Skip to content

S
sgxwallet
Unverified Commit 034366cd authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge branch 'develop' into bug/SKALE-2977-sgx-crash

parents 4bace098 4fcda5df
Show whitespace changes
Inline Side-by-side
Showing with 1463 additions and 918 deletions
CSRManagerServer.cpp
View file @ 034366cd
...@@ -106,12 +106,10 @@ Json::Value signByHashImpl(const string &hash, int status) { ...@@ -106,12 +106,10 @@ Json::Value signByHashImpl(const string &hash, int status) {
} }
Json::Value CSRManagerServer::getUnsignedCSRs() { Json::Value CSRManagerServer::getUnsignedCSRs() {
LOCK(m)
return getUnsignedCSRsImpl(); return getUnsignedCSRsImpl();
} }
Json::Value CSRManagerServer::signByHash(const string &hash, int status) { Json::Value CSRManagerServer::signByHash(const string &hash, int status) {
LOCK(m)
return signByHashImpl(hash, status); return signByHashImpl(hash, status);
} }
......
DKGCrypto.cpp
View file @ 034366cd
...@@ -35,6 +35,8 @@ ...@@ -35,6 +35,8 @@
#include "third_party/spdlog/spdlog.h" #include "third_party/spdlog/spdlog.h"
#include "common.h" #include "common.h"
vector<string> splitString(const char *coeffs, const char symbol) { vector<string> splitString(const char *coeffs, const char symbol) {
string str(coeffs); string str(coeffs);
string delim; string delim;
...@@ -164,7 +166,7 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol ...@@ -164,7 +166,7 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
} }
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), &encLen); status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
if (status != SGX_SUCCESS || errStatus != 0) { if (status != SGX_SUCCESS || errStatus != 0) {
throw SGXException(-666, errMsg1.data()); throw SGXException(-666, errMsg1.data());
......
ECDSACrypto.cpp
View file @ 034366cd
...@@ -177,8 +177,6 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha ...@@ -177,8 +177,6 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
string pubKeyStr = ""; string pubKeyStr = "";
shared_ptr<SGXException> exception = NULL;
if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) { if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
} }
...@@ -197,6 +195,7 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha ...@@ -197,6 +195,7 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
spdlog::error("failed to sign in enclave {}", status); spdlog::error("failed to sign in enclave {}", status);
throw SGXException(666, "failed to sign"); throw SGXException(666, "failed to sign");
} }
signatureVector.at(0) = to_string(signatureV); signatureVector.at(0) = to_string(signatureV);
if (base == 16) { if (base == 16) {
signatureVector.at(1) = "0x" + string(signatureR.data()); signatureVector.at(1) = "0x" + string(signatureR.data());
...@@ -210,10 +209,17 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha ...@@ -210,10 +209,17 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
pubKeyStr = getECDSAPubKey(encryptedKeyHex); pubKeyStr = getECDSAPubKey(encryptedKeyHex);
static uint64_t i = 0;
i++;
if (i % 1000 == 0) {
if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) { if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
spdlog::error("failed to verify ecdsa signature"); spdlog::error("failed to verify ecdsa signature");
throw SGXException(667, "ECDSA did not verify"); throw SGXException(667, "ECDSA did not verify");
} }
}
return signatureVector; return signatureVector;
} }
Log.h
View file @ 034366cd
...@@ -41,7 +41,6 @@ ...@@ -41,7 +41,6 @@
#include "common.h" #include "common.h"
#include <mutex> // For std::unique_lock
#include <shared_mutex> #include <shared_mutex>
using namespace std; using namespace std;
...@@ -74,13 +73,11 @@ public: ...@@ -74,13 +73,11 @@ public:
static void handleSGXException(Json::Value &_result, SGXException &_e); static void handleSGXException(Json::Value &_result, SGXException &_e);
}; };
#define INIT_RESULT(__RESULT__) Json::Value __RESULT__; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = ""; #define INIT_RESULT(__RESULT__) Json::Value __RESULT__; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = \
"Server error. Please see server log.";
#define RESULT_SUCCESS(__RESULT__) ; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = "";
#define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \ #define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
catch (exception &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();} catch (exception &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
#define READ_LOCK(__M__) ReadLock __rlock(__M__);
#define WRITE_LOCK(__M__) WriteLock __wlock(__M__);
#define LOCK(__M__) lock_guard<recursive_mutex> lock(__M__);
#endif #endif
SGXRegistrationServer.cpp
View file @ 034366cd
...@@ -153,13 +153,11 @@ Json::Value getCertificateImpl(const string &hash) { ...@@ -153,13 +153,11 @@ Json::Value getCertificateImpl(const string &hash) {
Json::Value SGXRegistrationServer::SignCertificate(const string &csr) { Json::Value SGXRegistrationServer::SignCertificate(const string &csr) {
spdlog::info(__FUNCTION__); spdlog::info(__FUNCTION__);
LOCK(m)
return signCertificateImpl(csr, autoSign); return signCertificateImpl(csr, autoSign);
} }
Json::Value SGXRegistrationServer::GetCertificate(const string &hash) { Json::Value SGXRegistrationServer::GetCertificate(const string &hash) {
spdlog::info(__FUNCTION__); spdlog::info(__FUNCTION__);
LOCK(m)
return getCertificateImpl(hash); return getCertificateImpl(hash);
} }
......
SGXWalletServer.cpp
View file @ 034366cd
...@@ -674,17 +674,14 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const std::string& name) { ...@@ -674,17 +674,14 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const std::string& name) {
} }
Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) { Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
WRITE_LOCK(m)
return generateDKGPolyImpl(_polyName, _t); return generateDKGPolyImpl(_polyName, _t);
} }
Json::Value SGXWalletServer::getVerificationVector(const string &_polynomeName, int _t, int _n) { Json::Value SGXWalletServer::getVerificationVector(const string &_polynomeName, int _t, int _n) {
WRITE_LOCK(m)
return getVerificationVectorImpl(_polynomeName, _t, _n); return getVerificationVectorImpl(_polynomeName, _t, _n);
} }
Json::Value SGXWalletServer::getSecretShare(const string &_polyName, const Json::Value &_publicKeys, int t, int n) { Json::Value SGXWalletServer::getSecretShare(const string &_polyName, const Json::Value &_publicKeys, int t, int n) {
WRITE_LOCK(m)
return getSecretShareImpl(_polyName, _publicKeys, t, n); return getSecretShareImpl(_polyName, _publicKeys, t, n);
} }
...@@ -692,39 +689,32 @@ Json::Value ...@@ -692,39 +689,32 @@ Json::Value
SGXWalletServer::dkgVerification(const string &_publicShares, const string &ethKeyName, const string &SecretShare, SGXWalletServer::dkgVerification(const string &_publicShares, const string &ethKeyName, const string &SecretShare,
int t, int t,
int n, int index) { int n, int index) {
WRITE_LOCK(m)
return dkgVerificationImpl(_publicShares, ethKeyName, SecretShare, t, n, index); return dkgVerificationImpl(_publicShares, ethKeyName, SecretShare, t, n, index);
} }
Json::Value Json::Value
SGXWalletServer::createBLSPrivateKey(const string &blsKeyName, const string &ethKeyName, const string &polyName, SGXWalletServer::createBLSPrivateKey(const string &blsKeyName, const string &ethKeyName, const string &polyName,
const string &SecretShare, int t, int n) { const string &SecretShare, int t, int n) {
WRITE_LOCK(m)
return createBLSPrivateKeyImpl(blsKeyName, ethKeyName, polyName, SecretShare, t, n); return createBLSPrivateKeyImpl(blsKeyName, ethKeyName, polyName, SecretShare, t, n);
} }
Json::Value SGXWalletServer::getBLSPublicKeyShare(const string &blsKeyName) { Json::Value SGXWalletServer::getBLSPublicKeyShare(const string &blsKeyName) {
READ_LOCK(m)
return getBLSPublicKeyShareImpl(blsKeyName); return getBLSPublicKeyShareImpl(blsKeyName);
} }
Json::Value SGXWalletServer::generateECDSAKey() { Json::Value SGXWalletServer::generateECDSAKey() {
WRITE_LOCK(m)
return generateECDSAKeyImpl(); return generateECDSAKeyImpl();
} }
Json::Value SGXWalletServer::renameECDSAKey(const string &_keyName, const string &_tmpKeyName) { Json::Value SGXWalletServer::renameECDSAKey(const string &_keyName, const string &_tmpKeyName) {
WRITE_LOCK(m)
return renameECDSAKeyImpl(_keyName, _tmpKeyName); return renameECDSAKeyImpl(_keyName, _tmpKeyName);
} }
Json::Value SGXWalletServer::getPublicECDSAKey(const string &_keyName) { Json::Value SGXWalletServer::getPublicECDSAKey(const string &_keyName) {
READ_LOCK(m)
return getPublicECDSAKeyImpl(_keyName); return getPublicECDSAKeyImpl(_keyName);
} }
Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyShareName, const string &_messageHash) { Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyShareName, const string &_messageHash) {
READ_LOCK(m)
spdlog::debug("MessageHash first {}", _messageHash); spdlog::debug("MessageHash first {}", _messageHash);
return ecdsaSignMessageHashImpl(_base, _keyShareName, _messageHash); return ecdsaSignMessageHashImpl(_base, _keyShareName, _messageHash);
} }
...@@ -732,48 +722,39 @@ Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyS ...@@ -732,48 +722,39 @@ Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyS
Json::Value Json::Value
SGXWalletServer::importBLSKeyShare(const string &_keyShare, const string &_keyShareName, int _t, int _n, SGXWalletServer::importBLSKeyShare(const string &_keyShare, const string &_keyShareName, int _t, int _n,
int index) { int index) {
WRITE_LOCK(m)
return importBLSKeyShareImpl(_keyShare, _keyShareName, _t, _n, index); return importBLSKeyShareImpl(_keyShare, _keyShareName, _t, _n, index);
} }
Json::Value SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n, Json::Value SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n,
int _signerIndex) { int _signerIndex) {
READ_LOCK(m)
return blsSignMessageHashImpl(_keyShareName, _messageHash, _t, _n, _signerIndex); return blsSignMessageHashImpl(_keyShareName, _messageHash, _t, _n, _signerIndex);
} }
Json::Value SGXWalletServer::importECDSAKey(const string &_key, const string &_keyName) { Json::Value SGXWalletServer::importECDSAKey(const string &_key, const string &_keyName) {
WRITE_LOCK(m)
return importECDSAKeyImpl(_key, _keyName); return importECDSAKeyImpl(_key, _keyName);
} }
Json::Value SGXWalletServer::complaintResponse(const string &polyName, int ind) { Json::Value SGXWalletServer::complaintResponse(const string &polyName, int ind) {
WRITE_LOCK(m)
return complaintResponseImpl(polyName, ind); return complaintResponseImpl(polyName, ind);
} }
Json::Value SGXWalletServer::multG2(const string &x) { Json::Value SGXWalletServer::multG2(const string &x) {
WRITE_LOCK(m)
return multG2Impl(x); return multG2Impl(x);
} }
Json::Value SGXWalletServer::isPolyExists(const string &polyName) { Json::Value SGXWalletServer::isPolyExists(const string &polyName) {
WRITE_LOCK(m)
return isPolyExistsImpl(polyName); return isPolyExistsImpl(polyName);
} }
Json::Value SGXWalletServer::getServerStatus() { Json::Value SGXWalletServer::getServerStatus() {
READ_LOCK(m)
return getServerStatusImpl(); return getServerStatusImpl();
} }
Json::Value SGXWalletServer::getServerVersion() { Json::Value SGXWalletServer::getServerVersion() {
READ_LOCK(m)
return getServerVersionImpl(); return getServerVersionImpl();
} }
Json::Value SGXWalletServer::deleteBlsKey(const std::string& name) { Json::Value SGXWalletServer::deleteBlsKey(const std::string& name) {
READ_LOCK(m)
return deleteBlsKeyImpl(name); return deleteBlsKeyImpl(name);
} }
......
