Skip to content

S
sgxwallet
Unverified Commit 0f995bb1 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #183 from skalenetwork/develop 

Create stable branch
parents bc336404 a10c7a05
Hide whitespace changes
Inline Side-by-side
Showing with 1118 additions and 747 deletions
BLSCrypto.cpp
View file @ 0f995bb1
......@@ -22,47 +22,47 @@
*/
#include <memory>
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "third_party/intel/create_enclave.h"
#include "bls.h"
#include <bls/BLSutils.h>
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "BLSPrivateKeyShareSGX.h"
#include "sgxwallet_common.h"
#include "third_party/intel/create_enclave.h"
#include "secure_enclave_u.h"
#include "third_party/intel/sgx_detect.h"
#include <gmp.h>
#include <sgx_urts.h>
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "SGXWalletServer.h"
#include "BLSCrypto.h"
#include "SEKManager.h"
#include "LevelDB.h"
#include "ServerInit.h"
#include "BLSCrypto.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
string *FqToString(libff::alt_bn128_Fq *_fq) {
CHECK_STATE(_fq);
std::string *FqToString(libff::alt_bn128_Fq *_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(arr);
return new string(arr);
}
int char2int(char _input) {
......@@ -75,11 +75,18 @@ int char2int(char _input) {
return -1;
}
void carray2Hex(const unsigned char *d, int _len, char *_hexArray) {
void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,
uint64_t _hexArrayLen) {
CHECK_STATE(d);
CHECK_STATE(_hexArray);
char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
for (int j = 0; j < _len; j++) {
CHECK_STATE(_hexArrayLen > 2 * _len);
for (uint64_t j = 0; j < _len; j++) {
_hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)];
_hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F];
}
......@@ -87,38 +94,29 @@ void carray2Hex(const unsigned char *d, int _len, char *_hexArray) {
_hexArray[_len * 2] = 0;
}
bool hex2carray(const char *_hex, uint64_t *_bin_len, uint8_t *_bin) {
int len = strnlen(_hex, 2 * BUF_LEN);
if (len == 0 && len % 2 == 1)
return false;
bool hex2carray(const char *_hex, uint64_t *_bin_len,
uint8_t *_bin, uint64_t _max_length) {
*_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) {
int high = char2int((char) _hex[i * 2]);
int low = char2int((char) _hex[i * 2 + 1]);
CHECK_STATE(_hex);
CHECK_STATE(_bin);
CHECK_STATE(_bin_len)
if (high < 0 || low < 0) {
return false;
}
_bin[i] = (unsigned char) (high * 16 + low);
}
uint64_t len = strnlen(_hex, 2 * _max_length + 1);
return true;
}
CHECK_STATE(len != 2 * _max_length + 1);
CHECK_STATE(len <= 2 * _max_length);
bool hex2carray2(const char *_hex, uint64_t *_bin_len,
uint8_t *_bin, const int _max_length) {
int len = strnlen(_hex, _max_length);
if (len == 0 && len % 2 == 1)
return false;
*_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) {
for (uint64_t i = 0; i < len / 2; i++) {
int high = char2int((char) _hex[i * 2]);
int low = char2int((char) _hex[i * 2 + 1]);
......@@ -134,13 +132,20 @@ bool hex2carray2(const char *_hex, uint64_t *_bin_len,
bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex,
char *_sig) {
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
CHECK_STATE(_sig);
auto keyStr = make_shared<string>(_encryptedKeyHex);
auto hash = make_shared<array<uint8_t, 32>>();
auto hash = make_shared < array < uint8_t,
32 >> ();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())) {
if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -156,43 +161,39 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t
}
bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
auto hash = make_shared<array<uint8_t, 32>>();
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
CHECK_STATE(_sig);
auto hash = make_shared < array < uint8_t,
32 >> ();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())) {
if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
shared_ptr<signatures::Bls> obj;
shared_ptr <signatures::Bls> obj;
obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint = obj->HashtoG1withHint(hash);
pair <libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
string *xStr = FqToString(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string *yStr = FqToString(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
vector<char> errMsg(BUF_LEN, 0);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature[BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
......@@ -202,34 +203,30 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
int errStatus = 0;
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
sz, xStrArg, yStrArg, signature);
if (status != SGX_SUCCESS) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with status:" << status << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with errStatus:" << errStatus << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
RESTART_BEGIN
status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
sz, xStrArg, yStrArg, signature);
RESTART_END
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
std::string sig = signature;
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
string sig = signature;
sig.append(":");
sig.append(hint);
......@@ -240,36 +237,37 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
}
bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig);
}
std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
auto errMsg = make_shared<vector<char>>(BUF_LEN, 0);
string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
CHECK_STATE(errStatus);
CHECK_STATE(err_string);
CHECK_STATE(_key);
auto keyArray = make_shared < vector < char >> (BUF_LEN, 0);
auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0);
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);
unsigned int encryptedLen = 0;
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = 0;
status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
uint64_t encryptedLen = 0;
spdlog::debug("errStatus is {}", *errStatus);
spdlog::debug("errMsg is ", errMsg->data());
sgx_status_t status = SGX_SUCCESS;
if (*errStatus != 0) {
throw SGXException(-666, errMsg->data());
}
RESTART_BEGIN
status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
&encryptedLen);
RESTART_END_POINTER
if (status != SGX_SUCCESS) {
*errStatus = -1;
return "";
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
std::string result(2 * BUF_LEN, '\0');
SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1);
carray2Hex(encryptedKey->data(), encryptedLen, &result.front());
carray2Hex(encryptedKey->data(), encryptedLen, resultBuf, 2 * BUF_LEN + 1);
return result;
return string(resultBuf);
}
BLSCrypto.h
View file @ 0f995bb1
......@@ -38,13 +38,10 @@ EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t
EXTERNC int char2int(char _input);
EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray);
EXTERNC void carray2Hex(const unsigned char *d, uint64_t , char* _hexArray,
uint64_t _hexArrayLen);
EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin );
EXTERNC bool hex2carray2(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin, const int _max_length );
uint8_t* _bin, uint64_t _max_length );
std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key);
......
