Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAS report signature verification #5

Open
sbellem opened this issue Mar 12, 2021 · 0 comments
Open

IAS report signature verification #5

sbellem opened this issue Mar 12, 2021 · 0 comments

Comments

@sbellem
Copy link
Collaborator

sbellem commented Mar 12, 2021

From https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf:

4.2.2 Report Signature

The Attestation Verification Report is cryptographically signed by Report Signing Key (owned by the Attestation Service) using the RSA-SHA256 algorithm. The signature is calculated over the entire body of the HTTP response. Base 64-encoded signature is then returned in a custom HTTP response header X-IASReport-Signature. To verify the signature over the report, you should the following steps:

  1. Decode and verify the Report Signing Certificate Chain that was sent together with the report (see Report Signing Certificate Chain for details). Verify that the chain is rooted in a trusted Attestation Report Signing CA Certificate (available to download [from Development (DEV) attestation service portal] upon successful registration to IAS).
  2. Optionally, verify that the certificates in the chain have not been revoked (using CRLs indicated in the certificates)
  3. Verify the signature over the report using Attestation Report Signing Certificate.

4.2.3 Report Signing Certificate Chain

The public part of Report Key is distributed in the form of an x.509 digital certificate called Attestation Report Signing Certificate. It is a leaf certificate issued by the Attestation Report Signing CA Certificate:

  1. Attestation Report Signing CA Certificate: CN=Intel SGX Attestation Report Signing CA, O=Intel Corporation, L=Santa Clara, ST=CA, C=US
  2. Attestation Report Signing Certificate: CN=Intel SGX Attestation Report Signing, O=Intel Corporation, L=Santa Clara, ST=CA, C=US

A PEM-encoded certificate chain consisting of Attestation Report Signing Certificate and Attestation Report Signing CA Certificate is returned in a custom HTTP response header X-IASReport-Signing-Certificate.

The attestation report root CA certificate can be obtained at https://api.portal.trustedservices.intel.com/EPID-attestation. Look for the line:

Attestation Report Root CA Certificate: DER PEM

Implementation

See example (C++): https://github.com/hyperledger-labs/private-data-objects/blob/04d6b93737bc2c0446d292a028087ef4fb365ca7/common/crypto/verify_ias_report/verify-report.cpp

If using Python, some options are:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sbellem