Hi Peter,

• SK (Signing Key/Symmetric Key)
• MK (Master Key/Masking Key)
• SMK (SIGMA protocol)
• VK: Verification key
• ISV can use the sgx_ra_init_ex API to provide a callback function to generate the remote attestation keys used in the SIGMA protocol (SMK) and returned by the API sgx_ra_get_keys (SK, MK, and VK). The decision to use a different KDF is a policy of the ISV, but it should be approved by the ISV’s security process. 
• sgx_ ra_derive_secret_keys_t function takes the Diffie-Hellman shared secret as input to allow the ISV enclave to generate their own derived shared keys (SMK, SK, MK and VK).
• VK is derived  from the Diffie-Hellman shared secret elliptic curve field element between the service provider and  the application enclave.
  VK  = AES-CMAC (0x00, gab  x coordinate|| 0x03)
• Remote Attestation context was generated by sgx_ra_init, the returned SGX_RA_ KEY_MK, SGX_RA_KEY_SK or SGX_RA_VK is derived from the Diffie-Hellman shared secret elliptic curve field element between the service provider and the application enclave using the following Key Derivation Function (KDF):
  • KDK = AES-CMAC(key0, gab x-coordinate)
  • SGX_RA_KEY_VK = AES-CMAC(KDK, 0x01||’VK’||0x00||0x80||0x00)
  • SGX_RA_KEY_MK = AES-CMAC(KDK, 0x01||’MK’||0x00||0x80||0x00)
  • SGX_RA_KEY_SK = AES-CMAC(KDK, 0x01||’SK’||0x00||0x80||0x00)
• The key0 used in the key extraction operation is 16 bytes of 0x00. The plain text used in the Key derivation calculation is the Diffie-Hellman shared secret elliptic curve field element in Little Endian format.
• The plain text used in each key calculation includes:
  • a counter (0x01)
  • a label: the ASCII representation of one of the strings 'VK', 'MK' or 'SK' in Little Endian format
  • a bit length (0x80)

Regards

Shivananda