89323a93204f8cca9ddfc839a4574d894ca84e7a56b5409f8ae224759b303b2903983ace8702cf1a21dccb023930560541ad30278ad835a0e95ca30eef1c0cee517fa7244edec03e5e0bbc241e8165964f56b9d9615737a090c51e9f0ed78e811604786a3ccc6800dd5dbb2ad196eaad4e55d5d2fcd30eb60621ed032ba547f536cc432d4eca300d9ab0a4839aa51c0a87b976165277a6c873022310a84897897fcd2a1303dfd1d80de43606a839232d8dad4f96b325737edc867701ace8dc03455f82ba235711582c84b90215e60eae3272aa6c8e365ed93d18190e29248fc4573202158b862b12627129a48d0163b3874a32021bf68010000e493f257beca1018861a378ec0bbe34bda982630fcc9048301f86535e2a57f8e3138a1cf916ee6a7a12b944f9312e2771ab36b2e75a8da7890f353688021c37bf7c0bd44f489fdccc0b1b0ba287a2062843251f1290aac93f9d6b7da7e3d387b19ee9db890abb42e5bce0a3c7285480aaf282123ccf125af7178e94c616f6195a592ba51a362dc9a2e0ca75584cdcfc56c6e9d25a3a1848f4c5cd98d561f827e7bd3bdf1a3d75ea89be76abb78fa56757498fbcbcafa62db651b534bcf6fbba780be0872f02887e86d8e532aeadfedc01271676ba97b18e0fcd7a376e69601fcde1eddd3d0cf71f5f061d8490e5a49db6e22778168fcf94af79c19b43a5c02e6a7f2c42fa6a8a12fa7fceb7ad75619e5d9fa958d87d8f9ca54b78beefdc3ad537fe1f9ded97a044f2fd321a321babbf8e6791571936d6e3a9ea2194ac1d10e0bf88695f57258ac31f9c60e421fad969faa4517845c22b804e5c3956177b21ca07d5f3bb4d8f3996fcd79a36ca6e3555a53b8bd78e8f72c28
----------------------------------------------------------------------------
+++ read 2904 bytes
+++ quote_sz= 1116 bytes
+++ Verifying msg3.g_a matches msg1.g_a
msg1.g_a.gx = 98c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea51
msg1.g_a.gy = 3da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9
msg3.g_a.gx = 98c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea51
msg3.g_a.gy = 3da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9
+++ Validating MACsmk(M)
msg3.mac   = 6e2b2185a196610b52698faf9fc171a2
calculated = 6e2b2185a196610b52698faf9fc171a2

---- Msg3 Details (from Client) --------------------------------------------
msg3.mac                 = 6e2b2185a196610b52698faf9fc171a2
msg3.g_a.gx              = 98c8f2ee693b4f4b82bc25a2e95a91a60696156c1227445092a128f67c75ea51
msg3.g_a.gy              = 3da2ec2be70497b5d54c66eba80e06f87bd988b46ee9e0c3f3954fd1392c2db9
msg3.ps_sec_prop         = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
msg3.quote.version       = 0200
msg3.quote.sign_type     = 0000
msg3.quote.epid_group_id = df0a0000
msg3.quote.qe_svn        = 0800
msg3.quote.pce_svn       = 0700
msg3.quote.xeid          = 00000000
msg3.quote.basename      = 60bf489aefae6bf6d996ba26e9ff9f6f6b5347d0e2ff7011fbd496fab452a558
msg3.quote.report_body   = 040effffff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000070000000000000019b1acb2f7df16b641abb764363ebd237fd31168dae8b319408ba5619ce0227a000000000000000000000000000000000000000000000000000000000000000083d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efee3534426770f9655c71e2adce102c284691d4f6a54d4bbc5ca958476347100000000000000000000000000000000000000000000000000000000000000000
msg3.quote.signature_len = a8020000
msg3.quote.signature     = 00bb4e7540d74711881e67a8ae0831ca3737ce4ad51a2422277f06c07903ee978ff374c7cb030adb3d24054b258946e405e2a1a8901de89323a93204f8cca9ddfc839a4574d894ca84e7a56b5409f8ae224759b303b2903983ace8702cf1a21dccb023930560541ad30278ad835a0e95ca30eef1c0cee517fa7244edec03e5e0bbc241e8165964f56b9d9615737a090c51e9f0ed78e811604786a3ccc6800dd5dbb2ad196eaad4e55d5d2fcd30eb60621ed032ba547f536cc432d4eca300d9ab0a4839aa51c0a87b976165277a6c873022310a84897897fcd2a1303dfd1d80de43606a839232d8dad4f96b325737edc867701ace8dc03455f82ba235711582c84b90215e60eae3272aa6c8e365ed93d18190e29248fc4573202158b862b12627129a48d0163b3874a32021bf68010000e493f257beca1018861a378ec0bbe34bda982630fcc9048301f86535e2a57f8e3138a1cf916ee6a7a12b944f9312e2771ab36b2e75a8da7890f353688021c37bf7c0bd44f489fdccc0b1b0ba287a2062843251f1290aac93f9d6b7da7e3d387b19ee9db890abb42e5bce0a3c7285480aaf282123ccf125af7178e94c616f6195a592ba51a362dc9a2e0ca75584cdcfc56c6e9d25a3a1848f4c5cd98d561f827e7bd3bdf1a3d75ea89be76abb78fa56757498fbcbcafa62db651b534bcf6fbba780be0872f02887e86d8e532aeadfedc01271676ba97b18e0fcd7a376e69601fcde1eddd3d0cf71f5f061d8490e5a49db6e22778168fcf94af79c19b43a5c02e6a7f2c42fa6a8a12fa7fceb7ad75619e5d9fa958d87d8f9ca54b78beefdc3ad537fe1f9ded97a044f2fd321a321babbf8e6791571936d6e3a9ea2194ac1d10e0bf88695f57258ac31f9c60e421fad969faa4517845c22b804e5c3956177b21ca07d5f3bb4d8f3996fcd79a36ca6e3555a53b8bd78e8f72c28