SGXWalletServer.hpp
View file @ 034366cd
...@@ -24,13 +24,8 @@ ...@@ -24,13 +24,8 @@
#ifndef SGXWALLET_SGXWALLETSERVER_HPP #ifndef SGXWALLET_SGXWALLETSERVER_HPP
#define SGXWALLET_SGXWALLETSERVER_HPP #define SGXWALLET_SGXWALLETSERVER_HPP
#include <boost/thread/locks.hpp>
#include <boost/thread/shared_mutex.hpp> #include <boost/thread/shared_mutex.hpp>
typedef boost::shared_mutex Lock;
typedef boost::unique_lock< Lock > WriteLock;
typedef boost::shared_lock< Lock > ReadLock;
#include <jsonrpccpp/server/connectors/httpserver.h> #include <jsonrpccpp/server/connectors/httpserver.h>
#include <mutex> #include <mutex>
#include "abstractstubserver.h" #include "abstractstubserver.h"
...@@ -42,8 +37,6 @@ using namespace std; ...@@ -42,8 +37,6 @@ using namespace std;
#define TOSTRING(x) STRINGIFY(x) #define TOSTRING(x) STRINGIFY(x)
class SGXWalletServer : public AbstractStubServer { class SGXWalletServer : public AbstractStubServer {
Lock m;
static shared_ptr<SGXWalletServer> server; static shared_ptr<SGXWalletServer> server;
static shared_ptr<HttpServer> httpServer; static shared_ptr<HttpServer> httpServer;
public: public:
......
VERSION
View file @ 034366cd
1.55.0 1.56.0
\ No newline at end of file
scripts/docker_test.py
View file @ 034366cd
...@@ -53,23 +53,25 @@ assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/ ...@@ -53,23 +53,25 @@ assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/
time.sleep(5); time.sleep(5);
assert os.path.isdir(topDir + '/sgx_data/sgxwallet.db') #
assert os.path.isdir(topDir + '/sgx_data/cert_data'); #
assert os.path.isdir(topDir + '/sgx_data/CSR_DB'); #assert os.path.isdir(topDir + '/sgx_data/sgxwallet.db')
assert os.path.isdir(topDir + '/sgx_data/CSR_STATUS_DB'); #assert os.path.isdir(topDir + '/sgx_data/cert_data');
assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.crt') #assert os.path.isdir(topDir + '/sgx_data/CSR_DB');
assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.key') #assert os.path.isdir(topDir + '/sgx_data/CSR_STATUS_DB');
assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.pem') #assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.crt')
assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.key') #assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.key')
#assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.pem')
#assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.key')
s1 = socket.socket() #s1 = socket.socket()
s2 = socket.socket() #s2 = socket.socket()
s3 = socket.socket() #s3 = socket.socket()
address = '127.0.0.1' #address = '127.0.0.1'
s1.connect((address, 1026)) #s1.connect((address, 1026))
s2.connect((address, 1027)) #s2.connect((address, 1027))
s3.connect((address, 1028)) #s3.connect((address, 1028))
s1.close() #s1.close()
s2.close() #s2.close()
s3.close() #s3.close()
secure_enclave/AESUtils.c
View file @ 034366cd
...@@ -29,8 +29,29 @@ ...@@ -29,8 +29,29 @@
#include "AESUtils.h" #include "AESUtils.h"
int AES_encrypt(char *message, uint8_t *encr_message) { int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt");
return -2;
}
auto len = strlen(message);
if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
auto msgLen = strlen(message);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message), sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
...@@ -40,9 +61,23 @@ int AES_encrypt(char *message, uint8_t *encr_message) { ...@@ -40,9 +61,23 @@ int AES_encrypt(char *message, uint8_t *encr_message) {
return status; return status;
} }
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message) { int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
return -1;
}
uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE; uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
if (msgLen < len) {
LOG_ERROR("Output buffer not large enough");
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
message, message,
......
secure_enclave/AESUtils.h
View file @ 034366cd
...@@ -26,8 +26,8 @@ ...@@ -26,8 +26,8 @@
sgx_aes_gcm_128bit_key_t AES_key; sgx_aes_gcm_128bit_key_t AES_key;
int AES_encrypt(char *message, uint8_t *encr_message); int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message); int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
#endif //SGXD_AESUTILS_H #endif //SGXD_AESUTILS_H
secure_enclave/DKGUtils.cpp
View file @ 034366cd
...@@ -26,7 +26,9 @@ ...@@ -26,7 +26,9 @@
#ifdef USER_SPACE #ifdef USER_SPACE
#include <gmp.h> #include <gmp.h>
#else #else
#include <../tgmp-build/include/sgx_tgmp.h> #include <../tgmp-build/include/sgx_tgmp.h>
#endif #endif
#include <../SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp> #include <../SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
...@@ -37,12 +39,16 @@ ...@@ -37,12 +39,16 @@
#include "EnclaveConstants.h" #include "EnclaveConstants.h"
#include <cstdio> #include <cstdio>
#include <stdio.h> #include <stdio.h>
#include "EnclaveCommon.h"
#include "DHDkg.h" #include "DHDkg.h"
using namespace std; using namespace std;
string stringFromFr(const libff::alt_bn128_Fr& _el) { string stringFromFr(const libff::alt_bn128_Fr &_el) {
try {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
...@@ -54,25 +60,44 @@ string stringFromFr(const libff::alt_bn128_Fr& _el) { ...@@ -54,25 +60,44 @@ string stringFromFr(const libff::alt_bn128_Fr& _el) {
mpz_clear(t); mpz_clear(t);
return string(tmp); return string(tmp);
} catch (exception &e) {
LOG_ERROR(e.what());
return "";
} catch (...) {
LOG_ERROR("Unknown throwable");
return "";
}
} }
template<class T> string ConvertToString(const T& field_elem, int base = 10) { template<class T>
string ConvertToString(const T &field_elem, int base = 10) {
try {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
field_elem.as_bigint().to_mpz(t); field_elem.as_bigint().to_mpz(t);
char arr[mpz_sizeinbase (t, base) + 2]; char arr[mpz_sizeinbase(t, base) + 2];
char * tmp = mpz_get_str(arr, base, t); char *tmp = mpz_get_str(arr, base, t);
mpz_clear(t); mpz_clear(t);
string output = tmp; string output = tmp;
return output; return output;
} catch (exception &e) {
LOG_ERROR(e.what());
return "";
} catch (...) {
LOG_ERROR("Unknown throwable");
return "";
}
} }
string ConvertG2ToString(const libff::alt_bn128_G2 & elem, int base = 10, const string& delim = ":") { string ConvertG2ToString(const libff::alt_bn128_G2 &elem, int base = 10, const string &delim = ":") {
try {
string result; string result;
result += ConvertToString(elem.X.c0); result += ConvertToString(elem.X.c0);
result += delim; result += delim;
...@@ -83,32 +108,49 @@ string ConvertG2ToString(const libff::alt_bn128_G2 & elem, int base = 10, const ...@@ -83,32 +108,49 @@ string ConvertG2ToString(const libff::alt_bn128_G2 & elem, int base = 10, const
result += ConvertToString(elem.Y.c1); result += ConvertToString(elem.Y.c1);
return result; return result;
} catch (exception &e) {
LOG_ERROR(e.what());
return nullptr;
} catch (...) {
LOG_ERROR("Unknown throwable");
return nullptr;
}
} }
vector<libff::alt_bn128_Fr> SplitStringToFr(const char* coeffs, const char symbol) { vector <libff::alt_bn128_Fr> SplitStringToFr(const char *coeffs, const char symbol) {
vector <libff::alt_bn128_Fr> tokens;
try {
string str(coeffs); string str(coeffs);
string delim; string delim;
delim.push_back(symbol); delim.push_back(symbol);
vector<libff::alt_bn128_Fr> tokens;
size_t prev = 0, pos = 0; size_t prev = 0, pos = 0;
do do {
{
pos = str.find(delim, prev); pos = str.find(delim, prev);
if (pos == string::npos) pos = str.length(); if (pos == string::npos) pos = str.length();
string token = str.substr(prev, pos-prev); string token = str.substr(prev, pos - prev);
if (!token.empty()) { if (!token.empty()) {
libff::alt_bn128_Fr coeff(token.c_str()); libff::alt_bn128_Fr coeff(token.c_str());
tokens.push_back(coeff); tokens.push_back(coeff);
} }
prev = pos + delim.length(); prev = pos + delim.length();
} } while (pos < str.length() && prev < str.length());
while (pos < str.length() && prev < str.length());
return tokens; return tokens;
} catch (exception &e) {
LOG_ERROR(e.what());
return tokens;
} catch (...) {
LOG_ERROR("Unknown throwable");
return tokens;
}
} }
int gen_dkg_poly( char* secret, unsigned _t ) { int gen_dkg_poly(char *secret, unsigned _t) {
libff::init_alt_bn128_params(); try {
string result; string result;
for (size_t i = 0; i < _t; ++i) { for (size_t i = 0; i < _t; ++i) {
libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element(); libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element();
...@@ -126,11 +168,24 @@ int gen_dkg_poly( char* secret, unsigned _t ) { ...@@ -126,11 +168,24 @@ int gen_dkg_poly( char* secret, unsigned _t ) {
} }
return 0; return 0;
} catch (exception &e) {
LOG_ERROR(e.what());
return 1;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 1;
}
} }
libff::alt_bn128_Fr PolynomialValue(const vector<libff::alt_bn128_Fr>& pol, libff::alt_bn128_Fr point, unsigned _t) { libff::alt_bn128_Fr PolynomialValue(const vector <libff::alt_bn128_Fr> &pol, libff::alt_bn128_Fr point, unsigned _t) {
libff::alt_bn128_Fr value = libff::alt_bn128_Fr::zero(); libff::alt_bn128_Fr value = libff::alt_bn128_Fr::zero();
try {
libff::alt_bn128_Fr pow = libff::alt_bn128_Fr::one(); libff::alt_bn128_Fr pow = libff::alt_bn128_Fr::one();
for (unsigned i = 0; i < pol.size(); ++i) { for (unsigned i = 0; i < pol.size(); ++i) {
value += pol[i] * pow; value += pol[i] * pow;
...@@ -138,14 +193,26 @@ libff::alt_bn128_Fr PolynomialValue(const vector<libff::alt_bn128_Fr>& pol, libf ...@@ -138,14 +193,26 @@ libff::alt_bn128_Fr PolynomialValue(const vector<libff::alt_bn128_Fr>& pol, libf
} }
return value; return value;
} catch (exception &e) {
LOG_ERROR(e.what());
return value;
} catch (...) {
LOG_ERROR("Unknown throwable");
return value;
}
} }
void calc_secret_shares(const char* decrypted_coeffs, char * secret_shares, // calculates secret shares in base 10 to a string secret_shares, void calc_secret_shares(const char *decrypted_coeffs,
char *secret_shares, // calculates secret shares in base 10 to a string secret_shares,
unsigned _t, unsigned _n) { // separated by ":" unsigned _t, unsigned _n) { // separated by ":"
// calculate for each node a list of secret values that will be used for verification // calculate for each node a list of secret values that will be used for verification
string result; string result;
char symbol = ':'; char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
try {
vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
for (size_t i = 0; i < _n; ++i) { for (size_t i = 0; i < _n; ++i) {
libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(i + 1), _t); libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(i + 1), _t);
...@@ -153,14 +220,23 @@ void calc_secret_shares(const char* decrypted_coeffs, char * secret_shares, ...@@ -153,14 +220,23 @@ void calc_secret_shares(const char* decrypted_coeffs, char * secret_shares,
result += ":"; result += ":";
} }
strncpy(secret_shares, result.c_str(), result.length() + 1); strncpy(secret_shares, result.c_str(), result.length() + 1);
} catch (exception &e) {
LOG_ERROR(e.what());
return;
} catch (...) {
LOG_ERROR("Unknown throwable");
return;
}
} }
int calc_secret_share(const char* decrypted_coeffs, char * s_share, int calc_secret_share(const char *decrypted_coeffs, char *s_share,
unsigned _t, unsigned _n, unsigned ind) { unsigned _t, unsigned _n, unsigned ind) {
libff::init_alt_bn128_params();
try {
char symbol = ':'; char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol); vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
if ( poly.size() != _t) { if (poly.size() != _t) {
return 1; return 1;
} }
...@@ -171,13 +247,22 @@ int calc_secret_share(const char* decrypted_coeffs, char * s_share, ...@@ -171,13 +247,22 @@ int calc_secret_share(const char* decrypted_coeffs, char * s_share,
strncpy(s_share, cur_share.c_str(), cur_share.length() + 1); strncpy(s_share, cur_share.c_str(), cur_share.length() + 1);
return 0; return 0;
