Closed kss-espeo closed 5 years ago
Are you running the latest version of the code? Make sure you are either on master or the v3.0 tag. The v2.x source does not set the content-type header to application/json when communicating with IAS. Originally, IAS was not enforcing that requirement, so this code sample worked even though it was not compliant. I can't say for sure this is your issue, but it manifests in exactly the way you describe.
Yes, I'm running an up-to-date version of master. @jmechalas
Can you provide the excerpt from the server logs where IAS is contacted while processing msg3, with the DEBUG and VERBOSE options turned on? This should dump the exact request sent to IAS, with headers. (Please be sure to scrub any sensitive information in the content body.)
i am also facing the similar issue! @kss-espeo for IAS report request you need not to add extra params like id , timestamp etc, those are response json fields.
required params are :
"isvEnclaveQuote"
"pseManifest"
but with above params set, im getting 400 Invalid payload error!
another issue may be related to this thread!
IAS Signing Cert CA is required while starting run-server! but in the v3 api registeration we are not using any CA cert to registered with IAS!
@kss-espeo may i know which IAS Signing Cert CA you were using while starting run-server
can anyone please explain about this!
thanks!
@jmechalas There is some of it in my first post, here's the rest:
---- Msg3 Details (from Client) --------------------------------------------
msg3.mac = 2390677621973710ace9f1514d16fdd7
msg3.g_a.gx = 3cab77a66846cb6e7644ad316830506d9ec34def0fb3ebd5bdbd6df3c170c96f
msg3.g_a.gy = 36ceda7a2029189bee3d96b271c2e724b48cb7b2d1ace88021164550d45ecfe8
msg3.ps_sec_prop = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
msg3.quote.version = 0200
msg3.quote.sign_type = 0100
msg3.quote.epid_group_id = e30a0000
msg3.quote.qe_svn = 0800
msg3.quote.pce_svn = 0700
msg3.quote.xeid = 00000000
msg3.quote.basename = 911dbf50f2eb6dbe27784f60fffba85600000000000000000000000000000000
msg3.quote.report_body = 0409ffff010200000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000700000000000000fee4bae07e1f1fdc85667f27afe0fad65e98c3ada8ec12f504e1123b051945960000000000000000000000000000000000000000000000000000000000000000bd71c6380ef77c5417e8b2d1ce2d4b6504b9f418e5049342440cfff2443d95bd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dad73fb49000312611898731965c2115b643a10299f71e09ad2439180ca2d200000000000000000000000000000000000000000000000000000000000000000
msg3.quote.signature_len = a8020000
msg3.quote.signature = 27e74e235cc80a5ca1634117db7386f348ef93fbc1e19f24d259951eb6ca94e1a581015a52ff540c7767c1d006518abb59ef10b5e7aedc8a178a3ee290c576edd0bee07fe21250af48622d49818e90e6fb25b0414dc94c5eb69bd6c847433539de4373c46bf9d825abb74fe5551ce6adc5b7cf21f756aee61b5a8dcc971aaa1c90c18fe2c11feb1e22e29b76cead5f75f40d8388e02a5df6a1d80a127f17099652bb3129336e0c7fd2eef43f6d5c53c31ad5ef3c400e16e55b8044de4274aa4bb06bf0120a562e379a3937c9e6a002ff43cfab795eb5422852a57aa683d774002c6a9cbb4e372bc84b67fd61ead4dc8434a66cb2ff8ebc59eb99ec2fd2a1714ab8cd0e780f337be2a724c6a97daa96421edc71e395d3d77ac5bad4618e92e0bc2439b85895b5aa7a389ee8a968010000962933663725bc502ec45777c1dcd6c99b36f1754044456f04531ac8c5235ccdd1d31411e46065cb1dd6b007a3f6e0f8947cf67d4a807