---- Enclave Quote (base64) ==> Send to IAS --------------------------------
AgAAAN8KAAAIAAcAAAAAAGC/SJrvrmv22Za6Jun/n29rU0fQ4v9wEfvUlvq0UqVYBA7///8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAABmxrLL33xa2Qau3ZDY+vSN/0xFo2uizGUCLpWGc4CJ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADv7jU0Qmdw+WVcceKtzhAsKEaR1PalTUu8XKlYR2NHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAIAAAC7TnVA10cRiB5nqK4IMco3N85K1RokIid/BsB5A+6Xj/N0x8sDCts9JAVLJYlG5AXioaiQHeiTI6kyBPjMqd38g5pFdNiUyoTnpWtUCfiuIkdZswOykDmDrOhwLPGiHcywI5MFYFQa0wJ4rYNaDpXKMO7xwM7lF/pyRO3sA+Xgu8JB6BZZZPVrnZYVc3oJDFHp8O146BFgR4ajzMaADdXbsq0ZbqrU5V1dL80w62BiHtAyulR/U2zEMtTsowDZqwpIOapRwKh7l2FlJ3pshzAiMQqEiXiX/NKhMD39HYDeQ2Bqg5Iy2NrU+WsyVzftyGdwGs6NwDRV+CuiNXEVgshLkCFeYOrjJyqmyONl7ZPRgZDikkj8RXMgIVi4YrEmJxKaSNAWOzh0oyAhv2gBAADkk/JXvsoQGIYaN47Au+NL2pgmMPzJBIMB+GU14qV/jjE4oc+RbuanoSuUT5MS4ncas2sudajaeJDzU2iAIcN798C9RPSJ/czAsbC6KHogYoQyUfEpCqyT+da32n49OHsZ7p24kKu0LlvOCjxyhUgKryghI8zxJa9xeOlMYW9hlaWSulGjYtyaLgynVYTNz8Vsbp0lo6GEj0xc2Y1WH4J+e9O98aPXXqib52q7ePpWdXSY+8vK+mLbZRtTS89vu6eAvghy8CiH6G2OUyrq3+3AEnFna6l7GOD816N25pYB/N4e3dPQz3H18GHYSQ5aSdtuIneBaPz5SvecGbQ6XALmp/LEL6aooS+n/Ot611YZ5dn6lY2H2PnKVLeL7v3DrVN/4fne2XoETy/TIaMhurv45nkVcZNtbjqeohlKwdEOC/iGlfVyWKwx+cYOQh+tlp+qRReEXCK4BOXDlWF3shygfV87tNjzmW/NeaNspuNVWlO4vXjo9ywo
----------------------------------------------------------------------------
+++ Validating quote's epid_group_id against msg1
msg1.egid = df0a0000
msg3.quote.epid_group_id = df0a0000
+++ Trying agent_wget

---- IAS report HTTP Request -----------------------------------------------
HTTP POST https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
----------------------------------------------------------------------------
+++ POST data written to /tmp/wgetpostd9DUSM