} catch (exception &e) {
LOG_ERROR(e.what());
return 1;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 1;
}
} }
void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2, void calc_secret_shareG2_old(const char *decrypted_coeffs, char *s_shareG2,
unsigned _t, unsigned ind) { unsigned _t, unsigned ind) {
libff::init_alt_bn128_params();
try {
char symbol = ':'; char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol); vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t); libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
...@@ -186,20 +271,28 @@ void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2, ...@@ -186,20 +271,28 @@ void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2,
string secret_shareG2_str = ConvertG2ToString(secret_shareG2); string secret_shareG2_str = ConvertG2ToString(secret_shareG2);
strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1); strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
} catch (exception &e) {
LOG_ERROR(e.what());
} catch (...) {
LOG_ERROR("Unknown throwable");
}
} }
int calc_secret_shareG2(const char* s_share, char * s_shareG2) { int calc_secret_shareG2(const char *s_share, char *s_shareG2) {
libff::init_alt_bn128_params();
try {
mpz_t share; mpz_t share;
mpz_init(share); mpz_init(share);
if (mpz_set_str(share, s_share, 16) == -1){ if (mpz_set_str(share, s_share, 16) == -1) {
mpz_clear(share); mpz_clear(share);
return 1; return 1;
} }
char arr[mpz_sizeinbase (share, 10) + 2]; char arr[mpz_sizeinbase(share, 10) + 2];
char * share_str = mpz_get_str(arr, 10, share); char *share_str = mpz_get_str(arr, 10, share);
libff::alt_bn128_Fr secret_share(share_str); libff::alt_bn128_Fr secret_share(share_str);
...@@ -214,50 +307,82 @@ int calc_secret_shareG2(const char* s_share, char * s_shareG2) { ...@@ -214,50 +307,82 @@ int calc_secret_shareG2(const char* s_share, char * s_shareG2) {
mpz_clear(share); mpz_clear(share);
return 0; return 0;
} catch (exception &e) {
LOG_ERROR(e.what());
return 1;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 1;
}
} }
int calc_public_shares(const char* decrypted_coeffs, char * public_shares, int calc_public_shares(const char *decrypted_coeffs, char *public_shares,
unsigned _t) { unsigned _t) {
libff::init_alt_bn128_params();
try {
// calculate for each node a list of public shares // calculate for each node a list of public shares
string result; string result;
char symbol = ':'; char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol); vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
if (poly.size() != _t) { if (poly.size() != _t) {
return 1; return 1;
} }
for (size_t i = 0; i < _t; ++i) { for (size_t i = 0; i < _t; ++i) {
libff::alt_bn128_G2 pub_share = poly.at(i) * libff::alt_bn128_G2::one() ; libff::alt_bn128_G2 pub_share = poly.at(i) * libff::alt_bn128_G2::one();
pub_share.to_affine_coordinates(); pub_share.to_affine_coordinates();
string pub_share_str = ConvertG2ToString(pub_share); string pub_share_str = ConvertG2ToString(pub_share);
result += pub_share_str + ","; result += pub_share_str + ",";
} }
strncpy(public_shares, result.c_str(), result.length()); strncpy(public_shares, result.c_str(), result.length());
return 0; return 0;
} catch (exception &e) {
LOG_ERROR(e.what());
return 1;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 1;
}
} }
string ConvertHexToDec(string hex_str){ string ConvertHexToDec(string hex_str) {
try {
mpz_t dec; mpz_t dec;
mpz_init(dec); mpz_init(dec);
if (mpz_set_str(dec, hex_str.c_str(), 16) == -1){ if (mpz_set_str(dec, hex_str.c_str(), 16) == -1) {
mpz_clear(dec); mpz_clear(dec);
return "false"; return "";
} }
char arr[mpz_sizeinbase (dec, 10) + 2]; char arr[mpz_sizeinbase(dec, 10) + 2];
char * result = mpz_get_str(arr, 10, dec); char *result = mpz_get_str(arr, 10, dec);
mpz_clear(dec); mpz_clear(dec);
return result; return result;
} catch (exception &e) {
LOG_ERROR(e.what());
return "";
} catch (...) {
LOG_ERROR("Unknown throwable");
return "";
}
} }
int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind ) { int Verification(char *public_shares, mpz_t decr_secret_share, int _t, int ind) {
string pub_shares_str = public_shares;
libff::init_alt_bn128_params(); try {
vector<libff::alt_bn128_G2> pub_shares; string pub_shares_str = public_shares;
vector <libff::alt_bn128_G2> pub_shares;
uint64_t share_length = 256; uint64_t share_length = 256;
uint8_t coord_length = 64; uint8_t coord_length = 64;
...@@ -269,7 +394,7 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind ...@@ -269,7 +394,7 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind
string x_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length)); string x_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length));
string y_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length)); string y_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length));
string y_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length)); string y_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length));
if (x_c0_str == "false" || x_c1_str == "false" || y_c0_str == "false" || y_c1_str == "false"){ if (x_c0_str == "" || x_c1_str == "" || y_c0_str == "" || y_c1_str == "") {
return 2; return 2;
} }
pub_share.X.c0 = libff::alt_bn128_Fq(x_c0_str.c_str()); pub_share.X.c0 = libff::alt_bn128_Fq(x_c0_str.c_str());
...@@ -286,8 +411,8 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind ...@@ -286,8 +411,8 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind
val = val + power(libff::alt_bn128_Fr(ind + 1), i) * pub_shares[i]; val = val + power(libff::alt_bn128_Fr(ind + 1), i) * pub_shares[i];
} }
char arr[mpz_sizeinbase (decr_secret_share, 10) + 2]; char arr[mpz_sizeinbase(decr_secret_share, 10) + 2];
char * tmp = mpz_get_str(arr, 10, decr_secret_share); char *tmp = mpz_get_str(arr, 10, decr_secret_share);
libff::alt_bn128_Fr sshare(tmp); libff::alt_bn128_Fr sshare(tmp);
...@@ -300,14 +425,23 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind ...@@ -300,14 +425,23 @@ int Verification( char * public_shares, mpz_t decr_secret_share, int _t, int ind
val2.to_affine_coordinates(); val2.to_affine_coordinates();
strncpy(public_shares, ConvertToString(val.X.c0).c_str(), ConvertToString(val.X.c0).length()); strncpy(public_shares, ConvertToString(val.X.c0).c_str(), ConvertToString(val.X.c0).length());
strncpy(public_shares + ConvertToString(val.X.c0).length(), ":", 1); strncpy(public_shares + ConvertToString(val.X.c0).length(), ":", 1);
strncpy(public_shares + ConvertToString(val.X.c0).length() + 1, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length()); strncpy(public_shares + ConvertToString(val.X.c0).length() + 1, ConvertToString(val2.X.c0).c_str(),
ConvertToString(val2.X.c0).length());
return (val == sshare * libff::alt_bn128_G2::one()); return (val == sshare * libff::alt_bn128_G2::one());
} catch (exception &e) {
LOG_ERROR(e.what());
return 0;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 0;
}
} }
int calc_bls_public_key(char* skey_hex, char* pub_key) { int calc_bls_public_key(char *skey_hex, char *pub_key) {
libff::init_alt_bn128_params();
try {
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
if (mpz_set_str(skey, skey_hex, 16) == -1) { if (mpz_set_str(skey, skey_hex, 16) == -1) {
...@@ -315,7 +449,7 @@ int calc_bls_public_key(char* skey_hex, char* pub_key) { ...@@ -315,7 +449,7 @@ int calc_bls_public_key(char* skey_hex, char* pub_key) {
return 1; return 1;
} }
char skey_dec[mpz_sizeinbase (skey, 10) + 2]; char skey_dec[mpz_sizeinbase(skey, 10) + 2];
mpz_get_str(skey_dec, 10, skey); mpz_get_str(skey_dec, 10, skey);
libff::alt_bn128_Fr bls_skey(skey_dec); libff::alt_bn128_Fr bls_skey(skey_dec);
...@@ -330,4 +464,12 @@ int calc_bls_public_key(char* skey_hex, char* pub_key) { ...@@ -330,4 +464,12 @@ int calc_bls_public_key(char* skey_hex, char* pub_key) {
mpz_clear(skey); mpz_clear(skey);
return 0; return 0;
} catch (exception &e) {
LOG_ERROR(e.what());
return 1;
} catch (...) {
LOG_ERROR("Unknown throwable");
return 1;
}
} }
secure_enclave/EnclaveCommon.cpp
View file @ 034366cd
...@@ -36,7 +36,15 @@ ...@@ -36,7 +36,15 @@
using namespace std; using namespace std;
thread_local uint8_t decryptedDkgPoly[DKG_BUFER_LENGTH];
uint8_t *getThreadLocalDecryptedDkgPoly() {
return decryptedDkgPoly;
}
string *stringFromKey(libff::alt_bn128_Fr *_key) { string *stringFromKey(libff::alt_bn128_Fr *_key) {
try {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
...@@ -48,9 +56,17 @@ string *stringFromKey(libff::alt_bn128_Fr *_key) { ...@@ -48,9 +56,17 @@ string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_clear(t); mpz_clear(t);
return new string(tmp); return new string(tmp);
} catch (exception &e) {
LOG_ERROR(e.what());
return nullptr;
} catch (...) {
LOG_ERROR("Unknown throwable");
return nullptr;
}
} }
string *stringFromFq(libff::alt_bn128_Fq *_fq) { string *stringFromFq(libff::alt_bn128_Fq *_fq) {
try {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
...@@ -62,9 +78,18 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) { ...@@ -62,9 +78,18 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
mpz_clear(t); mpz_clear(t);
return new string(tmp); return new string(tmp);
} catch (exception &e) {
LOG_ERROR(e.what());
return nullptr;
} catch (...) {
LOG_ERROR("Unknown throwable");
return nullptr;
}
} }
string *stringFromG1(libff::alt_bn128_G1 *_g1) { string *stringFromG1(libff::alt_bn128_G1 *_g1) {
try {
_g1->to_affine_coordinates(); _g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X); auto sX = stringFromFq(&_g1->X);
...@@ -76,35 +101,59 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) { ...@@ -76,35 +101,59 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
delete (sY); delete (sY);
return sG1; return sG1;
} catch (exception &e) {
LOG_ERROR(e.what());
return nullptr;
} catch (...) {
LOG_ERROR("Unknown throwable");
return nullptr;
}
} }
libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) { libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) {
try {
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
mpz_set_str(skey, _keyStringHex, 16); mpz_set_str(skey, _keyStringHex, 16);
char skey_dec[mpz_sizeinbase (skey, 10) + 2]; char skey_dec[mpz_sizeinbase(skey, 10) + 2];
mpz_get_str(skey_dec, 10, skey); mpz_get_str(skey_dec, 10, skey);
mpz_clear(skey); mpz_clear(skey);
return new libff::alt_bn128_Fr(skey_dec); return new libff::alt_bn128_Fr(skey_dec);
} catch (exception &e) {
LOG_ERROR(e.what());
return nullptr;
} catch (...) {
LOG_ERROR("Unknown throwable");
return nullptr;
}
} }
int inited = 0; int inited = 0;
domain_parameters curve;
void enclave_init() { void enclave_init() {
if (inited == 1) if (inited == 1)
return; return;
inited = 1; inited = 1;
libff::init_alt_bn128_params(); libff::init_alt_bn128_params();
curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
} }
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString, bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
char* sig) { char *sig) {
try {
auto key = keyFromString(_keyString); auto key = keyFromString(_keyString);
if (key == nullptr) { if (key == nullptr) {
throw exception(); throw invalid_argument("Null key");
} }
libff::alt_bn128_Fq hashX(_hashXString); libff::alt_bn128_Fq hashX(_hashXString);
...@@ -128,6 +177,15 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char * ...@@ -128,6 +177,15 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
delete r; delete r;
return true; return true;
} catch (exception &e) {
LOG_ERROR(e.what());
return false;
} catch (...) {
LOG_ERROR("Unknown throwable");
return false;
}
} }
void carray2Hex(const unsigned char *d, int _len, char* _hexArray) { void carray2Hex(const unsigned char *d, int _len, char* _hexArray) {
...@@ -152,8 +210,8 @@ int char2int(char _input) { ...@@ -152,8 +210,8 @@ int char2int(char _input) {
return -1; return -1;
} }
bool hex2carray2(const char * _hex, uint64_t *_bin_len, bool hex2carray2(const char *_hex, uint64_t *_bin_len,
