Performing remote attestation

[gmatesunny]

Now I have mbed-tls HTTPS server(SGX), How SP (clients, Non SGX) could perform Intel SGX remote attestation of the server. The example here uses https://github.com/intel/linux-sgx TCP sockets for communication. Any insight into how It could be achieved ?

[bl4ck5un]

You can find an example of attestation in the Town Crier project I maintain.

• app: https://github.com/bl4ck5un/Town-Crier/blob/master/src/App/attestation.cpp
• enclave: https://github.com/bl4ck5un/Town-Crier/blob/master/src/Enclave/ecall_attestation.cpp
• query IAS: https://github.com/bl4ck5un/Town-Crier/blob/master/scripts/ias_prod.py

[gmatesunny]

Great, i understood most of the things but what is #include "external/keccak.h" and the corresponding .c file. What is happening in this file.

[bl4ck5un]

keccak.h is mostly about SHA3.

[gmatesunny]

I have an extremely newbie question: How to generate hex format like this 0x03, 0xD4, 0x81, 0x28,

0x36, 0x6F, 0x1C, 0xD7,

0x4F, 0xCA, 0x49, 0x0D,

0x9B, 0x85, 0xB6, 0xAB

from spid. Also the spid i received is 32 character long(32bytes). When I convert to hex it becomes 64 character long(64 bytes).
How to make it to specify as you did i.e. 16 byte length.

[bl4ck5un]

IIRC, epid comes as a hex string. The above format is also just a hex string with "0x" appended and "," added.

[gmatesunny]

Your SPID is: 998FCFAA0B8F4A426288E3ADCE41AE4D ---> This is what I got on registration to IAS.
and in your src/App/attestation.cpp, you have made a variable spid_tc. How you got this value?

uint8_t spid_tc[16] = {
0x03, 0xD4, 0x81, 0x28,
0x36, 0x6F, 0x1C, 0xD7,
0x4F, 0xCA, 0x49, 0x0D,
0x9B, 0x85, 0xB6, 0xAB,
};

I am getting confused. I know epid is retrieved by calling sgx_get_extended_epid_group_id(), is this spid_tc is the same value in hex ? If this is the epid, where should I specify spid. I do not see any such variable in ias_prod.py.

[bl4ck5un]

I can't recall... It could be just { 0x99, 0x8F, 0xCF... }