fef8c587e662af08dc4518011febf87ca4675bb0b2206174317b9117c2374a10456ff7e186c3e4ba857db1fc005fcb9c5dcf1cffa69999e71971e5b4e8bf918ad42256715bd44f81988e1db884fd138704eace7cf9522fd14bf0a1ddac079d761a92179b9bfb9b48b796d9778795fb59f02bdf35547c281094ac200c0349427057fc763a85c134ed2567bb02d36f17d857ac1e46215ef790d3f025d4b027091cc18f5b176570274bea4f12925149e4d47d8aa4ef8c36049291e92ae55dfc2716e739e532a69b3fa039b6c656e89e36b00c8c78752f193e4113c9d1c9ee456bb2d453e0591191dd6ae2317ecdd07700a2e2481fb5b5721a21ecf7f7b6addbcfdd024726d2f25d23e6211cd45d1344f8bc7dabae6d425f327ecc44ce057313691be89c21fb74a5fcf8582311e664a57a5fd6430e17b4b1c58281a363c315c541d8a31
---- Enclave Quote (base64) ==> Send to IAS --------------------------------
AgABAOMKAAAIAAcAAAAAAJEdv1Dy622+J3hPYP/7qFYAAAAAAAAAAAAAAAAAAAAABAn//wECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAAP7kuuB+Hx/chWZ/J6/g+tZemMOtqOwS9QThEjsFGUWWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9ccY4Dvd8VBfostHOLUtlBLn0GOUEk0JEDP/yRD2VvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9rXP7SQADEmEYmHMZZcIRW2Q6ECmfceCa0kORgMotIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAIAACfnTiNcyApcoWNBF9tzhvNI75P7weGfJNJZlR62ypThpYEBWlL/VAx3Z8HQBlGKu1nvELXnrtyKF4o+4pDFdu3QvuB/4hJQr0hiLUmBjpDm+yWwQU3JTF62m9bIR0M1Od5Dc8Rr+dglq7dP5VUc5q3Ft88h91au5htajcyXGqockMGP4sEf6x4i4pt2zq1fdfQNg4jgKl32odgKEn8XCZZSuzEpM24Mf9Lu9D9tXFPDGtXvPEAOFuVbgETeQnSqS7Br8BIKVi43mjk3yeagAv9Dz6t5XrVCKFKleqaD13QALGqcu043K8hLZ/1h6tTchDSmbLL/jrxZ65nsL9KhcUq4zQ54DzN74qckxql9qpZCHtxx45XT13rFutRhjpLgvCQ5uFiVtap6OJ7oqWgBAACWKTNmNyW8UC7EV3fB3NbJmzbxdUBERW8EUxrIxSNczdHTFBHkYGXLHdawB6P24PiUfPZ9SoB/74xYfmYq8I3EUYAR/r+HykZ1uwsiBhdDF7kRfCN0oQRW/34YbD5LqFfbH8AF/LnF3PHP+mmZnnGXHltOi/kYrUIlZxW9RPgZiOHbiE/ROHBOrOfPlSL9FL8KHdrAeddhqSF5ub+5tIt5bZd4eV+1nwK981VHwoEJSsIAwDSUJwV/x2OoXBNO0lZ7sC028X2FesHkYhXveQ0/Al1LAnCRzBj1sXZXAnS+pPEpJRSeTUfYqk74w2BJKR6SrlXfwnFuc55TKmmz+gObbGVuieNrAMjHh1Lxk+QRPJ0cnuRWuy1FPgWRGR3WriMX7N0HcAouJIH7W1choh7Pf3tq3bz90CRybS8l0j5iEc1F0TRPi8fauubUJfMn7MRM4FcxNpG+icIft0pfz4WCMR5mSlel/WQw4XtLHFgoGjY8MVxUHYox
----------------------------------------------------------------------------
+++ Validating quote's epid_group_id against msg1
msg1.egid = e30a0000
msg3.quote.epid_group_id = e30a0000
+++ Trying agent_wget
---- IAS report HTTP Request -----------------------------------------------
HTTP POST https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
----------------------------------------------------------------------------
+++ POST data written to /tmp/wgetpostgCvbZ2
+++ Reconstructed Subscription Key: '<sub key>'
+++ IAS Subscription Key (Hex): <IAS key>
+++ One-time pad: db0217eb1b9fdf3f0153f2394b3c6ccc3fa9370fd80eaa4030ed6bf0a9c7d103
+++ Encrypted SubscriptionKey: <sub key>
+++ Exec: wget --output-document=- --save-headers --content-on-error --no-http-keep-alive --header=Ocp-Apim-Subscription-Key: c4e96b986c714d00b6b8e656764a5b79 --header=Content-Type: application/json --post-file=/tmp/wgetpostgCvbZ2 https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
--2019-08-07 12:27:56-- https://api.trustedservices.intel.com/sgx/dev/attestation/v3/report
Translacja api.trustedservices.intel.com (api.trustedservices.intel.com)... 40.87.90.88
Łączenie się z api.trustedservices.intel.com (api.trustedservices.intel.com)|40.87.90.88|:443... połączono.