uint8_t* _bin, const int _max_length ) { uint8_t *_bin, const int _max_length) {
int len = strnlen(_hex, _max_length); int len = strnlen(_hex, _max_length);
if (len == 0 && len % 2 == 1) if (len == 0 && len % 2 == 1)
...@@ -162,8 +220,8 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len, ...@@ -162,8 +220,8 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
*_bin_len = len / 2; *_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) { for (int i = 0; i < len / 2; i++) {
int high = char2int((char)_hex[i * 2]); int high = char2int((char) _hex[i * 2]);
int low = char2int((char)_hex[i * 2 + 1]); int low = char2int((char) _hex[i * 2 + 1]);
if (high < 0 || low < 0) { if (high < 0 || low < 0) {
return false; return false;
...@@ -175,8 +233,8 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len, ...@@ -175,8 +233,8 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
return true; return true;
} }
bool hex2carray(const char * _hex, uint64_t *_bin_len, bool hex2carray(const char *_hex, uint64_t *_bin_len,
uint8_t* _bin ) { uint8_t *_bin) {
int len = strnlen(_hex, 2 * BUF_LEN); int len = strnlen(_hex, 2 * BUF_LEN);
if (len == 0 && len % 2 == 1) if (len == 0 && len % 2 == 1)
...@@ -185,8 +243,8 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len, ...@@ -185,8 +243,8 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len,
*_bin_len = len / 2; *_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) { for (int i = 0; i < len / 2; i++) {
int high = char2int((char)_hex[i * 2]); int high = char2int((char) _hex[i * 2]);
int low = char2int((char)_hex[i * 2 + 1]); int low = char2int((char) _hex[i * 2 + 1]);
if (high < 0 || low < 0) { if (high < 0 || low < 0) {
return false; return false;
...@@ -198,11 +256,13 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len, ...@@ -198,11 +256,13 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len,
return true; return true;
} }
enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2, L_WARNING = 3, L_ERROR = 4 }; enum log_level {
L_TRACE = 0, L_DEBUG = 1, L_INFO = 2, L_WARNING = 3, L_ERROR = 4
};
uint32_t globalLogLevel_ = 2; uint32_t globalLogLevel_ = 2;
void logMsg(log_level _level, const char* _msg) { void logMsg(log_level _level, const char *_msg) {
if (_level < globalLogLevel_) if (_level < globalLogLevel_)
return; return;
...@@ -217,19 +277,19 @@ void logMsg(log_level _level, const char* _msg) { ...@@ -217,19 +277,19 @@ void logMsg(log_level _level, const char* _msg) {
} }
EXTERNC void LOG_INFO(const char* _msg) { EXTERNC void LOG_INFO(const char *_msg) {
logMsg(L_INFO, _msg); logMsg(L_INFO, _msg);
}; };
EXTERNC void LOG_WARN(const char* _msg) { EXTERNC void LOG_WARN(const char *_msg) {
logMsg(L_WARNING, _msg); logMsg(L_WARNING, _msg);
}; };
EXTERNC void LOG_ERROR(const char* _msg) { EXTERNC void LOG_ERROR(const char *_msg) {
logMsg(L_ERROR, _msg); logMsg(L_ERROR, _msg);
}; };
EXTERNC void LOG_DEBUG(const char* _msg) { EXTERNC void LOG_DEBUG(const char *_msg) {
logMsg(L_DEBUG, _msg); logMsg(L_DEBUG, _msg);
}; };
EXTERNC void LOG_TRACE(const char* _msg) { EXTERNC void LOG_TRACE(const char *_msg) {
logMsg(L_TRACE, _msg); logMsg(L_TRACE, _msg);
}; };
secure_enclave/EnclaveCommon.h
View file @ 034366cd
...@@ -21,6 +21,11 @@ ...@@ -21,6 +21,11 @@
@date 2019 @date 2019
*/ */
#include "DomainParameters.h"
#include "Signature.h"
#include "Curves.h"
#ifndef SGXWALLET_ENCLAVECOMMON_H #ifndef SGXWALLET_ENCLAVECOMMON_H
#define SGXWALLET_ENCLAVECOMMON_H #define SGXWALLET_ENCLAVECOMMON_H
...@@ -45,6 +50,8 @@ EXTERNC void enclave_init(); ...@@ -45,6 +50,8 @@ EXTERNC void enclave_init();
void get_global_random(unsigned char* _randBuff, uint64_t size); void get_global_random(unsigned char* _randBuff, uint64_t size);
EXTERNC uint8_t* getThreadLocalDecryptedDkgPoly();
EXTERNC void LOG_INFO(const char* msg); EXTERNC void LOG_INFO(const char* msg);
EXTERNC void LOG_WARN(const char* _msg); EXTERNC void LOG_WARN(const char* _msg);
EXTERNC void LOG_ERROR(const char* _msg); EXTERNC void LOG_ERROR(const char* _msg);
...@@ -55,5 +62,7 @@ extern uint32_t globalLogLevel_; ...@@ -55,5 +62,7 @@ extern uint32_t globalLogLevel_;
extern unsigned char* globalRandom; extern unsigned char* globalRandom;
extern domain_parameters curve;
#endif //SGXWALLET_ENCLAVECOMMON_H #endif //SGXWALLET_ENCLAVECOMMON_H
secure_enclave/secure_enclave.c
View file @ 034366cd
...@@ -56,7 +56,28 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -56,7 +56,28 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "EnclaveConstants.h" #include "EnclaveConstants.h"
#include "EnclaveCommon.h" #include "EnclaveCommon.h"
uint8_t decryptedDkgPoly[DKG_BUFER_LENGTH]; #define SAFE_FREE(__X__) if (!__X__) {free(__X__); __X__ = NULL;}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
#define CHECK_STATE(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
LOG_ERROR("State check failed::");LOG_ERROR(#_EXPRESSION_); \
LOG_ERROR((const char*) __FILE__); \
snprintf(errString, BUF_LEN, "State check failed. Check log."); \
*errStatus = -1; \
return;}
#define CHECK_STATE_CLEAN(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
LOG_ERROR("State check failed::");LOG_ERROR(#_EXPRESSION_); \
LOG_ERROR(__FILE__); LOG_ERROR(__LINE__); \
snprintf(errString, BUF_LEN, "State check failed. Check log."); \
*errStatus = -1; \
goto clean;}
void *(*gmp_realloc_func)(void *, size_t, size_t); void *(*gmp_realloc_func)(void *, size_t, size_t);
...@@ -129,54 +150,64 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) { ...@@ -129,54 +150,64 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return (void *) nptr; return (void *) nptr;
} }
void get_global_random(unsigned char *_randBuff, uint64_t _size) { void get_global_random(unsigned char *_randBuff, uint64_t _size) {
assert(_size <= 32);
sgx_sha_state_handle_t shaStateHandle;
assert(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
assert(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
assert(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);
memcpy(_randBuff, globalRandom, _size);
}
char errString[BUF_LEN];
int status;
int *errStatus = &status;
void trustedEMpzAdd(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} *errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(_size <= 32)
CHECK_STATE(_randBuff);
sgx_sha_state_handle_t shaStateHandle;
void trustedEMpzMul(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
CHECK_STATE(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);
void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} memcpy(_randBuff, globalRandom, _size);
}
void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *errString, void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); *errString = 0;
domain_parameters_load_curve(curve, secp256k1); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y);
SAFE_CHAR_BUF(rand_char, 32);
unsigned char *rand_char = (unsigned char *) calloc(32, 1);
get_global_random(rand_char, 32); get_global_random(rand_char, 32);
mpz_t seed; mpz_t seed;
mpz_init(seed); mpz_init(seed);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char); mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
free(rand_char);
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
mpz_mod(skey, seed, curve->p); mpz_mod(skey, seed, curve->p);
mpz_clear(seed);
//Public key //Public key
point Pkey = point_init(); point Pkey = point_init();
signature_extract_public_key(Pkey, skey, curve); signature_extract_public_key(Pkey, skey, curve);
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; SAFE_CHAR_BUF(arr_x, BUF_LEN);
char arr_x[len];
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -185,14 +216,16 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -185,14 +216,16 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2]; SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
SAFE_CHAR_BUF(skey_str, BUF_LEN);
mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str)); snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
...@@ -203,76 +236,71 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -203,76 +236,71 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal ecsdsa private key failed"); snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status; *errStatus = status;
goto clean;
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
return;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0;
clean:
mpz_clear(seed);
mpz_clear(skey); mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
} }
void trustedGetPublicEcdsaKey(int *errStatus, char *errString, void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(errString);
CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y);
domain_parameters curve = domain_parameters_init(); *errString = 0;
domain_parameters_load_curve(curve, secp256k1); *errStatus = UNKNOWN_ERROR;
char skey[ECDSA_SKEY_LEN]; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
point Pkey = point_init();
point Pkey_test = point_init();
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status; *errStatus = status;
LOG_ERROR(errString);
domain_parameters_clear(curve);
return; return;
} }
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key"); snprintf(errString, BUF_LEN, "wrong string to init private key");
LOG_ERROR(errString);
*errStatus = -10; *errStatus = -10;
goto clean;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return;
} }
//Public key //Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, privateKeyMpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
LOG_ERROR(errString);
*errStatus = -11; *errStatus = -11;
goto clean;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
point_clear(Pkey_test);
return;
} }
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
char arr_x[len];
SAFE_CHAR_BUF(arr_x, BUF_LEN);
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -281,7 +309,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -281,7 +309,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2]; SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -289,8 +318,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -289,8 +318,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
*errStatus = 0;
clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
point_clear(Pkey_test); point_clear(Pkey_test);
} }
...@@ -299,25 +330,22 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -299,25 +330,22 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char *arrR = NULL;
char *arrS = NULL;
char *privateKey = calloc(ECDSA_SKEY_LEN, 1); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(hash);
CHECK_STATE(sigR);
CHECK_STATE(sigS);
CHECK_STATE(base > 0);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(privateKey, ECDSA_SKEY_LEN);
signature sign = signature_init(); signature sign = signature_init();
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init(); point publicKey = point_init();
if (!hash) {
*errStatus = 1;
char *msg = "NULL message hash";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
if (strnlen(hash, 64) > 64) { if (strnlen(hash, 64) > 64) {
*errStatus = 2; *errStatus = 2;
char *msg = "Hash too long"; char *msg = "Hash too long";
...@@ -335,12 +363,6 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -335,12 +363,6 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
if (!encryptedPrivateKey) {
*errStatus = 3;
snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
LOG_ERROR(errString);
goto clean;
}
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) privateKey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) privateKey, &dec_len);
...@@ -373,52 +395,44 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -373,52 +395,44 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
arrR = calloc(mpz_sizeinbase(sign->r, base) + 2, 1); SAFE_CHAR_BUF(arrR, BUF_LEN);
mpz_get_str(arrR, base, sign->r); mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024); strncpy(sigR, arrR, BUF_LEN);
arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