BLSPrivateKeyShareSGX.cpp
View file @ 0f995bb1
......@@ -25,172 +25,167 @@
#include "BLSSignature.h"
#include "BLSutils.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "secure_enclave_u.h"
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "common.h"
#include "SEKManager.h"
#include "BLSPrivateKeyShareSGX.h"
std::string *stringFromFq(libff::alt_bn128_Fq*_fq) {
mpz_t t;
mpz_init(t);
string *stringFromFq(libff::alt_bn128_Fq *_fq) {
CHECK_STATE(_fq);
_fq->as_bigint().to_mpz(t);
mpz_t t;
mpz_init(t);
char arr[mpz_sizeinbase(t, 10) + 2];
_fq->as_bigint().to_mpz(t);
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
return new std::string(tmp);
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new string(tmp);
}
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sZ = stringFromFq(&_g1->Z);
string *stringFromG1(libff::alt_bn128_G1 *_g1) {
CHECK_STATE(_g1);
auto sG1 = new std::string(*sX + ":" + *sY + ":" + *sZ);
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sZ = stringFromFq(&_g1->Z);
delete(sX);
delete(sY);
delete(sZ);
auto sG1 = new string(*sX + ":" + *sY + ":" + *sZ);
return sG1;
delete (sX);
delete (sY);
delete (sZ);
return sG1;
}
BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX(
shared_ptr<string> _encryptedKeyHex, size_t _requiredSigners,
size_t _totalSigners) {
requiredSigners = _requiredSigners;
totalSigners = _totalSigners;
shared_ptr <string> _encryptedKeyHex, size_t _requiredSigners,
size_t _totalSigners) {
requiredSigners = _requiredSigners;
totalSigners = _totalSigners;
if (requiredSigners > totalSigners) {
throw std::invalid_argument("requiredSigners > totalSigners");
}
if (requiredSigners > totalSigners) {
throw invalid_argument("requiredSigners > totalSigners");
}
if (totalSigners == 0) {
throw std::invalid_argument("totalSigners == 0");
}
if (totalSigners == 0) {
throw invalid_argument("totalSigners == 0");
}
if (_encryptedKeyHex == nullptr) {
throw std::invalid_argument("Null key");
}
if (_encryptedKeyHex == nullptr) {
throw invalid_argument("Null key");
}
if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) {
throw std::invalid_argument("Encrypted key size too long");
}
if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) {
throw invalid_argument("Encrypted key size too long");
}
encryptedKeyHex = _encryptedKeyHex;
encryptedKeyHex = _encryptedKeyHex;
}
std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
shared_ptr<signatures::Bls> obj;
string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
shared_ptr <signatures::Bls> obj;
if (hash_byte_arr == nullptr) {
std::cerr << "Hash is null" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Hash is null"));
}
CHECK_STATE(hash_byte_arr)
obj = make_shared<signatures::Bls>(
signatures::Bls(requiredSigners, totalSigners));
obj = make_shared<signatures::Bls>(
signatures::Bls(requiredSigners, totalSigners));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
obj->HashtoG1withHint(hash_byte_arr);
pair <libff::alt_bn128_G1, string> hash_with_hint =
obj->HashtoG1withHint(hash_byte_arr);
int errStatus = 0;
int errStatus = 0;
string* xStr = stringFromFq(&(hash_with_hint.first.X));
string *xStr = stringFromFq(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string* yStr = stringFromFq(&(hash_with_hint.first.Y));
string *yStr = stringFromFq(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
vector<char> errMsg(BUF_LEN, 0);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature [BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
SAFE_CHAR_BUF(xStrArg, BUF_LEN)SAFE_CHAR_BUF(yStrArg, BUF_LEN)SAFE_CHAR_BUF(signature, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
delete xStr;
delete yStr;
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
size_t sz = 0;
delete xStr;
delete yStr;
uint8_t encryptedKey[BUF_LEN];
size_t sz = 0;
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey);
SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
}
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey,
BUF_LEN);
cerr << "Key is " + *encryptedKeyHex << endl;
if (!result) {
spdlog::error("Invalid hex encrypted key");
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
sgx_status_t status = SGX_SUCCESS;
printf("sig is: %s\n", signature);
RESTART_BEGIN
status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
RESTART_END
if (status != SGX_SUCCESS) {
gmp_printf("SGX enclave call to trustedBlsSignMessage failed: 0x%04x\n", status);
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (errStatus != 0) {
BOOST_THROW_EXCEPTION(runtime_error("Enclave trustedBlsSignMessage failed:" + to_string(errStatus) + ":" + errMsg ));
}
int sigLen;
int sigLen;
if ((sigLen = strnlen(signature, 10)) < 10) {
BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen)));
}
if ((sigLen = strnlen(signature, 10)) < 10) {
BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen)));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
std::string sig = signature;
string sig = signature;
sig.append(":");
sig.append(hint);
sig.append(":");
sig.append(hint);
return sig;
return sig;
}
std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
std::string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
shared_ptr <BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
CHECK_STATE(hash_byte_arr);
string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
auto sig = make_shared<string>(signature);
auto sig = make_shared<string>(signature);
std::shared_ptr<BLSSigShare> s = std::make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners);
shared_ptr <BLSSigShare> s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners);
return s;
return s;
}
CMakeLists.txt
View file @ 0f995bb1
......@@ -20,7 +20,7 @@ add_executable(sgxwallet
secure_enclave/DHDkg.h
secure_enclave/DKGUtils.cpp
secure_enclave/DKGUtils.h
secure_enclave/DomainParameters.c
secure_enclave/DomainParameters.cpp
secure_enclave/DomainParameters.h
secure_enclave/EnclaveConstants.h
secure_enclave/NumberTheory.c
......
DKGCrypto.cpp
View file @ 0f995bb1
......@@ -21,25 +21,27 @@
@date 2019
*/
#include "DKGCrypto.h"
#include "BLSCrypto.h"
#include "sgxwallet.h"
#include <iostream>
#include <iostream>
#include <memory>
#include "SGXWalletServer.hpp"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "SGXWalletServer.hpp"
#include "BLSCrypto.h"
#include "SEKManager.h"
#include "DKGCrypto.h"
vector<string> splitString(const char *coeffs, const char symbol) {
vector <string> splitString(const char *coeffs, const char symbol) {
CHECK_STATE(coeffs);
string str(coeffs);
string delim;
delim.push_back(symbol);
vector<string> G2_strings;
vector <string> G2_strings;
size_t prev = 0, pos = 0;
do {
pos = str.find(delim, prev);
......@@ -55,13 +57,14 @@ vector<string> splitString(const char *coeffs, const char symbol) {
return G2_strings;
}
template<class T> string ConvertToString(T field_elem, int base = 10) {
template<class T>
string ConvertToString(T field_elem, int base = 10) {
mpz_t t;
mpz_init(t);
field_elem.as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, base) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, base) + 2);
mpz_get_str(arr, base, t);
mpz_clear(t);
......@@ -71,7 +74,7 @@ template<class T> string ConvertToString(T field_elem, int base = 10) {
return output;
}
string convertHexToDec(const string& hex_str) {
string convertHexToDec(const string &hex_str) {
mpz_t dec;
mpz_init(dec);
......@@ -83,7 +86,7 @@ string convertHexToDec(const string& hex_str) {
return ret;
}
char arr[mpz_sizeinbase(dec, 10) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(dec, 10) + 2);
mpz_get_str(arr, 10, dec);
ret = arr;
} catch (exception &e) {
......@@ -97,7 +100,7 @@ string convertHexToDec(const string& hex_str) {
return ret;
}
string convertG2ToString(const libff::alt_bn128_G2& elem, int base, const string& delim) {
string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string &delim) {
string result = "";
try {
......@@ -123,109 +126,102 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base, const string
}
string gen_dkg_poly(int _t) {
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint64_t enc_len = 0;
vector<uint8_t> encrypted_dkg_secret(BUF_LEN, 0);
vector <uint8_t> encrypted_dkg_secret(BUF_LEN, 0);
uint32_t enc_len = 0;
sgx_status_t status = SGX_SUCCESS;
status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
if (errStatus != 0) {
spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data());
spdlog::debug("in DKGCrypto encr len is {}", enc_len);
throw SGXException(-666, errMsg.data());
}
RESTART_BEGIN
status = trustedGenDkgSecret(
eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
RESTART_END
if (status != 0) {
spdlog::debug("trustedGenDkgSecret, status {}", status, " err msg ", errMsg.data());
spdlog::debug("in DKGCrypto encr len is {}", enc_len);
throw SGXException(-666, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
uint64_t length = enc_len;;
vector<char> hexEncrPoly(2 * length + 1, 0);
vector<char> hexEncrPoly(BUF_LEN, 0);
CHECK_STATE(encrypted_dkg_secret.size() >= length);
carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data());
carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data(), BUF_LEN);
string result(hexEncrPoly.data());
return result;
}
vector<vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int n) {
vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int n) {
CHECK_STATE(encryptedPolyHex);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
spdlog::debug("got encr poly size {}", char_traits<char>::length(encryptedPolyHex));
vector<char> pubShares(10000, 0);
