SafeTrace icon indicating copy to clipboard operation
SafeTrace copied to clipboard

Published 20 hours ago verified publisher icon scrtlabs

getEnclaveReport request error

Open sbellem opened this issue 4 years ago • 0 comments

When trying out the client requests as documented under https://github.com/enigmampc/SafeTrace/tree/master/client, all requests work except for the getEnclaveReport one.

Ouput from curl request:

$ curl -H "Content-Type: application/json" -d '{"jsonrpc": "2.0", "id":1, "method":"getEnclaveReport", "params": {}}' localhost:8080 | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   293  100   224  100    69    209     64  0:00:01  0:00:01 --:--:--   274
{
    "id": 1,
    "jsonrpc": "2.0",
    "result": {
        "id": "3f48210191",
        "msg": "https://sgx.enigma.co/api: error trying to connect: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:s23_clnt.c:802:",
        "type": "Error"
    }
}

Ouput from api server:

~/code/enigmampc/SafeTrace/api-server$ node index.js
Message received
{ id: '3f48210191',
  type: 'Error',
  msg: 'https://sgx.enigma.co/api: error trying to connect: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:s23_clnt.c:802:' }

Output from enclave:

"AgAAAFsLAAALAAoAAAAAALAzX9O8HMqPgE65imQgWS1lHK3mNnKQnQwoiM3et6SCCRD//wECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAALXFe8rwvwMuyB94qFQx0P6/6d1TL5KaYt0aI/yU7Gv4 ... PvpbcJTuMBNNd1rFwqfdRgRZe3BPdH9n+FWyIFobrhgUhKR0OamKfDBm0DTUXh7mGCk7OCSyTZUhmpApu1Gwmm8lLs+D9jFq8iykPnGvWMbIJzAQ7K5pR4bwuhquE8QLf5c3MKSNMa76EG/6RbG/TzWd8V85bTiO0wk2Hqvs5N1L/GOzt"

I wonder why it's going through https://sgx.enigma.co/api ...

When I tried a day earlier, same build, I was getting a 500 error, with no reference to https://sgx.enigma.co/api.

Sending requests to https://sgx.enigma.co/api requires an authentication token, so I guess the first question is:

Is there something wrong with my setup? Is this normal that it's trying to send requests to https://sgx.enigma.co/api?

The next questions will depend on the answer to the question above, but if going through https://sgx.enigma.co/api was somehow "as expected" then how does one obtain an authentication token?

https://sgx.enigma.co/api is the ATTESTATION_SERVICE_URL as per https://github.com/enigmampc/SafeTrace/blob/60c6f2a6c07b2c6e7cb54174c3d0c987ff961dfa/enclave/safetrace/app/src/networking/ipc_listener.rs#L112

defined in enigma-core, https://github.com/enigmampc/enigma-core/blob/develop/enigma-tools-u/src/attestation_service/constants.rs#L1-L2

// the attestation service end-point
pub const ATTESTATION_SERVICE_URL: &str = "https://sgx.enigma.co/api";

Related questions

  1. Which version of the Attestation API is being used? (For instance, if I understand correctly, the latest is defined in https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf)

  2. The code that sends the request for a report, in enigma-core ( https://github.com/enigmampc/enigma-core/blob/3c04c2625741daa693cdc1a867db03bc1dc3ead2/enigma-tools-u/src/attestation_service/service.rs#L128-L138) constructs the request like so:

    pub fn build_request(&self, quote: String) -> QuoteRequest {
    QuoteRequest {
        jsonrpc: "2.0".to_string(),
        method: "validate".to_string(),
        params: Params {
            quote,
            production: true,
        },
        id: 1,
    }
}

    Is the request parameter production specific to enigma or is this because an older API version supported this parameter?

  3. Why is engima-core archived? Is there a replacement? Question is also asked in #92.

sbellem avatar Aug 12 '20 20:08 sbellem