SAFE_CHAR_BUF(arrS, BUF_LEN);
mpz_get_str(arrS, base, sign->s); mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024); strncpy(sigS, arrS, BUF_LEN);
*sig_v = sign->v; *sig_v = sign->v;
*errStatus = 0;
clean: clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey); point_clear(publicKey);
signature_free(sign); signature_free(sign);
if (privateKey) {
free(privateKey);
}
if (arrR) {
free(arrR);
}
if (arrS) {
free(arrS);
}
return; return;
} }
void trustedEncryptKey(int *errStatus, char *errString, const char *key, void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
CHECK_STATE(key);
CHECK_STATE(encryptedPrivateKey);
*errString = 0;
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG; *errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; LOG_ERROR(errString);
goto clean;
} }
memset(encryptedPrivateKey, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
...@@ -433,40 +447,47 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key, ...@@ -433,40 +447,47 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
*enc_len = sealedLen; *enc_len = sealedLen;
char decryptedKey[BUF_LEN]; SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
memset(decryptedKey, 0, BUF_LEN);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey); trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed"); snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed");
return; LOG_ERROR(errString);
goto clean;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) { if (decryptedKeyLen MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
CHECK_STATE(key);
uint32_t decLen; uint32_t decLen;
*errStatus = -9; *errString = 0;
*errStatus = UNKNOWN_ERROR;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen);
...@@ -474,12 +495,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -474,12 +495,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "wrong decLen"); snprintf(errString, BUF_LEN, "wrong decLen");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -10; *errStatus = -10;
...@@ -488,11 +511,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -488,11 +511,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
return;
clean:
;
} }
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
...@@ -500,15 +526,22 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -500,15 +526,22 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char key[BUF_LEN]; *errString = 0;
char *sig = (char *) calloc(BUF_LEN, 1); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(_hashX);
CHECK_STATE(_hashY);
CHECK_STATE(signature);
SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key); trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) { if (*errStatus != 0) {
strncpy(signature, errString, BUF_LEN); strncpy(signature, errString, BUF_LEN);
free(sig); LOG_ERROR(errString);
return; goto clean;
} }
enclave_sign(key, _hashX, _hashY, sig); enclave_sign(key, _hashX, _hashY, sig);
...@@ -517,21 +550,31 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -517,21 +550,31 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
if (strnlen(signature, BUF_LEN) < 10) { if (strnlen(signature, BUF_LEN) < 10) {
*errStatus = -1; *errStatus = -1;
free(sig); strncpy(errString, "signature too short", BUF_LEN);
return; LOG_ERROR(errString);
goto clean;
} }
free(sig); *errStatus = 0;
clean:
;
} }
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH]; *errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret);
SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH);
if (gen_dkg_poly(dkg_secret, _t) != 0) { if (gen_dkg_poly(dkg_secret, _t) != 0) {
*errStatus = -1; *errStatus = -1;
return; strncpy(errString, "Couldnt generate poly", BUF_LEN);
LOG_ERROR(errString);
goto clean;
} }
uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH); uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH);
...@@ -541,11 +584,17 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg ...@@ -541,11 +584,17 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "SGX seal data failed"); snprintf(errString, BUF_LEN, "SGX seal data failed");
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0;
clean:
;
} }
void void
...@@ -553,37 +602,62 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_ ...@@ -553,37 +602,62 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len); (const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*dec_len = decr_len; *dec_len = decr_len;
*errStatus = 0;
clean:
;
} }
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares, char *secret_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(secret_shares);
CHECK_STATE(_t <= _n);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_BUFER_LENGTH);
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return; LOG_ERROR(errString);
goto clean;
} }
*dec_len = decr_len; *dec_len = decr_len;
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n); calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
*errStatus = 0;
clean:
;
} }
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
...@@ -591,56 +665,91 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_ ...@@ -591,56 +665,91 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(public_shares);
CHECK_STATE(_t <= _n);
CHECK_STATE(_n > 0);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN);
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret,
&decr_len); &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
free(decrypted_dkg_secret); LOG_ERROR(errString);
return; goto clean;
} }
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
free(decrypted_dkg_secret); LOG_ERROR(errString);
return; goto clean;
} }
free(decrypted_dkg_secret);
*errStatus = 0;
clean:
;
} }
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) { void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); CHECK_STATE(encrypted_poly);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_poly, NULL, 0, decryptedDkgPoly, &decr_len); (const sgx_sealed_data_t *) encrypted_poly, NULL, 0,
getThreadLocalDecryptedDkgPoly(), &decr_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0;
clean:
;
} }
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) { uint8_t ind) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; CHECK_STATE(encrypted_skey)
char pub_key_x[BUF_LEN]; CHECK_STATE(result_str);
memset(pub_key_x, 0, BUF_LEN); CHECK_STATE(s_shareG2);
char pub_key_y[BUF_LEN]; CHECK_STATE(pub_keyB);
memset(pub_key_y, 0, BUF_LEN); CHECK_STATE(_t <= _n);
CHECK_STATE(_n > 0);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
uint32_t enc_len; uint32_t enc_len;
trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) { if (*errStatus != 0) {
return; snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", errStatus);
LOG_ERROR(errString);
goto clean;
} }
*dec_len = enc_len; *dec_len = enc_len;
...@@ -650,102 +759,129 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en ...@@ -650,102 +759,129 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
char *common_key[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
gen_session_key(skey, pub_keyB, common_key);
char *s_share[ECDSA_SKEY_LEN];; gen_session_key(skey, pub_keyB, common_key);SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { if (calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "\nt does not match poly degree\n"); snprintf(errString, BUF_LEN, "\nt does not match poly degree\n");
return; LOG_ERROR(errString);
goto clean;
} }
if (calc_secret_shareG2(s_share, s_shareG2) != 0) { if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid decr secret share\n"); snprintf(errString, BUF_LEN, "invalid decr secret share\n");
return; LOG_ERROR(errString);
goto clean;
} }
char *cypher[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
xor_encrypt(common_key, s_share, cypher); xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
*errStatus = 0;
clean:
;
} }
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len, uint32_t *dec_len, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; CHECK_STATE(encrypted_dkg_secret);
uint32_t decr_len; CHECK_STATE(s_shareG2);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); CHECK_STATE(_t <= _n);
CHECK_STATE(_n > 0);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_BUFER_LENGTH);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, dec_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return; LOG_ERROR(errString);
goto clean;
} }
calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1); calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1);
*errStatus = 0;
clean:
;
} }
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; CHECK_STATE(public_shares);
CHECK_STATE(s_share);
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(_t);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
mpz_t s;
mpz_init(s);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
char encr_sshare[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1); strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
encr_sshare[64] = 0; encr_sshare[64] = 0;
char common_key[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
char decr_sshare[ECDSA_SKEY_LEN];
SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN);
session_key_recover(skey, s_share, common_key); session_key_recover(skey, s_share, common_key);
common_key[ECDSA_SKEY_LEN - 1] = 0; common_key[ECDSA_SKEY_LEN - 1] = 0;
if (common_key == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1; if (mpz_set_str(s, decr_sshare, 16) == -1) {
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
mpz_t s;
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s); LOG_ERROR(errString);
return; goto clean;
} }
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
mpz_clear(s);
snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key); *errStatus = 0;
clean:
mpz_clear(s);
} }
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
...@@ -753,74 +889,82 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -753,74 +889,82 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint32_t *enc_bls_key_len) { uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(s_shares);
CHECK_STATE(encr_bls_key);
CHECK_STATE(s_shares);
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(encr_bls_key);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t sum;
mpz_init(sum);
mpz_set_ui(sum, 0);
mpz_t q;
mpz_init(q);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_t bls_key;
mpz_init(bls_key);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
int num_shares = strlen(s_shares) / 192; int num_shares = strlen(s_shares) / 192;
mpz_t sum;
mpz_init(sum);
mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) { for (int i = 0; i < num_shares; i++) {
char encr_sshare[65];
SAFE_CHAR_BUF(encr_sshare, 65);
strncpy(encr_sshare, s_shares + 192 * i, 64); strncpy(encr_sshare, s_shares + 192 * i, 64);
encr_sshare[64] = 0; encr_sshare[64] = 0;
char s_share[193]; SAFE_CHAR_BUF(s_share, 193);
strncpy(s_share, s_shares + 192 * i, 192); strncpy(s_share, s_shares + 192 * i, 192);
s_share[192] = 0; s_share[192] = 0;
char common_key[65]; SAFE_CHAR_BUF(common_key, 65);
session_key_recover(skey, s_share, common_key); session_key_recover(skey, s_share, common_key);
common_key[64] = 0; common_key[64] = 0;
if (common_key == NULL) { SAFE_CHAR_BUF(decr_sshare, 65);
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
mpz_t decr_secret_share; mpz_t decr_secret_share;
mpz_init(decr_secret_share); mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decrypted secret share"); snprintf(errString, BUF_LEN, "invalid decrypted secret share");
LOG_ERROR(errString);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
mpz_clear(sum); goto clean;
return;
} }
mpz_addmul_ui(sum, decr_secret_share, 1); mpz_addmul_ui(sum, decr_secret_share, 1);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
} }
mpz_t q;
mpz_init(q);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_t bls_key;
mpz_init(bls_key);
mpz_mod(bls_key, sum, q); mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2]; SAFE_CHAR_BUF(key_share, BUF_LEN);