uint64_t encLen = 0;
vector<uint8_t> encrDKGPoly(2 * BUF_LEN, 0);
vector <uint8_t> encrDKGPoly(2 * BUF_LEN, 0);
if (!hex2carray2(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) {
if (!hex2carray(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex));
spdlog::debug("enc len {}", encLen);
status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
pubShares.data(), t, n);
if (errStatus != 0) {
throw SGXException(-666, errMsg.data());
}
sgx_status_t status = SGX_SUCCESS;
if (status != 0) {
throw SGXException(-666, errMsg.data());
}
spdlog::debug("err msg is {}", errMsg.data());
RESTART_BEGIN
status = trustedGetPublicShares(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
pubShares.data(), t, n);
RESTART_END
spdlog::debug("public_shares:");
spdlog::debug("{}", pubShares.data());;
spdlog::debug("trustedGetPublicShares status: {}", errStatus);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
vector<string> g2Strings = splitString(pubShares.data(), ',');
vector<vector<string>> pubSharesVect;
vector <string> g2Strings = splitString(pubShares.data(), ',');
vector <vector<string>> pubSharesVect;
for (uint64_t i = 0; i < g2Strings.size(); i++) {
vector<string> coeffStr = splitString(g2Strings.at(i).c_str(), ':');
vector <string> coeffStr = splitString(g2Strings.at(i).c_str(), ':');
pubSharesVect.push_back(coeffStr);
}
return pubSharesVect;
}
string trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector<string> &_publicKeys,
int _t,
int _n) {
string
getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector <string> &_publicKeys,
int _t,
int _n) {
CHECK_STATE(_encryptedPolyHex);
vector<char> hexEncrKey(BUF_LEN, 0);
vector<char> errMsg1(BUF_LEN, 0);
vector <uint8_t> encrDKGPoly(BUF_LEN, 0);
int errStatus = 0;
uint64_t encLen = 0;
vector<uint8_t> encrDKGPoly(BUF_LEN, 0);
if (!hex2carray2(_encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) {
if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
sgx_status_t status = SGX_SUCCESS;
if (status != SGX_SUCCESS || errStatus != 0) {
throw SGXException(-666, errMsg1.data());
}
READ_LOCK(initMutex);
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
string result;
for (int i = 0; i < _n; i++) {
vector<uint8_t> encryptedSkey(BUF_LEN, 0);
uint32_t decLen;
vector <uint8_t> encryptedSkey(BUF_LEN, 0);
uint64_t decLen;
vector<char> currentShare(193, 0);
vector<char> sShareG2(320, 0);
......@@ -237,129 +233,135 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol
spdlog::debug("pubKeyB is {}", pub_keyB);
trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
sgx_status_t status = SGX_SUCCESS;
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
i + 1);
if (errStatus != 0) {
throw SGXException(-666, errMsg1.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
spdlog::debug("cur_share is {}", currentShare.data());
result += string(currentShare.data());
spdlog::debug("dec len is {}", decLen);
carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data());
carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data(), BUF_LEN);
string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":";
spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data());
spdlog::debug("name to write to db is {}", dhKeyName);
SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
spdlog::debug("name to write to db is {}", shareG2_name);
spdlog::debug("s_shareG2: {}", sShareG2.data());
SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
spdlog::debug("errMsg: {}", errMsg1.data());
}
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
SGXWalletServer::writeDataToDB(encryptedSecretShareName, result);
return result;
}
bool
verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
char errMsg[BUF_LEN];
CHECK_STATE(publicShares);
CHECK_STATE(encr_sshare);
CHECK_STATE(encryptedKeyHex);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint64_t decKeyLen = 0;
int result = 0;
uint64_t decKeyLen;
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) {
SAFE_UINT8_BUF(encr_key, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
int result;
spdlog::debug("publicShares length is {}", char_traits<char>::length(publicShares));
char pshares[8193];
memset(pshares, 0, 8193);
SAFE_CHAR_BUF(pshares, 8193);
strncpy(pshares, publicShares, strlen(publicShares));
trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result);
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
throw SGXException(-666, errMsg);
}
RESTART_BEGIN
status = trustedDkgVerify(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
ind, &result);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (result == 2) {
throw SGXException(INVALID_HEX, "Invalid public shares");
}
spdlog::debug("errMsg1: {}", errMsg);
spdlog::debug("result is: {}", result);
return result;
}
bool CreateBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
spdlog::debug("ENTER CreateBLSShare");
bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
CHECK_STATE(s_shares);
CHECK_STATE(encryptedKeyHex);
char errMsg[BUF_LEN];
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint64_t decKeyLen;
uint8_t encr_bls_key[BUF_LEN];
memset(encr_bls_key, 0, BUF_LEN);
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) {
uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
uint32_t enc_bls_len = 0;
uint64_t enc_bls_len = 0;
trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len);
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
spdlog::error(errMsg);
spdlog::error("status {}", errStatus);
throw SGXException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
} else {
char hexBLSKey[2 * BUF_LEN];
RESTART_BEGIN
status = trustedCreateBlsKey(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
&enc_bls_len);
RESTART_END
carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey);
SAFE_CHAR_BUF(hexBLSKey, 2 * BUF_LEN)
carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN);
SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey);
return true;
return true;
}
}
vector<string> GetBLSPubKey(const char *encryptedKeyHex) {
char errMsg1[BUF_LEN];
vector <string> getBLSPubKey(const char *encryptedKeyHex) {
CHECK_STATE(encryptedKeyHex);
vector<char> errMsg1(BUF_LEN, 0);
int errStatus = 0;
uint64_t decKeyLen = 0;
uint64_t decKeyLen;
uint8_t encrKey[BUF_LEN];
if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey)) {
SAFE_UINT8_BUF(encrKey, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
char pubKey[320];
spdlog::debug("decKeyLen is {}", decKeyLen);
SAFE_CHAR_BUF(pubKey, 320)
trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey);
if (errStatus != 0) {
spdlog::error(string(errMsg1) + " . Status is {}", errStatus);
throw SGXException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
}
vector<string> pubKeyVect = splitString(pubKey, ':');
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedGetBlsPubKey(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
vector <string> pubKeyVect = splitString(pubKey, ':');
spdlog::debug("errMsg1 is {}", errMsg1);
spdlog::debug("pub key is ");
for (int i = 0; i < 4; i++)
spdlog::debug("{}", pubKeyVect.at(i));
......@@ -367,15 +369,15 @@ vector<string> GetBLSPubKey(const char *encryptedKeyHex) {
return pubKeyVect;
}
vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares) {
vector <string> calculateAllBlsPublicKeys(const vector <string> &public_shares) {
size_t n = public_shares.size();
size_t t = public_shares[0].length() / 256;
uint64_t share_length = 256;
uint8_t coord_length = 64;
vector<libff::alt_bn128_G2> public_keys(n, libff::alt_bn128_G2::zero());
vector <libff::alt_bn128_G2> public_keys(n, libff::alt_bn128_G2::zero());
vector<libff::alt_bn128_G2> public_values(t, libff::alt_bn128_G2::zero());
vector <libff::alt_bn128_G2> public_values(t, libff::alt_bn128_G2::zero());
for (size_t i = 0; i < n; ++i) {
for (size_t j = 0; j < t; ++j) {
libff::alt_bn128_G2 public_share;
......@@ -408,7 +410,7 @@ vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares) {
public_keys[i].to_affine_coordinates();
}
vector<string> result(n);
vector <string> result(n);
for (size_t i = 0; i < n; ++i) {
result[i] = convertG2ToString(public_keys[i]);
}
......@@ -417,37 +419,37 @@ vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares) {
}
string decryptDHKey(const string &polyName, int ind) {
vector<char> errMsg1(1024, 0);
vector<char> errMsg1(BUF_LEN, 0);
int errStatus = 0;
string DH_key_name = polyName + "_" + to_string(ind) + ":";
shared_ptr<string> hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_");
shared_ptr <string> hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_");
spdlog::debug("encr DH key is {}", *hexEncrKeyPtr);
vector<char> hexEncrKey(2 * BUF_LEN, 0);
uint64_t dhEncLen = 0;
uint8_t encryptedDHKey[BUF_LEN];
if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey)) {
uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid hexEncrKey");
}
spdlog::debug("encr DH key length is {}", dhEncLen);
spdlog::debug("hex encr DH key length is {}", hexEncrKeyPtr->length());
char DHKey[ECDSA_SKEY_LEN];
SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN);
trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
throw SGXException(errStatus, "decrypt key failed in enclave");
}
RESTART_BEGIN
status = trustedDecryptKey(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
return DHKey;
}
vector<string> mult_G2(const string &x) {
vector<string> result(4);
vector <string> mult_G2(const string &x) {
vector <string> result(4);
libff::alt_bn128_Fr el(x.c_str());
libff::alt_bn128_G2 elG2 = el * libff::alt_bn128_G2::one();
elG2.to_affine_coordinates();
......