Żądanie HTTP wysłano, oczekiwanie na odpowiedź... 400 Bad Request
Zapis do: `STDOUT'
- [ <=> ] 0 --.-KB/s w 0s
2019-08-07 12:27:57 BŁĄD 400: Bad Request.
---- IAS report HTTP Response ----------------------------------------------
HTTP/1.1 400 Bad Request
Content-Length: 0
Request-ID: e70d5d81ed4a4b50b0dfcfbd226b7e54
Date: Wed, 07 Aug 2019 10:27:56 GMT
Connection: close
----------------------------------------------------------------------------
attestation query returned 400:
Invalid payload
Attestation failed
error processing msg3
Waiting for a client to connect...
in my case issue solved by setting LINKABLE=1, since i created spid in linkable method.
now getting 200 response from IAS, but facing cert_stack_build: certificate verification failure
i am using below cert as IAS signing cert, which i got in successfull report api response header,
-----BEGIN CERTIFICATE----- MIIEoTCCAwmgAwIBAgIJANEHdl0yo7CWMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwHhcNMTYxMTIyMDkzNjU4WhcNMjYxMTIw MDkzNjU4WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1Nh bnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEtMCsGA1UEAwwk SW50ZWwgU0dYIEF0dGVzdGF0aW9uIFJlcG9ydCBTaWduaW5nMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXot4OZuphR8nudFrAFiaGxxkgma/Es/BA+t beCTUR106AL1ENcWA4FX3K+E9BBL0/7X5rj5nIgX/R/1ubhkKWw9gfqPG3KeAtId cv/uTO1yXv50vqaPvE1CRChvzdS/ZEBqQ5oVvLTPZ3VEicQjlytKgN9cLnxbwtuv LUK7eyRPfJW/ksddOzP8VBBniolYnRCD2jrMRZ8nBM2ZWYwnXnwYeOAHV+W9tOhA ImwRwKF/95yAsVwd21ryHMJBcGH70qLagZ7Ttyt++qO/6+KAXJuKwZqjRlEtSEz8 gZQeFfVYgcwSfo96oSMAzVr7V0L6HSDLRnpb6xxmbPdqNol4tQIDAQABo4GkMIGh MB8GA1UdIwQYMBaAFHhDe3amfrzQr35CN+s1fDuHAVE8MA4GA1UdDwEB/wQEAwIG wDAMBgNVHRMBAf8EAjAAMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly90cnVzdGVk c2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvQ1JML1NHWC9BdHRlc3RhdGlvblJl cG9ydFNpZ25pbmdDQS5jcmwwDQYJKoZIhvcNAQELBQADggGBAGcIthtcK9IVRz4r Rq+ZKE+7k50/OxUsmW8aavOzKb0iCx07YQ9rzi5nU73tME2yGRLzhSViFs/LpFa9 lpQL6JL1aQwmDR74TxYGBAIi5f4I5TJoCCEqRHz91kpG6Uvyn2tLmnIdJbPE4vYv WLrtXXfFBSSPD4Afn7+3/XUggAlc7oCTizOfbbtOFlYA4g5KcYgS1J2ZAeMQqbUd ZseZCcaZZZn65tdqee8UXZlDvx0+NdO0LR+5pFy+juM0wWbu59MvzcmTXbjsi7HY 6zd53Yq5K244fwFHRQ8eOB0IWB+4PfM7FeAApZvlfqlKOlLcZL2uyVmzRkyR5yW7 2uo9mehX44CiPJ2fse9Y6eQtcfEhMPkmHXI01sN+KwPbpA39+xOsStjhP9N1Y1a2 tQAVo+yVgLgV2Hws73Fc0o3wC78qPEA+v2aRs/Be3ZFDgDyghc/1fgU+7C+P6kbq d4poyb6IW8KCJbxfMJvkordNOgOUUxndPHEi/tb/U7uLjLOgPA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf 6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50 L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA 152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB 3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv DaVzWh5aiEx+idkSGMnX -----END CERTIFICATE-----
reference from intel sgx forum!
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/814779
it seems there is no option to download IAS signing CA cert from
which is expected to be fixed soon. until we can't validate cert and sign returned from IAS report request.
@kss-espeo I see you are using the wget agent. I'll make another pass through the code and see if anything obvious jumps out. Do you get the same result if you use the curl agent?
Some additional items to check on your end:
@anand10717
it seems there is no option to download IAS signing CA cert
I believe this has been addressed. We'll get links to the cert on the IAS portal page shortly, but for now you can download it directly from https://certificates.trustedservices.intel.com/Intel_SGX_Attestation_RootCA.pem
- Ensure the SPID you are using corresponds to your API key. If you started with the earlier versions of the sample that used the v2 API's (user certificates), be aware that you are issued new SPIDs for use with v3/API authentication.