mpz_get_str(key_share, 16, bls_key); mpz_get_str(key_share, 16, bls_key);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
...@@ -829,13 +973,15 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -829,13 +973,15 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status); snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status);
mpz_clear(bls_key); LOG_ERROR(errString);
mpz_clear(sum); goto clean;
mpz_clear(q);
return;
} }
*enc_bls_key_len = sealedLen; *enc_bls_key_len = sealedLen;
*errStatus = 0;
clean:
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
...@@ -845,7 +991,17 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -845,7 +991,17 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
char *bls_pub_key) { char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(bls_pub_key);
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(bls_pub_key);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
uint32_t len = key_len; uint32_t len = key_len;
...@@ -854,22 +1010,37 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -854,22 +1010,37 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "could not calculate bls public key"); snprintf(errString, BUF_LEN, "could not calculate bls public key");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0;
clean:
;
} }
void trustedGenerateSEK(int *errStatus, char *errString, void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE]; CHECK_STATE(encrypted_SEK);
sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE); CHECK_STATE(SEK_hex);
CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);;
uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2; uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex); carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex);
...@@ -885,34 +1056,55 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -885,34 +1056,55 @@ void trustedGenerateSEK(int *errStatus, char *errString,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed"); snprintf(errString, BUF_LEN, "seal SEK failed");
*errStatus = status; *errStatus = status;
return; LOG_ERROR(errString);
goto clean;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0;
clean:
;
} }
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2]; *errString = 0;
memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_SEK);
SAFE_CHAR_BUF(aes_key_hex, BUF_LEN);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len); (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
uint64_t len; uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
*errStatus = 0;
clean:
;
} }
void trustedSetSEK_backup(int *errStatus, char *errString, void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex);
uint64_t len; uint64_t len;
hex2carray(SEK_hex, &len, (uint8_t *) AES_key); hex2carray(SEK_hex, &len, (uint8_t *) AES_key);
...@@ -923,28 +1115,36 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -923,28 +1115,36 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
*errStatus = status; *errStatus = status;
return; LOG_ERROR(errString);
goto clean;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0;
clean:
;
} }
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); *errString = 0;
domain_parameters_load_curve(curve, secp256k1); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y);
unsigned char *rand_char = (unsigned char *) calloc(32, 1); SAFE_CHAR_BUF(rand_char, 32);
get_global_random(rand_char, 32); get_global_random(rand_char, 32);
mpz_t seed; mpz_t seed;
mpz_init(seed); mpz_init(seed);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char); mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
free(rand_char);
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
mpz_mod(skey, seed, curve->p); mpz_mod(skey, seed, curve->p);
...@@ -955,8 +1155,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -955,8 +1155,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
signature_extract_public_key(Pkey, skey, curve); signature_extract_public_key(Pkey, skey, curve);
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;SAFE_CHAR_BUF(arr_x, BUF_LEN);
char arr_x[len];
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -965,15 +1164,15 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -965,15 +1164,15 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2]; SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[ECDSA_SKEY_LEN];
char arr_skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2);
mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey); mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey);
n_zeroes = 64 - strlen(arr_skey_str); n_zeroes = 64 - strlen(arr_skey_str);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -983,36 +1182,30 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -983,36 +1182,30 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
skey_str[ECDSA_SKEY_LEN - 1] = 0; skey_str[ECDSA_SKEY_LEN - 1] = 0;
snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str)); snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
int stat = AES_encrypt(skey_str, encryptedPrivateKey); int stat = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
if (stat != 0) { if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed"); snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat; *errStatus = stat;
LOG_ERROR(errString);
mpz_clear(skey); goto clean;
domain_parameters_clear(curve);
point_clear(Pkey);
return;
} }
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str); stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
if (stat != 0) { if (stat != 0) {
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); snprintf(errString, BUF_LEN, "ecdsa private key decr failed with status %d", stat);
*errStatus = stat; *errStatus = stat;
LOG_ERROR(errString);
mpz_clear(skey); goto clean;
domain_parameters_clear(curve);
point_clear(Pkey);
return;
} }
*errStatus = 0;
clean:
mpz_clear(skey); mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
} }
...@@ -1020,39 +1213,42 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1020,39 +1213,42 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); *errString = 0;
domain_parameters_load_curve(curve, secp256k1); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
//Public key
point Pkey = point_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
if (status != 0) { if (status != 0) {
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status; *errStatus = status;
LOG_ERROR(errString);
domain_parameters_clear(curve); goto clean;
return;
} }
strncpy(errString, skey, 1024); strncpy(errString, skey, 1024);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key"); snprintf(errString, BUF_LEN, "wrong string to init private key");
LOG_ERROR(errString);
*errStatus = -10; *errStatus = -10;
goto clean;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return;
} }
//Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, privateKeyMpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
...@@ -1061,19 +1257,12 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1061,19 +1257,12 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
LOG_ERROR(errString);
*errStatus = -11; *errStatus = -11;
goto clean;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
point_clear(Pkey_test);
return;
} }
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; SAFE_CHAR_BUF(arr_x, BUF_LEN);
char arr_x[len];
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
...@@ -1083,83 +1272,109 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1083,83 +1272,109 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2]; SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
*errStatus = 0;
clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
point_clear(Pkey_test); point_clear(Pkey_test);
} }
static uint64_t sigCounter = 0;
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters ecdsaCurve = domain_parameters_init(); *errString = 0;
domain_parameters_load_curve(ecdsaCurve, secp256k1); *errStatus = UNKNOWN_ERROR;
char skey[ECDSA_SKEY_LEN]; CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(hash);
CHECK_STATE(sigR);
CHECK_STATE(sigS);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
mpz_init(msgMpz);
signature sign = signature_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
domain_parameters_clear(ecdsaCurve); LOG_ERROR(status);
return; goto clean;
} }
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
snprintf(errString, BUF_LEN, "pr key length is %zu ", strlen(skey));
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid secret key");
LOG_ERROR(skey); LOG_ERROR(errString);
mpz_clear(privateKeyMpz); goto clean;
domain_parameters_clear(ecdsaCurve);
return;
} }
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "invalid message hash");
LOG_ERROR(errString);
goto clean;
}
mpz_clear(privateKeyMpz); signature_sign(sign, msgMpz, privateKeyMpz, curve);
mpz_clear(msgMpz);
domain_parameters_clear(ecdsaCurve);
return; sigCounter++;
}
signature sign = signature_init(); if (sigCounter % 1000 == 0) {
signature_sign(sign, msgMpz, privateKeyMpz, ecdsaCurve); point Pkey = point_init();
signature_extract_public_key(Pkey, privateKeyMpz, curve);
if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! ");
point_clear(Pkey);
goto clean;
}
char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; point_clear(Pkey);
}
SAFE_CHAR_BUF(arrM, BUF_LEN);
mpz_get_str(arrM, 16, msgMpz); mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM); snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arrR[mpz_sizeinbase(sign->r, base) + 2]; SAFE_CHAR_BUF(arrR, BUF_LEN);
mpz_get_str(arrR, base, sign->r); mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024); strncpy(sigR, arrR, 1024);
char arrS[mpz_sizeinbase(sign->s, base) + 2]; SAFE_CHAR_BUF(arrS, BUF_LEN);
mpz_get_str(arrS, base, sign->s); mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024); strncpy(sigS, arrS, 1024);
*sig_v = sign->v; *sig_v = sign->v;
*errStatus = 0;
clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
signature_free(sign); signature_free(sign);
...@@ -1170,61 +1385,77 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -1170,61 +1385,77 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN); CHECK_STATE(key);
CHECK_STATE(encryptedPrivateKey);
memset(encryptedPrivateKey, 0, BUF_LEN); *errStatus = UNKNOWN_ERROR;
int stat = AES_encrypt(key, encryptedPrivateKey); int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat); snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
return; LOG_ERROR(errString);
goto clean;
} }
*enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decryptedKey[BUF_LEN]; SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey); stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); snprintf(errString, BUF_LEN, "trustedDecryptKey failed with status %d", stat);
return; LOG_ERROR(errString);
goto clean;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) { if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(key);
*errStatus = -9; *errStatus = -9;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key); int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -10; *errStatus = -10;
...@@ -1233,11 +1464,15 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -1233,11 +1464,15 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
memcpy(errString, AES_key, BUF_LEN);
clean:
;
} }
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
...@@ -1245,17 +1480,24 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -1245,17 +1480,24 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char key[BUF_LEN]; *errString = 0;
memset(key, 0, BUF_LEN); *errStatus = UNKNOWN_ERROR;
char sig[BUF_LEN];
memset(sig, 0, BUF_LEN);
int stat = AES_decrypt(encryptedPrivateKey, enc_len, key); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(_hashX);
CHECK_STATE(_hashY);
CHECK_STATE(signature);
if (stat != 0) { SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN);
*errStatus = stat;
strncpy(signature, errString, BUF_LEN);