DKGCrypto.h
View file @ 0f995bb1
......@@ -37,15 +37,15 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
vector<string> splitString(const char* coeffs, const char symbol);
string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
string decryptDHKey(const string& polyName, int ind);
bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
vector<string> GetBLSPubKey(const char * encryptedKeyHex);
vector<string> getBLSPubKey(const char * encryptedKeyHex);
vector<string> mult_G2(const string& x);
......@@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s
vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares);
bool TestCreateBLSShare( const char * s_shares);
bool testCreateBLSShare( const char * s_shares);
#endif //SGXD_DKGCRYPTO_H
ECDSACrypto.cpp
View file @ 0f995bb1
......@@ -38,6 +38,7 @@
#include "BLSCrypto.h"
#include "SEKManager.h"
#include "ECDSACrypto.h"
void fillRandomBuffer(vector<unsigned char> &_buffer) {
......@@ -48,36 +49,39 @@ void fillRandomBuffer(vector<unsigned char> &_buffer) {
}
vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector <uint8_t> encr_pr_key(1024, 0);
vector<char> pub_key_x(1024, 0);
vector<char> pub_key_y(1024, 0);
vector <uint8_t> encr_pr_key(BUF_LEN, 0);
vector<char> pub_key_x(BUF_LEN, 0);
vector<char> pub_key_y(BUF_LEN, 0);
uint32_t enc_len = 0;
uint64_t enc_len = 0;
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedGenerateEcdsaKey(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
if (status != SGX_SUCCESS || errStatus != 0) {
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data(),
BUF_LEN * 2);
keys.at(0) = hexEncrKey.data();
keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
vector<unsigned char> randBuffer(32, 0);
fillRandomBuffer(randBuffer);
vector<char> rand_str(64, 0);
vector<char> rand_str(BUF_LEN, 0);
carray2Hex(randBuffer.data(), 32, rand_str.data());
carray2Hex(randBuffer.data(), 32, rand_str.data(), BUF_LEN);
keys.at(2) = rand_str.data();
......@@ -95,22 +99,20 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
int errStatus = 0;
uint64_t enc_len = 0;
if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data())) {
if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data(),
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(-666, errMsg.data());
}
RESTART_BEGIN
status = trustedGetPublicEcdsaKey(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
if (status != SGX_SUCCESS) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(666, "failed to get ECDSA public key");
}
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());
if (pubKey.size() != 128) {
......@@ -123,6 +125,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
const char *signatureS, int base) {
CHECK_STATE(hashHex)
CHECK_STATE(signatureR)
CHECK_STATE(signatureS)
auto x = pubKeyStr.substr(0, 64);
auto y = pubKeyStr.substr(64, 128);
......@@ -166,38 +173,40 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
}
vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *hashHex, int base) {
CHECK_STATE(hashHex);
vector <string> signatureVector(3);
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
vector<char> signatureR(BUF_LEN, 0);
vector<char> signatureS(BUF_LEN, 0);
vector<uint8_t> encryptedKey(BUF_LEN, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
string pubKeyStr = "";
if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) {
if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data(),
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
spdlog::error("failed to sign {}", errStatus);
throw SGXException(666, errMsg.data());
}
RESTART_BEGIN
status = trustedEcdsaSign(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (status != SGX_SUCCESS) {
spdlog::error("failed to sign in enclave {}", status);
throw SGXException(666, "failed to sign");
}
signatureVector.at(0) = to_string(signatureV);
if (base == 16) {
signatureVector.at(1) = "0x" + string(signatureR.data());
signatureVector.at(2) = "0x" + string(signatureS.data());
......
ECDSAImpl.c
View file @ 0f995bb1
#include "secure_enclave/Point.c"
#include "secure_enclave/DomainParameters.c"
#include "secure_enclave/DomainParameters.cpp"
#include "secure_enclave/NumberTheory.c"
#include "secure_enclave/Signature.c"
#include "secure_enclave/Curves.c"
LevelDB.cpp
View file @ 0f995bb1
......@@ -154,17 +154,16 @@ std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
return keys;
}
void LevelDB::writeDataUnique(const string & Name, const string &value) {
auto key = Name;
void LevelDB::writeDataUnique(const string & name, const string &value) {
auto key = name;
if (readString(Name) != nullptr) {
spdlog::debug("name {}",Name, " already exists");
if (readString(name)) {
spdlog::debug("Name {} already exists", name);
throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
}
writeString(key, value);
}
......
Makefile.am
View file @ 0f995bb1
......@@ -64,6 +64,7 @@ bin_PROGRAMS = sgxwallet testw cert_util
## You can't use $(wildcard ...) with automake so all source files
## have to be explicitly listed.
## have to be explicitly listed
COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp BLSCrypto.cpp \
......@@ -102,7 +103,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in
-l:libbls.a -l:libleveldb.a \
-l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
-ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
-lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs
-lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs
testw_SOURCES=testw.cpp $(COMMON_SRC)
......
SEKManager.cpp
View file @ 0f995bb1
......@@ -21,21 +21,25 @@
@date 2020
*/
#include "SEKManager.h"
#include "SGXException.h"
#include "BLSCrypto.h"
#include "LevelDB.h"
#include <fstream>
#include <iostream>
#include <algorithm>
#include "third_party/spdlog/spdlog.h"
#include "sgxwallet_common.h"
#include "common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "BLSCrypto.h"
#include "LevelDB.h"
#include "ServerDataChecker.h"
#include "third_party/spdlog/spdlog.h"
#include "ServerInit.h"
#include "SEKManager.h"
using namespace std;
......@@ -52,82 +56,90 @@ bool case_insensitive_match(string s1, string s2) {
void create_test_key() {
int errStatus = 0;
vector<char> errMsg(1024, 0);
uint32_t enc_len;
uint64_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_key, BUF_LEN);
string key = TEST_VALUE;
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if (status != SGX_SUCCESS) {
cerr << "encrypt test key failed with status " << status << endl;
throw SGXException(status, errMsg.data());
}
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
cerr << "encrypt test key failed with status " << errStatus << endl;
throw SGXException(errStatus, errMsg.data());
{
READ_LOCK(initMutex);
status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
vector<char> hexEncrKey(2 * enc_len + 1, 0);
uint64_t test_len;
vector <uint8_t> test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
cerr << "wrong encrypted test key" << endl;
}
carray2Hex(encrypted_key, enc_len, hexEncrKey.data(), 2 * enc_len + 1);
LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data());
}
shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
void validate_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
vector <uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
spdlog::error("wrong test key");
exit(-1);
}
vector<char> decr_key(BUF_LEN, 0);
uint64_t len = 0;
vector<char> errMsg(BUF_LEN, 0);
vector<char> decr_key(1024, 0);
vector<char> errMsg(1024, 0);
int err_status = 0;
auto encrypted_SEK = make_shared < vector < uint8_t >> (1024, 0);
uint32_t l = len;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
if (status != SGX_SUCCESS) {
spdlog::error("trustedSetSEK_backup failed with error code {}", status);
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(),
BUF_LEN)) {
spdlog::error("Corrupt test key is LevelDB");
exit(-1);
}
if (err_status != 0) {
spdlog::error("trustedSetSEK_backup failed with error status {}", status);
exit(-1);
}
sgx_status_t status = SGX_SUCCESS;
status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0) {
spdlog::error("Failed to decrypt test key");
spdlog::error(errMsg.data());
exit(-1);
{