- Ensure you are using the correct key and SPID for the quote type (linkable vs. unlinkable)
@jmechalas I am using v3 linkable keys (generated very recently, double checked) and that's how I configured it in my settings file. I have also tried the same for unlinkable keys, with appropiate config change.
@kss-espeo I see you are using the wget agent. I'll make another pass through the code and see if anything obvious jumps out. Do you get the same result if you use the curl agent?
Is there currently an easy way to change that? I don't believe so, since ./run-server -G
returns that:
root@espeo-kspisacki:/home/kspisacki/coding/sgx-ra-sample# ./run-server -G
Available user agents:
wget
Agent_curl implementation exists but it doesn't seem it is hooked anywhere.
You need to install the libcurl package on your system. It's detected by 'configure' and enabled in the software at build if the package is found. The README indicates which package is required.
I have installed everything as per README and indeed, libcurl4-openssl-dev
is installed on my system:
root@espeo-kspisacki:/home/kspisacki/coding/gardener-server# apt-get install libcurl4-openssl-dev
Czytanie list pakietów... Gotowe
Budowanie drzewa zależności
Odczyt informacji o stanie... Gotowe
libcurl4-openssl-dev is already the newest version (7.61.0-1ubuntu2.4).
And still, ./run-server -G
returns
root@espeo-kspisacki:/home/kspisacki/coding/sgx-ra-sample# ./run-server -G
Available user agents:
wget
I am using Ubuntu 18.10. Is this relevant, @jmechalas ? I can see docs only mentioning Ubuntu 16.04 and Ubuntu 18.04.
Something is amiss with 'configure' if it's not picking up the libcurl libraries. Can you post the output from configure (including what options, if any, you are sending to it)?
There you go, @jmechalas !
root@espeo-kspisacki:/home/kspisacki/coding/sgx-ra-sample# ./configure --with-openssldir=/opt/openssl/1.1.0i
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for g++... g++
checking whether the C++ compiler works... yes
checking for C++ compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of g++... gcc3
checking for gcc... gcc
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for ranlib... ranlib
configure: Found your Intel SGX SDK in /opt/intel/sgxsdk
configure: enabling SGX... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for xxd... /usr/bin/xxd
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/x509.h usability... yes
checking openssl/x509.h presence... yes
checking for openssl/x509.h... yes
checking openssl/pem.h usability... yes
checking openssl/pem.h presence... yes
checking for openssl/pem.h... yes
checking for library containing ECDSA_SIG_set0... -lcrypto
checking curl/curl.h usability... yes
checking curl/curl.h presence... yes
checking for curl/curl.h... yes
checking for library containing curl_easy_init... -lcurl
checking CA bundle file... /etc/ssl/certs/ca-certificates.crt
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating mrsigner.sh
config.status: creating run-server
config.status: creating run-client
config.status: creating Makefile
config.status: creating Enclave/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
checking curl/curl.h usability... yes
checking curl/curl.h presence... yes
checking for curl/curl.h... yes
checking for library containing curl_easy_init... -lcurl
Based on this, it should be adding curl as a user agent. These are the only requirements. I think a make clean
followed by a remake might be a good idea here, just to ensure we are working from a known, clean build.
It worked now!
---- IAS report HTTP Response ----------------------------------------------
HTTP/1.1 200 OK
Content-Length: 1169
Content-Type: application/json
Request-ID: dea8014fdd084c1b9b1211fc4001edb6
It is myserious to me why, though. I have done make clean
in the past with no luck. I would imagine that either combination of including https://certificates.trustedservices.intel.com/Intel_SGX_Attestation_RootCA.pem and running make clean
did the trick or something was changed in IAS API (unlikely)!
Anyway, thanks for your help @jmechalas .
Steps to reproduce:
./run-server
script./run-client
scriptIt seems that interface of IAS
report
method has changed since this code was written. API documentation (https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf , section 4.2) sems to confirm that - it requires multiple fields but in the sample code onlyisvEnclaveQuote
is set:payload.insert(make_pair("isvEnclaveQuote", b64quote));
I have tried to fix it on my own like this:
... but my request failed with same error.
Can I get some assistance with that please? What I'm after is not necessary fixed code of
sgx-ra-sample
, but just being able to successfully finish attestation process manually.Also I suggest enhancing error handling on IAS side - just returning 400 with no error message is not very descriptive.