return; int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
if (status != 0) {
*errStatus = status;
strncpy(errString, "AES decrypt failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
} }
enclave_sign(key, _hashX, _hashY, sig); enclave_sign(key, _hashX, _hashY, sig);
...@@ -1263,138 +1505,206 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -1263,138 +1505,206 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
strncpy(signature, sig, BUF_LEN); strncpy(signature, sig, BUF_LEN);
if (strnlen(signature, BUF_LEN) < 10) { if (strnlen(signature, BUF_LEN) < 10) {
strncpy(errString, "Signature too short", BUF_LEN);
LOG_ERROR(errString);
*errStatus = -1; *errStatus = -1;
return; goto clean;
} }
*errStatus = 0;
clean:
;
} }
void void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH]; *errString = 0;
memset(dkg_secret, 0, DKG_BUFER_LENGTH); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret);
SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH);
if (gen_dkg_poly(dkg_secret, _t) != 0) { if (gen_dkg_poly(dkg_secret, _t) != 0) {
*errStatus = -1; *errStatus = -1;
return; strncpy(errString, "gen_dkg_poly failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
} }
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret); int status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed"); snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decr_dkg_secret[DKG_BUFER_LENGTH]; SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH);
memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH);
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret); status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed"); snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
if (strcmp(dkg_secret, decr_dkg_secret) != 0) { if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, snprintf(errString, BUF_LEN,
"encrypted poly is not equal to decrypted poly"); "encrypted poly is not equal to decrypted poly");
LOG_ERROR(errString);
*errStatus = -333; *errStatus = -333;
goto clean;
} }
*errStatus = 0;
clean:
;
} }
void void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint8_t *decrypted_dkg_secret, uint32_t enc_len,
uint32_t *dec_len) { uint8_t *decrypted_dkg_secret) {
*errString = 0;
*errStatus = UNKNOWN_ERROR;
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
int status = AES_decrypt(encrypted_dkg_secret, *dec_len, (char *) decrypted_dkg_secret); CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(decrypted_dkg_secret);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
3072);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*errStatus = 0;
clean:
;
} }
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); *errString = 0;
int status = AES_decrypt(encrypted_poly, *enc_len, (char *) decryptedDkgPoly); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_poly);
memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0;
clean:
;
} }
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) { uint8_t ind) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; *errString = 0;
memset(skey, 0, ECDSA_SKEY_LEN); *errStatus = UNKNOWN_ERROR;
char pub_key_x[BUF_LEN];
memset(pub_key_x, 0, BUF_LEN); CHECK_STATE(encrypted_skey);
char pub_key_y[BUF_LEN]; CHECK_STATE(result_str);
memset(pub_key_y, 0, BUF_LEN); CHECK_STATE(s_shareG2);
CHECK_STATE(pub_keyB);
LOG_DEBUG(__FUNCTION__);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
uint32_t enc_len; uint32_t enc_len;
int status;
trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) {
return; if (status != 0) {
snprintf(errString, BUF_LEN, "trustedGenerateEcdsaKeyAES failed");
*errStatus = status;
LOG_ERROR(errString);
goto clean;
} }
int status = AES_decrypt(encrypted_skey, enc_len, skey); status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d",
status); status);
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*dec_len = enc_len; *dec_len = enc_len;
char *common_key[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
gen_session_key(skey, pub_keyB, common_key); gen_session_key(skey, pub_keyB, common_key);
char *s_share[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { if (calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "calc secret share failed"); snprintf(errString, BUF_LEN, "calc secret share failed");
return; LOG_ERROR(errString);
goto clean;
} }
if (calc_secret_shareG2(s_share, s_shareG2) != 0) { if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
return; LOG_ERROR(errString);
goto clean;
} }
char *cypher[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
xor_encrypt(common_key, s_share, cypher); xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
*errStatus = 0;
clean:
;
} }
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
...@@ -1402,79 +1712,89 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt ...@@ -1402,79 +1712,89 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); *errString = 0;
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(public_shares);
CHECK_STATE(_t <= _n && _n > 0)
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret); SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
DKG_MAX_SEALED_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
free(decrypted_dkg_secret); LOG_ERROR(errString);
return; goto clean;
} }
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
free(decrypted_dkg_secret); LOG_ERROR(errString);
return; goto clean;
} }
free(decrypted_dkg_secret); *errStatus = 0;
clean:
;
} }
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; *errString = 0;
memset(skey, 0, ECDSA_SKEY_LEN); *errStatus = UNKNOWN_ERROR;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
CHECK_STATE(public_shares);
CHECK_STATE(s_share);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t s;
mpz_init(s);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status; *errStatus = status;
return; LOG_ERROR(errString);
goto clean;
} }
char encr_sshare[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
memset(encr_sshare, 0, ECDSA_SKEY_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1); strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
char common_key[ECDSA_SKEY_LEN]; SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
memset(common_key, 0, ECDSA_SKEY_LEN);
session_key_recover(skey, s_share, common_key); session_key_recover(skey, s_share, common_key);
if (common_key == NULL || strlen(common_key) == 0) { SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN);
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
char decr_sshare[ECDSA_SKEY_LEN];
memset(decr_sshare, 0, ECDSA_SKEY_LEN);
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
mpz_t s;
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) { if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s); LOG_ERROR(errString);
return; goto clean;
} }
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
mpz_clear(s);
snprintf(errString, BUF_LEN, "public shares %s", public_shares); *errStatus = 0;
clean:
mpz_clear(s);
} }
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
...@@ -1482,56 +1802,54 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1482,56 +1802,54 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
uint32_t *enc_bls_key_len) { uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; *errString = 0;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey); *errStatus = UNKNOWN_ERROR;
CHECK_STATE(s_shares);
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(encr_bls_key);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t sum;
mpz_init(sum);
mpz_set_ui(sum, 0);
mpz_t q;
mpz_init(q);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_t bls_key;
mpz_init(bls_key);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
int num_shares = strlen(s_shares) / 192; int num_shares = strlen(s_shares) / 192;
mpz_t sum; for (int i = 0; i < num_shares; i++) { SAFE_CHAR_BUF(encr_sshare, 65);
mpz_init(sum);
mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) {
char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64); strncpy(encr_sshare, s_shares + 192 * i, 64);
encr_sshare[64] = 0; encr_sshare[64] = 0;
char s_share[193]; SAFE_CHAR_BUF(s_share, 193);
strncpy(s_share, s_shares + 192 * i, 192); strncpy(s_share, s_shares + 192 * i, 192);
s_share[192] = 0; s_share[192] = 0;
char common_key[65]; SAFE_CHAR_BUF(common_key, 65);
session_key_recover(skey, s_share, common_key); session_key_recover(skey, s_share, common_key);
common_key[64] = 0; common_key[64] = 0;
if (common_key == NULL) { SAFE_CHAR_BUF(decr_sshare, 65);
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
LOG_ERROR(errString);
mpz_clear(sum);
return;
}
char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid common_key");
LOG_ERROR(common_key);
LOG_ERROR(errString);
mpz_clear(sum);
return;
}
decr_sshare[64] = 0; decr_sshare[64] = 0;
mpz_t decr_secret_share; mpz_t decr_secret_share;
...@@ -1542,26 +1860,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1542,26 +1860,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
LOG_ERROR(errString); LOG_ERROR(errString);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
mpz_clear(sum); goto clean;
return;
} }
mpz_addmul_ui(sum, decr_secret_share, 1); mpz_addmul_ui(sum, decr_secret_share, 1);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
} }
mpz_t q;
mpz_init(q);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_t bls_key;
mpz_init(bls_key);
mpz_mod(bls_key, sum, q); mpz_mod(bls_key, sum, q);
char key_share[BLS_KEY_LENGTH]; SAFE_CHAR_BUF(key_share, BLS_KEY_LENGTH);
char arr_skey_str[mpz_sizeinbase(bls_key, 16) + 2];
SAFE_CHAR_BUF(arr_skey_str, BUF_LEN);
mpz_get_str(arr_skey_str, 16, bls_key); mpz_get_str(arr_skey_str, 16, bls_key);
int n_zeroes = 64 - strlen(arr_skey_str); int n_zeroes = 64 - strlen(arr_skey_str);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -1570,20 +1882,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1570,20 +1882,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes);
key_share[BLS_KEY_LENGTH - 1] = 0; key_share[BLS_KEY_LENGTH - 1] = 0;
status = AES_encrypt(key_share, encr_bls_key); status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
LOG_ERROR(errString);
mpz_clear(bls_key); goto clean;
mpz_clear(sum);
mpz_clear(q);
return;
} }
*enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
*errStatus = 0;
clean:
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
...@@ -1594,13 +1906,20 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -1594,13 +1906,20 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
char *bls_pub_key) { char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; *errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(bls_pub_key);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex); int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
skey_hex[ECDSA_SKEY_LEN - 1] = 0; skey_hex[ECDSA_SKEY_LEN - 1] = 0;
...@@ -1609,6 +1928,12 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -1609,6 +1928,12 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
LOG_ERROR(skey_hex); LOG_ERROR(skey_hex);
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "could not calculate bls public key"); snprintf(errString, BUF_LEN, "could not calculate bls public key");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0;
clean:
;
} }
secure_enclave/secure_enclave.config.xml
View file @ 034366cd
<EnclaveConfiguration> <EnclaveConfiguration>
<ProdID>0</ProdID> <ProdID>0</ProdID>
<ISVSVN>0</ISVSVN> <ISVSVN>0</ISVSVN>
<StackMaxSize>0x100000</StackMaxSize> <StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x1000000</HeapMaxSize> <HeapMaxSize>0x100000000</HeapMaxSize>
<TCSNum>16</TCSNum> <TCSNum>128</TCSNum>
<TCSMaxNum>16</TCSMaxNum> <TCSMaxNum>128</TCSMaxNum>
<TCSPolicy>1</TCSPolicy> <TCSMinPool>128</TCSMinPool>
<TCSPolicy>0</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release --> <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug> <DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect> <MiscSelect>0</MiscSelect>
......