READ_LOCK(initMutex);
status = trustedDecryptKey(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data()) != 0) {
spdlog::error("Invalid SEK");
spdlog::error("Invalid storage key. You need to recover using backup key");
spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
spdlog::error("Then run sgxwallet using backup flag");
exit(-1);
}
}
shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
vector<char> decr_key(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
int err_status = 0;
auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0);
uint64_t l = 0;
sgx_status_t status = SGX_SUCCESS;
{
READ_LOCK(initMutex);
status = trustedSetSEKBackup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
SEK.c_str());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
encrypted_SEK->resize(l);
validate_SEK();
return encrypted_SEK;
}
......@@ -135,30 +147,31 @@ void gen_SEK() {
vector<char> errMsg(1024, 0);
int err_status = 0;
vector <uint8_t> encrypted_SEK(1024, 0);
uint32_t enc_len = 0;
uint64_t enc_len = 0;
char SEK[65];
memset(SEK, 0, 65);
SAFE_CHAR_BUF(SEK, 65);
spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS) {
throw SGXException(status, errMsg.data());
}
sgx_status_t status = SGX_SUCCESS;
{
if (err_status != 0) {
throw SGXException(err_status, errMsg.data());
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
if (strnlen(SEK, 33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32");
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data());
carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data(), 2 * enc_len + 1);
spdlog::info(string("Encrypted storage encryption key:") + hexEncrKey.data());
ofstream sek_file(BACKUP_PATH);
sek_file.clear();
......@@ -185,31 +198,51 @@ void gen_SEK() {
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
validate_SEK();
shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
setSEK(encrypted_SEK_ptr);
validate_SEK();
}
void reinitEnclave() {
// unfortunately process needs to be restarted to reinit enclave
// exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the
// wallet
exit(3);
}
void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void setSEK(shared_ptr <string> hex_encrypted_SEK) {
CHECK_STATE(hex_encrypted_SEK);
vector<char> errMsg(1024, 0);
int err_status = 0;
uint8_t encrypted_SEK[BUF_LEN];
memset(encrypted_SEK, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_SEK, BUF_LEN);
uint64_t len;
uint64_t len = 0;
if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) {
if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK,
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data());
sgx_status_t status = SGX_SUCCESS;
{
status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
}
if (err_status != 0) {
cerr << "RPCException thrown" << endl;
throw SGXException(err_status, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
validate_SEK();
}
#include "experimental/filesystem"
......@@ -218,7 +251,6 @@ void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void enter_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
if (test_key_ptr == nullptr) {
spdlog::error("Error: corrupt or empty LevelDB database");
......@@ -251,7 +283,8 @@ void enter_SEK() {
vector<char> hexEncrKey(BUF_LEN, 0);
carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data());
carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data(),
BUF_LEN);
spdlog::info("Got sealed storage encryption key.");
......@@ -274,7 +307,7 @@ void initSEK() {
spdlog::warn("SEK was not created yet. Going to create SEK");
gen_SEK();
} else {
trustedSetSEK(encrypted_SEK_ptr);
setSEK(encrypted_SEK_ptr);
}
}
}
......
SEKManager.h
View file @ 0f995bb1
......@@ -32,7 +32,7 @@
void gen_SEK();
#ifdef __cplusplus
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK);
void setSEK(std::shared_ptr<std::string> hex_encr_SEK);
#endif
#ifdef __cplusplus
......@@ -45,4 +45,11 @@ EXTERNC void enter_SEK();
EXTERNC void initSEK();
EXTERNC void setSEK();
EXTERNC void reinitEnclave();
#endif //SGXD_SEKMANAGER_H
SGXWalletServer.cpp
View file @ 0f995bb1
......@@ -54,6 +54,9 @@
using namespace std;
std::shared_timed_mutex initMutex;
uint64_t initTime;
void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) {
spdlog::info("Entering {}", __FUNCTION__);
......@@ -243,6 +246,7 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
}
value = readFromDb(_keyShareName);
if (!bls_sign(value->c_str(), _messageHash.c_str(), t, n, signature.data())) {
throw SGXException(-1, "Could not sign data ");
}
......@@ -402,7 +406,6 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["secretShare"] = "";
result["SecretShare"] = "";
try {
if (_pubKeys.size() != (uint64_t) _n) {
......@@ -425,9 +428,15 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
result["SecretShare"] = s;
string secret_share_name = "encryptedSecretShare:" + _polyName;
shared_ptr <string> encryptedSecretShare = checkDataFromDb(secret_share_name);
if (encryptedSecretShare != nullptr) {
result["secretShare"] = *encryptedSecretShare.get();
} else {
string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
......@@ -489,7 +498,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
bool res = createBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
if (res) {
spdlog::info("BLS KEY SHARE CREATED ");
} else {
......@@ -504,6 +513,9 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
}
LevelDB::getLevelDb()->deleteKey(_polyName);
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName);
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result);
......@@ -519,7 +531,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
}
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
vector <string> public_key_vect = getBLSPubKey(encryptedKeyHex_ptr->c_str());
for (uint8_t i = 0; i < 4; i++) {
result["blsPublicKeyShare"][i] = public_key_vect.at(i);
}
......@@ -562,7 +574,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu
vector<string> public_keys = calculateAllBlsPublicKeys(public_shares);
if (public_keys.size() != n) {
if (public_keys.size() != (uint64_t)n) {
throw SGXException(UNKNOWN_ERROR, "");
}
......@@ -590,6 +602,18 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
result["share*G2"] = *shareG2_ptr;
result["dhKey"] = DHKey;
// TODO: delete dh keys
// for (int i = 0; i < _n; i++) {
// string name = _polyName + "_" + to_string(i) + ":";
// LevelDB::getLevelDb()->deleteDHDKGKey(name);
// string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
// LevelDB::getLevelDb()->deleteKey(shareG2_name);
// }
LevelDB::getLevelDb()->deleteKey(_polyName);
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName);
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result);
......@@ -738,7 +762,7 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) {
}
shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
auto dataStr = checkDataFromDb(prefix + name);
if (dataStr == nullptr) {
throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
......@@ -747,6 +771,12 @@ shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string
return dataStr;
}
shared_ptr <string> SGXWalletServer::checkDataFromDb(const string &name, const string &prefix) {
auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
return dataStr;
}
void SGXWalletServer::writeKeyShare(const string &_keyShareName, const string &_value) {
if (LevelDB::getLevelDb()->readString(_keyShareName) != nullptr) {
throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Key share with this name already exists");
......
SGXWalletServer.hpp
View file @ 0f995bb1
......@@ -90,6 +90,8 @@ public:
static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
static void writeDataToDB(const string &Name, const string &value);
static void writeKeyShare(const string &_keyShareName, const string &_value);
......
ServerDataChecker.cpp
View file @ 0f995bb1
......@@ -72,7 +72,7 @@ bool checkECDSAKeyName(const string& keyName) {
bool checkHex(const string& hex, const uint32_t sizeInBytes){
if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
spdlog::error("key is too long or zero - ", hex.length());
spdlog::error("key is too long or zero {} ", hex.length());
return false;
}
......