+++ Reconstructed Subscription Key:    '1479e.................cd35a9'
+++ IAS Subscription Key (Hex):        31343...........636433356139
+++ One-time pad:            40a509c3.............0a1d1a0786
+++ Encrypted SubscriptionKey:        71913efaed..................cbd5f6e2e2f66bf

+++ Exec: wget --output-document=- --save-headers --content-on-error --no-http-keep-alive --header=Ocp-Apim-Subscription-Key: 1479e...............cd35a9 --header=Content-Type: application/json --post-file=/tmp/wgetpostd9DUSM https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
--2020-06-10 17:31:37--  https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
Resolving api.trustedservices.intel.com (api.trustedservices.intel.com)... 40.87.90.88
Connecting to api.trustedservices.intel.com (api.trustedservices.intel.com)|40.87.90.88|:443... connected.
HTTP request sent, awaiting response... 400 Bad Request
Saving to: ‘STDOUT’

-                             [ <=>                               ]       0  --.-KB/s    in 0s      

2020-06-10 17:31:38 ERROR 400: Bad Request.


---- IAS report HTTP Response ----------------------------------------------
HTTP/1.1 400 Bad Request
Content-Length: 0
Request-ID: 2206cea68bcb4cd8be2347d000172a4a
Date: Wed, 10 Jun 2020 23:31:37 GMT
Connection: close


----------------------------------------------------------------------------
attestation query returned 400: 
Invalid payload
Attestation failed
error processing msg3
Waiting for a client to connect...
 

0 Kudos

Accepted Solutions
Highlighted
Moderator
136 Views

Re:attestation query returns 400 Bad request

Jump to solution

Hello Tarun,


The reason you are getting the 400 bad request error is that you are using a Linkable Attestation Service subscription with an unlinkable quote. You need to generate the same type of quote as the subscription SPID/Key out at IAS. When you subscribe to IAS, you choose one other the other. You are generating one type, but trying to verify using a subscription SPID/Key to the other type.


Check the API for sgx_get_quote in the Intel SGX Developer Reference Guide for your OS.


sgx_get_quote

sgx_get_quote generates a linkable or un-linkable QUOTE.

Syntax

sgx_status_t sgx_get_quote(

const sgx_report_t *p_report,

sgx_quote_sign_type_t quote_type,

const sgx_spid_t *p_spid,

const sgx_quote_nonce_t *p_nonce,

const uint8_t *p_sig_rl,

uint32_t sig_rl_size,

sgx_report_t *p_qe_report,

sgx_quote_t *p_quote,

uint32_t quote_size

);


quote_type [in]

SGX_UNLINKABLE_SIGNATURE for unlinkable quote or SGX_LINKABLE_

SIGNATURE for linkable quote.


Jesus Garcia, Intel Customer Support

View solution in original post

Tags (2)
0 Kudos
3 Replies
Highlighted
Moderator
139 Views

Hello user14,

Jump to solution

Hello user14,

We need to check the Intel backend for why your transaction is failing. Unfortunately, we will not be able to get you a response until next week. Please stay tuned and I'll get back to you as soon as I have an answer.

Regards,

Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
139 Views

A gentle reminder. Let me

Jump to solution

A gentle reminder. Let me know when you have an answer. 

0 Kudos
Highlighted
Moderator
137 Views

Re:attestation query returns 400 Bad request

Jump to solution

Hello Tarun,


The reason you are getting the 400 bad request error is that you are using a Linkable Attestation Service subscription with an unlinkable quote. You need to generate the same type of quote as the subscription SPID/Key out at IAS. When you subscribe to IAS, you choose one other the other. You are generating one type, but trying to verify using a subscription SPID/Key to the other type.


Check the API for sgx_get_quote in the Intel SGX Developer Reference Guide for your OS.


sgx_get_quote

sgx_get_quote generates a linkable or un-linkable QUOTE.

Syntax

sgx_status_t sgx_get_quote(

const sgx_report_t *p_report,

sgx_quote_sign_type_t quote_type,

const sgx_spid_t *p_spid,

const sgx_quote_nonce_t *p_nonce,

const uint8_t *p_sig_rl,

uint32_t sig_rl_size,

sgx_report_t *p_qe_report,

sgx_quote_t *p_quote,

uint32_t quote_size

);


quote_type [in]

SGX_UNLINKABLE_SIGNATURE for unlinkable quote or SGX_LINKABLE_

SIGNATURE for linkable quote.


Jesus Garcia, Intel Customer Support

View solution in original post

Tags (2)
0 Kudos