secure_enclave/secure_enclave.edl
View file @ 034366cd
...@@ -10,32 +10,17 @@ enclave { ...@@ -10,32 +10,17 @@ enclave {
public void trustedEnclaveInit(uint32_t _logLevel); public void trustedEnclaveInit(uint32_t _logLevel);
public void trustedEMpzAdd(
[user_check] mpz_t *c, [user_check] mpz_t *a, [user_check] mpz_t *b
);
public void trustedEMpzMul(
[user_check] mpz_t *c, [user_check] mpz_t *a, [user_check] mpz_t *b
);
public void trustedEMpzDiv(
[user_check] mpz_t *c, [user_check] mpz_t *a, [user_check] mpz_t *b
);
public void trustedEMpfDiv(
[user_check] mpf_t *c, [user_check] mpf_t *a, [user_check] mpf_t *b
);
public void trustedGenerateEcdsaKey ( public void trustedGenerateEcdsaKey (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len, [out] uint32_t *enc_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y); [out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedGetPublicEcdsaKey ( public void trustedGetPublicEcdsaKey (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t dec_len, uint32_t dec_len,
...@@ -43,53 +28,53 @@ enclave { ...@@ -43,53 +28,53 @@ enclave {
[out, count = SMALL_BUF_SIZE] char * pub_key_y); [out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedEncryptKey ( public void trustedEncryptKey (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] const char* key, [in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len); [out] uint32_t *enc_len);
public void trustedDecryptKey ( public void trustedDecryptKey (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[out, count = SMALL_BUF_SIZE] char* key ); [out, count = SMALL_BUF_SIZE] char* key );
public void trustedBlsSignMessage ( public void trustedBlsSignMessage (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[in, count = SMALL_BUF_SIZE] char* hashX , [in, string] char* hashX ,
[in, count = SMALL_BUF_SIZE] char* hashY , [in, string] char* hashY ,
[out, count = SMALL_BUF_SIZE] char* signature); [out, count = SMALL_BUF_SIZE] char* signature);
public void trustedGenDkgSecret ( public void trustedGenDkgSecret (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = 3050] uint8_t* encrypted_dkg_secret, [out, count = 3050] uint8_t* encrypted_dkg_secret,
[user_check] uint32_t * enc_len, [out] uint32_t * enc_len,
size_t _t); size_t _t);
public void trustedDecryptDkgSecret ( public void trustedDecryptDkgSecret (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret, [in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret, [out, count = 2490] uint8_t* decrypted_dkg_secret,
[user_check] uint32_t* dec_len); [out] uint32_t* dec_len);
public void trustedGetSecretShares ( public void trustedGetSecretShares (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret, [in, count = 3050] uint8_t* encrypted_dkg_secret,
[user_check] uint32_t* dec_len, [out] uint32_t* dec_len,
[out, count = 2490] char* secret_shares, [out, count = 2490] char* secret_shares,
unsigned _t, unsigned _t,
unsigned _n); unsigned _n);
public void trustedGetPublicShares ( public void trustedGetPublicShares (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret, [in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len, uint32_t enc_len,
...@@ -98,101 +83,99 @@ enclave { ...@@ -98,101 +83,99 @@ enclave {
unsigned _n); unsigned _n);
public void trustedEcdsaSign( public void trustedEcdsaSign(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[in, count = SMALL_BUF_SIZE] unsigned char* hash, [in, string] unsigned char* hash,
[out, count = SMALL_BUF_SIZE] char* sig_r, [out, count = SMALL_BUF_SIZE] char* sig_r,
[out, count = SMALL_BUF_SIZE] char* sig_s, [out, count = SMALL_BUF_SIZE] char* sig_s,
[user_check] uint8_t* sig_v, [out] uint8_t* sig_v,
int base); int base);
public void trustedSetEncryptedDkgPoly( [user_check] int *errStatus, public void trustedSetEncryptedDkgPoly( [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly); [in, count = 3050] uint8_t* encrypted_poly);
public void trustedGetEncryptedSecretShare( public void trustedGetEncryptedSecretShare(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[user_check] uint32_t* dec_len, [out] uint32_t* dec_len,
[out, count = 193] char* result_str, [out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2, [out, count = 320] char* s_shareG2,
[in, count = 129] char* pub_keyB, [in, string] char* pub_keyB,
uint8_t _t, uint8_t _t,
uint8_t _n, uint8_t _n,
uint8_t ind); uint8_t ind);
public void trustedDkgVerify( public void trustedDkgVerify(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 8193] const char* public_shares, [in, string] const char* public_shares,
[in, count = 193] const char* s_share, [in, string] const char* s_share,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
unsigned _t, unsigned _t,
int _ind, int _ind,
[user_check] int* result); [out] int* result);
public void trustedCreateBlsKey( public void trustedCreateBlsKey(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 6145] const char* s_shares, [in, string] const char* s_shares,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
[out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key, [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
[user_check] uint32_t *enc_bls_key_len); [out] uint32_t *enc_bls_key_len);
public void trustedGetBlsPubKey( public void trustedGetBlsPubKey(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
[out, count = 320] char* bls_pub_key); [out, count = 320] char* bls_pub_key);
public void trustedComplaintResponse( public void trustedComplaintResponse(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t *encryptedDHKey,
[in, count = 3050] uint8_t *encrypted_dkg_secret, [in, count = 3050] uint8_t *encrypted_dkg_secret,
[user_check] uint32_t* dec_len, [out] uint32_t* dec_len,
[out, count = 65] char* DH_key,
[out, count = 320] char* s_shareG2, [out, count = 320] char* s_shareG2,
uint8_t _t, uint8_t _t,
uint8_t _n, uint8_t _n,
uint8_t ind1); uint8_t ind1);
public void trustedGenerateSEK( public void trustedGenerateSEK(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len, [out] uint32_t *enc_len,
[out, count = 65] char* hex_SEK); [out, count = 65] char* hex_SEK);
public void trustedSetSEK( public void trustedSetSEK(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, [in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
uint64_t encr_len); uint64_t encr_len);
public void trustedSetSEK_backup( public void trustedSetSEK_backup(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len, [out] uint32_t *enc_len,
[in, count = 65] const char* SEK_hex); [in, string] const char* SEK_hex);
public void trustedGenerateEcdsaKeyAES ( public void trustedGenerateEcdsaKeyAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = ECDSA_ENCR_LEN] uint8_t* encrypted_key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len, [out] uint32_t *enc_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y); [out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedGetPublicEcdsaKeyAES( public void trustedGetPublicEcdsaKeyAES(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t dec_len, uint32_t dec_len,
...@@ -200,63 +183,65 @@ enclave { ...@@ -200,63 +183,65 @@ enclave {
[out, count = SMALL_BUF_SIZE] char * pub_key_y); [out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedEcdsaSignAES( public void trustedEcdsaSignAES(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[in, count = SMALL_BUF_SIZE] const char* hash, [in, string] const char* hash,
[in, string] unsigned char* hash,
[out, count = SMALL_BUF_SIZE] char* sig_r, [out, count = SMALL_BUF_SIZE] char* sig_r,
[out, count = SMALL_BUF_SIZE] char* sig_s, [out, count = SMALL_BUF_SIZE] char* sig_s,
[user_check] uint8_t* sig_v, [out] uint8_t* sig_v,
int base); int base);
public void trustedEncryptKeyAES ( public void trustedEncryptKeyAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] const char* key, [in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len); [out] uint32_t *enc_len);
public void trustedDecryptKeyAES ( public void trustedDecryptKeyAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[out, count = SMALL_BUF_SIZE] char* key ); [out, count = SMALL_BUF_SIZE] char* key );
public void trustedGenDkgSecretAES ( public void trustedGenDkgSecretAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = 3050] uint8_t* encrypted_dkg_secret, [out, count = 3072] uint8_t* encrypted_dkg_secret,
[user_check] uint32_t * enc_len, size_t _t); [out] uint32_t * enc_len, size_t _t);
public void trustedDecryptDkgSecretAES ( public void trustedDecryptDkgSecretAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret, [in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret, uint32_t enc_len,
[user_check] uint32_t* dec_len); [out, count = 3072] uint8_t* decrypted_dkg_secret
);
public void trustedSetEncryptedDkgPolyAES( public void trustedSetEncryptedDkgPolyAES(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly, [in, count = 3050] uint8_t* encrypted_poly,
[user_check] uint64_t* enc_len); uint32_t enc_len);
public void trustedGetEncryptedSecretShareAES( public void trustedGetEncryptedSecretShareAES(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[user_check] uint32_t* dec_len, [out] uint32_t* dec_len,
[out, count = 193] char* result_str, [out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2, [out, count = 320] char* s_shareG2,
[in, count = 129] char* pub_keyB, [in, string] char* pub_keyB,
uint8_t _t, uint8_t _t,
uint8_t _n, uint8_t _n,
uint8_t ind); uint8_t ind);
public void trustedGetPublicSharesAES( public void trustedGetPublicSharesAES(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret, [in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len, uint32_t enc_len,
...@@ -265,36 +250,36 @@ enclave { ...@@ -265,36 +250,36 @@ enclave {
unsigned _n); unsigned _n);
public void trustedDkgVerifyAES( public void trustedDkgVerifyAES(
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 8193] const char* public_shares, [in, string] const char* public_shares,
[in, count = 193] const char* s_share, [in, string] const char* s_share,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
unsigned _t, unsigned _t,
int _ind, int _ind,
[user_check] int* result); [out] int* result);
public void trustedCreateBlsKeyAES( public void trustedCreateBlsKeyAES(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 6145] const char* s_shares, [in, count = 6145] const char* s_shares,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
[out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key, [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
[user_check] uint32_t *enc_bls_key_len); [out] uint32_t *enc_bls_key_len);
public void trustedBlsSignMessageAES ( public void trustedBlsSignMessageAES (
[user_check] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[in, count = SMALL_BUF_SIZE] char* hashX , [in, string] char* hashX ,
[in, count = SMALL_BUF_SIZE] char* hashY , [in, string] char* hashY ,
[out, count = SMALL_BUF_SIZE] char* signature); [out, count = SMALL_BUF_SIZE] char* signature);
public void trustedGetBlsPubKeyAES( public void trustedGetBlsPubKeyAES(
[user_check]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len, uint64_t key_len,
......
testw.cpp
View file @ 034366cd
...@@ -111,10 +111,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig ...@@ -111,10 +111,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
vector<char> signatureS(BUF_LEN, 0); vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0; uint8_t signatureV = 0;
for (int i = 0; i < 50; i++) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
(unsigned char *) hex.data(), (unsigned char *) hex.data(),
signatureR.data(), signatureR.data(),
signatureS.data(), &signatureV, 16); signatureS.data(), &signatureV, 16);
}
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
...@@ -286,6 +289,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") { ...@@ -286,6 +289,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
} }
} }
auto keyName = genECDSAKeyAPI(c);
Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
for (int i = 0; i <= 20; i++) { for (int i = 0; i <= 20; i++) {
try { try {
auto keyName = genECDSAKeyAPI(c); auto keyName = genECDSAKeyAPI(c);
...@@ -342,11 +352,12 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { ...@@ -342,11 +352,12 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") {
vector<char> secret(2490, 0); vector<char> secret(2490, 0);
vector<char> errMsg1(BUF_LEN, 0); vector<char> errMsg1(BUF_LEN, 0);
status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), /*status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(),
(uint8_t *) secret.data(), &encLen); (uint8_t *) secret.data(), &encLen);
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
*/
} }
TEST_CASE_METHOD(TestFixture, "DKG public shares test", "[dkg-pub-shares]") { TEST_CASE_METHOD(TestFixture, "DKG public shares test", "[dkg-pub-shares]") {
...@@ -431,8 +442,8 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares ...@@ -431,8 +442,8 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares
vector<char> secret(BUF_LEN, 0); vector<char> secret(BUF_LEN, 0);
status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen,
(uint8_t *) secret.data(), &encLen); (uint8_t *) secret.data());
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
...@@ -490,7 +501,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- ...@@ -490,7 +501,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
uint64_t enc_len = encLen; uint64_t enc_len = encLen;
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &enc_len); status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
......
testw.py
View file @ 034366cd
...@@ -51,7 +51,7 @@ testList = [ "[cert-sign]", ...@@ -51,7 +51,7 @@ testList = [ "[cert-sign]",
"[dkg-api]", "[dkg-api]",
"[dkg-bls]", "[dkg-bls]",
"[dkg-poly-exists]", "[dkg-poly-exists]",
"[dkg-pub-shares]", # "[dkg-pub-shares]",
"[dkg-aes-pub-shares]", "[dkg-aes-pub-shares]",
"[many-threads-crypto]", "[many-threads-crypto]",
"[aes-encrypt-decrypt]", "[aes-encrypt-decrypt]",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment