Why we need the enclave identity of initiator or responder in DH secure session establishment?

Question

I'm developing a sgx application using sgx_dh API. The workflow can be summarized as follows (two roles here are dh_initiator, dh_i in short, and dh_responder, ie, dh_r.):

step0: Initiate session in dh_i and dh_r side;

step1: dh_r generates msg1 contains g_a and sends msg1 to dh_i;

step2: dh_i processes msg1 and generates msg2 containing g_b, and sends msg2 to dh_r;

step3: dh_r processes msg2 and genertaes msg3 including affirm of the sharing key, and then sends msg3 to dh_i;

step4: dh_i processes msg3. DH key exchange has done.

In step3, the dh_r will output a sgx_dh_session_enclave_identity_t type variable, and so as to dh_i in step4 that outputs a variable in the same type. According to the SGX Developer Reference, the two variables are used in dh session establishment.

But I cannot figure out where they will BE USED since they are generated when the key exchange and enclave authentication has done.

Any suggestion or hint is appreciated, and if any misunderstanding here, please correct me kindly. Thanks so much~

Answer 1

These two variables are provided to explicit the values you should verify to ensure you're communicating with the correct enclaves (you may check how they are used in the LocalAttestation sample: https://github.com/intel/linux-sgx/blob/62b116c502b09b125db9acc965694d3ecff8e698/SampleCode/LocalAttestation/EnclaveInitiator/EnclaveMessageExchange.cpp#L133-L144 ).

They are not here to be passed to other functions of the dh exchange protocol provided by the sdk, you should process them "manually" and define your own acceptation policy before relying on the secure channel established.