ServerInit.cpp
View file @ 0f995bb1
......@@ -57,6 +57,8 @@
#include "SGXException.h"
#include "SGXWalletServer.hpp"
uint32_t enclaveLogLevel = 0;
void initUserSpace() {
libff::inhibit_profiling_counters = true;
......@@ -66,9 +68,8 @@ void initUserSpace() {
LevelDB::initDataFolderAndDBs();
}
void initEnclave(uint32_t _logLevel) {
eid = 0;
updated = 0;
uint64_t initEnclave() {
#ifndef SGX_HW_SIM
unsigned long support;
......@@ -81,35 +82,57 @@ void initEnclave(uint32_t _logLevel) {
spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
sgx_status_t status = SGX_SUCCESS;
if (status != SGX_SUCCESS) {
if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME);
spdlog::error("Did you forget to set LD_LIBRARY_PATH?");
} else {
spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
{
WRITE_LOCK(initMutex);
if (eid != 0) {
if (sgx_destroy_enclave(eid) != SGX_SUCCESS) {
spdlog::error("Could not destroy enclave");
}
}
exit(1);
}
spdlog::info("Enclave created and started successfully");
eid = 0;
updated = 0;
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
if (status != SGX_SUCCESS) {
if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME);
spdlog::error("Did you forget to set LD_LIBRARY_PATH?");
} else {
spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
}
exit(1);
}
spdlog::info("Enclave created and started successfully");
status = trustedEnclaveInit(eid, enclaveLogLevel);
}
status = trustedEnclaveInit(eid, _logLevel);
if (status != SGX_SUCCESS) {
spdlog::error("trustedEnclaveInit failed: {}", status);
exit(1);
return status;
}
spdlog::info("Enclave libtgmp library and logging initialized successfully");
return SGX_SUCCESS;
}
void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
static atomic<bool> sgxServerInited(false);
static mutex initMutex;
enclaveLogLevel = _logLevel;
lock_guard <mutex> lock(initMutex);
......@@ -122,7 +145,19 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
CHECK_STATE(sgxServerInited != 1)
sgxServerInited = 1;
initEnclave(_logLevel);
uint64_t counter = 0;
uint64_t initResult = 0;
while ((initResult = initEnclave()) != 0 && counter < 10){
sleep(1);
counter ++;
}
if (initResult != 0) {
spdlog::error("Coult not init enclave");
}
initUserSpace();
initSEK();
......@@ -136,12 +171,15 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
sgxServerInited = true;
} catch (SGXException &_e) {
spdlog::error(_e.getMessage());
exit(-1);
} catch (exception &_e) {
spdlog::error(_e.what());
exit(-1);
}
catch (...) {
exception_ptr p = current_exception();
printf("Exception %s \n", p.__cxa_exception_type()->name());
spdlog::error("Unknown exception");
exit(-1);
}
};
ServerInit.h
View file @ 0f995bb1
......@@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign);
EXTERNC void initUserSpace();
EXTERNC void initEnclave(uint32_t _logLevel);
EXTERNC uint64_t initEnclave();
......
TestUtils.cpp
View file @ 0f995bb1
......@@ -32,6 +32,7 @@
#include "third_party/intel/create_enclave.h"
#include "secure_enclave_u.h"
#include "third_party/intel/sgx_detect.h"
#include "third_party/spdlog/spdlog.h"
#include <gmp.h>
#include <sgx_urts.h>
#include <stdio.h>
......@@ -218,7 +219,7 @@ void TestUtils::sendRPCRequest() {
auto hash_arr = make_shared < array < uint8_t, 32 >> ();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) {
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -351,7 +352,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t,
auto hash_arr = make_shared<array<uint8_t, 32 >>();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) {
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......
VERSION
View file @ 0f995bb1
1.58.0
\ No newline at end of file
1.58.5
\ No newline at end of file
common.h
View file @ 0f995bb1
......@@ -32,6 +32,8 @@ using namespace std;
#include <map>
#include <memory>
#include <boost/throw_exception.hpp>
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h"
......@@ -50,10 +52,64 @@ inline std::string className(const std::string &prettyFunction) {
#define __CLASS_NAME__ className( __PRETTY_FUNCTION__ )
#include <execinfo.h>
inline void print_stack() {
void *array[10];
size_t size;
// get void*'s for all entries on the stack
size = backtrace(array, 10);
// print out all the frames to stderr
fprintf(stderr, "Error: signal \n");
backtrace_symbols_fd(array, size, STDERR_FILENO);
exit(1);
}
#define CHECK_STATE(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
auto __msg__ = std::string("State check failed::") + #_EXPRESSION_ + " " + std::string(__FILE__) + ":" + std::to_string(__LINE__); \
print_stack(); \
throw InvalidStateException(__msg__, __CLASS_NAME__);}
#define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \
if (__STATUS__ != SGX_SUCCESS) { \
string __ERR_STRING__ = string("SGX enclave call to ") + \
__FUNCTION__ + " failed with status:" \
+ to_string(__STATUS__) + \
" Err message:" + __ERR_MSG__; \
BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \
}\
\
if (__ERR_STATUS__ != 0) {\
string __ERR_STRING__ = string("SGX enclave call to ") +\
__FUNCTION__ + " failed with errStatus:" + \
to_string(__ERR_STATUS__) + \
" Err message:" + __ERR_MSG__;\
BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#include <shared_mutex>
extern std::shared_timed_mutex initMutex;
extern uint64_t initTime;
#if SGX_MODE == SIM
#define ENCLAVE_RESTART_PERIOD_S 5
#else
#define ENCLAVE_RESTART_PERIOD_S 60 * 10
#endif
#define READ_LOCK(__X__) std::shared_lock<std::shared_timed_mutex> __LOCK__(__X__);
#define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);
#endif //SGXWALLET_COMMON_H
docker/start.sh
View file @ 0f995bb1
......@@ -43,8 +43,10 @@ fi
if [[ "$1" == "-t" ]]; then
echo "Test run requested"
sleep 5
./testw.py
else
sleep 3
./sgxwallet $1 $2 $3 $4 $5
fi
docs/backup-procedure.md
View file @ 0f995bb1
......@@ -2,12 +2,12 @@
# SGXWallet Backup Procedure
When SGXWallet is initialized, the server will print the backup key.
When SGXWallet is initialized, the server will write the backup key into `sgx_data/sgxwallet_backup_key.txt`.
**This key must be securely recorded and stored.**
Be sure to store this key in a safe place, then go into a docker container and securely remove it with the following command:
```bash
docker exec -it <SGX_CONTAINER_NAME> bash && apt-get install secure-delete && srm -vz backup_key.txt
docker exec -it <SGX_CONTAINER_NAME> bash && srm -vz ./sgx_data/sgxwallet_backup_key.txt
```
Master-Slave replication is recommended to support the SGXWallet backup strategy. Below are general instructions for a basic backup and recovery process.
......@@ -30,24 +30,12 @@ docker-compose down
command: -s -y -d -b
```
2. Edit the `docker-compose.yml` and add `stdin_open: true` option. For example:
```yaml
version: "3"
services:
sgxwallet:
image: skalenetwork/sgxwallet:latest
stdin_open: true
```
3. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory.
2. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory.
3. Create file `sgx_data/sgxwallet_backup_key.txt` in the recovery directory and write the backup key into it.
4. Execute:
```bash
docker-compose up -d
```
5. Open another terminal window and run `docker attach container_name` there.
6. Enter the backup key when prompted.
7. Edit the `docker-compose.yml` file, remove the `-b` flag and `stdin_open: true` option.
5. Edit the `docker-compose.yml` file, remove the `-b` flag.
run_sgx/docker-compose.yml
View file @ 0f995bb1
......@@ -2,6 +2,7 @@ version: '3'
services:
sgxwallet:
image: skalenetwork/sgxwallet:latest
restart: always
ports:
- "1026:1026"
- "1027:1027"
......
run_sgx_sim/docker-compose.yml
View file @ 0f995bb1
......@@ -2,6 +2,7 @@ version: '3'
services:
sgxwallet:
image: skalenetwork/sgxwallet_sim:develop-latest
restart: always
ports:
- "1026:1026"
- "1027:1027"
......
secure_enclave/AESUtils.c
View file @ 0f995bb1
......@@ -27,9 +27,23 @@
#include "stdlib.h"
#include <string.h>
#include "AESUtils.h"
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
sgx_aes_gcm_128bit_key_t AES_key[1024];
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type,
unsigned char exportable, uint64_t* resultLen) {
if (!type) {
LOG_ERROR("Null type in AES_encrypt");
return -1;
}
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
......@@ -41,25 +55,38 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
return -2;
}
uint64_t len = strlen(message);
uint64_t len = strlen(message) + 1;
if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}
SAFE_CHAR_BUF(fullMessage, len + 2);
fullMessage[0] = type;
fullMessage[1] = exportable;
strncpy(fullMessage + 2, message, len );
len = len + 2;
message = fullMessage;
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[512]), (uint8_t*)message, len,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
*resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
return status;
}
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
uint8_t *type, uint8_t* exportable){
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
......@@ -71,6 +98,16 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return -2;
}
if (!type) {
LOG_ERROR("Null type in AES_encrypt");
return -3;
}
if (!encr_message) {
LOG_ERROR("Null exportable in AES_encrypt");
return -4;
}
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
......@@ -86,12 +123,18 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
(unsigned char*) message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);
*type = message[0];
*exportable = message[1];
for (int i = 2; i < strlen(message) + 1; i++) {
message[i - 2 ] = message[i];
}
return status;
}
secure_enclave/AESUtils.h
View file @ 0f995bb1
......@@ -24,10 +24,22 @@
#ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_key[1024];
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
unsigned char type, unsigned char exportable, uint64_t* resultLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
uint8_t *type, uint8_t* exportable) ;
#define ECDSA '1'
#define BLS '2'
#define DKG '3'
#define EXPORTABLE '1'
#define NON_EXPORTABLE '2'
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
#endif //SGXD_AESUTILS_H
secure_enclave/DomainParameters.c secure_enclave/DomainParameters.cpp
View file @ 0f995bb1
......@@ -31,10 +31,13 @@
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include "EnclaveCommon.h"
#include "Point.h"
#include "DomainParameters.h"
#define CHECK_ARG_ABORT(_EXPRESSION_) \
......@@ -46,16 +49,27 @@
/*Initialize a curve*/
domain_parameters domain_parameters_init()
{
domain_parameters curve;
curve = calloc(sizeof(struct domain_parameters_s),1);
curve = (domain_parameters) calloc(sizeof(struct domain_parameters_s),1);
CHECK_ARG_ABORT(curve);
//Initialize all members
mpz_init(curve->p);
mpz_init(curve->a);
mpz_init(curve->b);
mpz_init(curve->n);
mpz_init(curve->h);
curve->G = point_init();
mpz_init(curve->n);
mpz_init(curve->h);
CHECK_ARG_ABORT(curve->G);
return curve;
}
......
secure_enclave/EnclaveCommon.cpp
View file @ 0f995bb1
......@@ -173,14 +173,25 @@ void enclave_init() {
return;
inited = 1;
LOG_INFO("Initing libff");
try {
LOG_INFO("Initing params");
libff::init_alt_bn128_params();
LOG_INFO("Initing curve");
curve = domain_parameters_init();
LOG_INFO("Initing curve domain");
domain_parameters_load_curve(curve, secp256k1);
} catch (exception& e) {
LOG_ERROR("Exception in libff init");
LOG_ERROR(e.what());
abort();
} catch (...) {
LOG_ERROR("Unknown exception in libff");
abort();
}
LOG_INFO("Inited libff");
}
......@@ -345,19 +356,19 @@ void logMsg(log_level _level, const char *_msg) {
}
EXTERNC void LOG_INFO(const char *_msg) {
void LOG_INFO(const char *_msg) {
logMsg(L_INFO, _msg);
};
EXTERNC void LOG_WARN(const char *_msg) {
void LOG_WARN(const char *_msg) {
logMsg(L_WARNING, _msg);
};
EXTERNC void LOG_ERROR(const char *_msg) {
void LOG_ERROR(const char *_msg) {
logMsg(L_ERROR, _msg);
};
EXTERNC void LOG_DEBUG(const char *_msg) {
void LOG_DEBUG(const char *_msg) {
logMsg(L_DEBUG, _msg);
};
EXTERNC void LOG_TRACE(const char *_msg) {
void LOG_TRACE(const char *_msg) {
logMsg(L_TRACE, _msg);
};
secure_enclave/Makefile.am
View file @ 0f995bb1
......@@ -83,8 +83,8 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......
secure_enclave/Makefile.in
View file @ 0f995bb1
......@@ -108,9 +108,9 @@ PROGRAMS = $(libexec_PROGRAMS)
am__objects_1 =
am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \
secure_enclave.$(OBJEXT) Curves.$(OBJEXT) \
DomainParameters.$(OBJEXT) NumberTheory.$(OBJEXT) \
Point.$(OBJEXT) Signature.$(OBJEXT) DHDkg.$(OBJEXT) \
AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) EnclaveCommon.$(OBJEXT) \
NumberTheory.$(OBJEXT) Point.$(OBJEXT) Signature.$(OBJEXT) \
DHDkg.$(OBJEXT) AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) \
EnclaveCommon.$(OBJEXT) DomainParameters.$(OBJEXT) \
alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \
alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1)
secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS)
......@@ -337,8 +337,8 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml
ENCLAVE_KEY = test_insecure_private_key.pem #$(ENCLAVE)_private.pem
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......
secure_enclave/SIGNED_ENCLAVE_VERSION
View file @ 0f995bb1
#define SIGNED_ENCLAVE_VERSION "0"
\ No newline at end of file
#define SIGNED_ENCLAVE_VERSION "1"
\ No newline at end of file
secure_enclave/Signature.c
View file @ 0f995bb1
......@@ -57,6 +57,15 @@ signature signature_init() {
return sig;
}
/*Release signature*/
void signature_free(signature sig) {
if (!sig)
return;
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Set signature from strings of a base from 2-62*/
int signature_set_str(signature sig, const char *r, const char *s, int base) {
......@@ -104,10 +113,9 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
return;
}
point Q = point_init();
//Initializing variables
mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed;
point Q = point_init();
mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed, s_mul_2;
mpz_init(k);
mpz_init(x);
mpz_init(r);
......@@ -121,7 +129,6 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
mpz_init(rem);
mpz_init(neg);
mpz_init(seed);
mpz_t s_mul_2;
mpz_init(s_mul_2);
SAFE_CHAR_BUF(rand_char, 32);
......@@ -182,32 +189,27 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
point_clear(Q);
mpz_clear(k);
mpz_clear(r);
mpz_clear(s);
mpz_clear(r);
mpz_clear(x);
mpz_clear(rem);
mpz_clear(neg);
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(t3);
mpz_clear(t4);
mpz_clear(t5);
mpz_clear(seed);
mpz_clear(n_div_2);
mpz_clear(s_mul_2);
}
#endif
/*Release signature*/
void signature_free(signature sig) {
if (!sig)
return;
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {
......
secure_enclave/secure_enclave.c
View file @ 0f995bb1
......@@ -111,7 +111,7 @@ void *reallocate_function(void *, size_t, size_t);
void free_function(void *, size_t);
unsigned char *globalRandom;
unsigned char *globalRandom = NULL;
#define CALL_ONCE \
......@@ -122,7 +122,7 @@ unsigned char *globalRandom;
abort(); \
} else {called = true;};
void trustedEnclaveInit(uint32_t _logLevel) {
void trustedEnclaveInit(uint64_t _logLevel) {
CALL_ONCE
LOG_INFO(__FUNCTION__);
......@@ -136,9 +136,14 @@ void trustedEnclaveInit(uint32_t _logLevel) {
mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func);
mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
LOG_INFO("Reading random");
LOG_INFO("Calling enclave init");
enclave_init();
LOG_INFO("Reading random");
globalRandom = calloc(32,1);
int ret = sgx_read_rand(globalRandom, 32);
......@@ -149,11 +154,6 @@ void trustedEnclaveInit(uint32_t _logLevel) {
abort();
}
LOG_INFO("Calling enclave init");
enclave_init();
LOG_INFO("Successfully inited enclave. Signed enclave version:" SIGNED_ENCLAVE_VERSION );
#ifndef SGX_DEBUG
LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!");
......@@ -232,7 +232,7 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
void sealHexSEK(int *errStatus, char *errString,
uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) {
CALL_ONCE
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -242,7 +242,7 @@ void sealHexSEK(int *errStatus, char *errString,
CHECK_STATE(strnlen(sek_hex, 33) == 32)
uint64_t plaintextLen = strlen(sek_hex + 1);
uint64_t plaintextLen = strlen(sek_hex) + 1;
uint64_t sealedLen = sgx_calc_sealed_data_size(0, plaintextLen);
......@@ -255,7 +255,7 @@ void sealHexSEK(int *errStatus, char *errString,
(sgx_sealed_data_t *) encrypted_sek);
CHECK_STATUS("seal SEK failed after SEK generation");
uint32_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek);
uint64_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek);
CHECK_STATE(encrypt_text_length = plaintextLen);
......@@ -263,7 +263,7 @@ void sealHexSEK(int *errStatus, char *errString,
SAFE_CHAR_BUF(unsealedKey, BUF_LEN);
uint32_t decLen = BUF_LEN;
uint32_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek);
uint64_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek);
CHECK_STATE(add_text_length == 0);
CHECK_STATE(sgx_is_within_enclave(encrypted_sek,sizeof(sgx_sealed_data_t)));
status = sgx_unseal_data((const sgx_sealed_data_t *)encrypted_sek, NULL, NULL,
......@@ -279,7 +279,7 @@ void sealHexSEK(int *errStatus, char *errString,
}
void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) {
CALL_ONCE
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -291,7 +291,8 @@ void trustedGenerateSEK(int *errStatus, char *errString,
RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);
carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
memcpy(AES_key[512], SEK_raw, SGX_AESGCM_KEY_SIZE);
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
......@@ -330,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[512]));
SET_SUCCESS
clean:
......@@ -338,8 +339,8 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
LOG_INFO("SGX call completed");
}
void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) {
void trustedSetSEKBackup(int *errStatus, char *errString,
uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) {
CALL_ONCE
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -348,7 +349,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
CHECK_STATE(sek_hex);
uint64_t len;
hex2carray(sek_hex, &len, (uint8_t *) AES_key);
hex2carray(sek_hex, &len, (uint8_t *) (AES_key[512]));
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
......@@ -366,8 +368,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -407,22 +409,24 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2);
SAFE_CHAR_BUF(skey_str, BUF_LEN);
SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2);
mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey);
n_zeroes = 64 - strlen(arr_skey_str);
for (int i = 0; i < n_zeroes; i++) {
skey_str[i] = '0';
}
strncpy(skey_str + n_zeroes, arr_skey_str, 65 - n_zeroes);
skey_str[ECDSA_SKEY_LEN - 1] = 0;
snprintf(errString, BUF_LEN, "skey len is %d\n", (int) strlen(skey_str));
int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN);
int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN,
ECDSA, NON_EXPORTABLE, enc_len);
CHECK_STATUS("ecdsa private key encryption failed");
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &exportable);
CHECK_STATUS2("ecdsa private key decr failed with status %d");
......@@ -435,12 +439,12 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
LOG_INFO("SGX call completed");
}
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey, BUF_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
......@@ -452,7 +456,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("AES_decrypt failed with status %d");
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
......@@ -512,7 +520,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
static uint64_t sigCounter = 0;
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len,
const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG(__FUNCTION__);
......@@ -523,7 +531,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
CHECK_STATE(sigR);
CHECK_STATE(sigS);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey, BUF_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
......@@ -531,7 +539,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
mpz_init(msgMpz);
signature sign = signature_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("aes decrypt failed with status %d");
......@@ -596,8 +609,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
}
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint64_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
......@@ -607,7 +620,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -9;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072,
&type, &exportable);
if (exportable != EXPORTABLE) {
*errStatus = -11;
snprintf(errString, BUF_LEN, "Key is not exportable");
}
if (status != 0) {
*errStatus = status;
......@@ -632,8 +654,8 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
}
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint64_t *enc_len) {
LOG_INFO(__FUNCTION__);
*errString = 0;
......@@ -644,15 +666,18 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR;
int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN);
int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN,
DKG, EXPORTABLE, enc_len);
CHECK_STATUS2("AES encrypt failed with status %d");
*enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("trustedDecryptKey failed with status %d");
......@@ -668,6 +693,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
LOG_ERROR(key);
LOG_ERROR(decryptedKey);
LOG_ERROR(errString);
goto clean;
}
......@@ -680,8 +707,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
}
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint64_t enc_len, char *_hashX,
char *_hashY, char *signature) {
LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
......@@ -693,7 +720,10 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN);
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &exportable);
CHECK_STATUS("AES decrypt failed")
......@@ -723,7 +753,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
}
void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -735,16 +765,20 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
CHECK_STATUS("gen_dkg_poly failed")
status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN,
DKG, EXPORTABLE, enc_len);
CHECK_STATUS("SGX AES encrypt DKG poly failed");
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH);
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
DKG_BUFER_LENGTH);
DKG_BUFER_LENGTH, &type, &exportable);
CHECK_STATUS("aes decrypt dkg poly failed");
......@@ -764,8 +798,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
}
void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint32_t enc_len,
trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint64_t enc_len,
uint8_t *decrypted_dkg_secret) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -773,8 +807,11 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(decrypted_dkg_secret);
uint8_t type;
uint8_t exportable;
int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
3072);
3072, &type, &exportable);
CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d")
......@@ -787,7 +824,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
}
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -795,8 +832,11 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
DKG_BUFER_LENGTH);
DKG_BUFER_LENGTH, &type, &exportable);
CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d")
......@@ -807,14 +847,14 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
LOG_INFO("SGX call completed");
}
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
uint32_t enc_len;
uint64_t enc_len;
int status;
CHECK_STATE(encrypted_skey);
......@@ -824,15 +864,18 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
LOG_DEBUG(__FUNCTION__);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey, BUF_LEN);
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
CHECK_STATUS("trustedGenerateEcdsaKey failed");
CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable);
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -840,13 +883,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
*dec_len = enc_len;
SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = gen_session_key(skey, pub_keyB, common_key);
CHECK_STATUS("gen_session_key failed")
SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(s_share, BUF_LEN);
status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
CHECK_STATUS("calc secret share failed")
......@@ -855,7 +898,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
status = calc_secret_shareG2(s_share, s_shareG2);
CHECK_STATUS("invalid decr secret share");
SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(cypher, BUF_LEN);
status=xor_encrypt(common_key, s_share, cypher);
CHECK_STATUS("xor_encrypt failed")
......@@ -872,7 +915,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
LOG_INFO("SGX call completed");
}
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
LOG_INFO(__FUNCTION__);
......@@ -885,8 +928,11 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
DKG_MAX_SEALED_LEN);
DKG_MAX_SEALED_LEN, &type, &exportable);
CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d");
......@@ -900,7 +946,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
LOG_INFO("SGX call completed");
}
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_INFO(__FUNCTION__);
......@@ -910,26 +956,30 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
CHECK_STATE(s_share);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey,BUF_LEN);
mpz_t s;
mpz_init(s);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(encr_sshare, BUF_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = session_key_recover(skey, s_share, common_key);
CHECK_STATUS("session_key_recover failed");
SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
status=xor_decrypt(common_key, encr_sshare, decr_sshare);
......@@ -949,9 +999,9 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
LOG_INFO("SGX call completed");
}
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
uint32_t *enc_bls_key_len) {
uint64_t *enc_bls_key_len) {
LOG_INFO(__FUNCTION__);
......@@ -961,7 +1011,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(encr_bls_key);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey, BUF_LEN);
mpz_t sum;
mpz_init(sum);
......@@ -974,8 +1024,12 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_t bls_key;
mpz_init(bls_key);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("aes decrypt failed with status %d");
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -1035,12 +1089,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes);
key_share[BLS_KEY_LENGTH - 1] = 0;
status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_EXPORTABLE, enc_bls_key_len);
CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
*enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
SET_SUCCESS
clean:
......@@ -1052,7 +1104,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
}
void
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__);
......@@ -1061,9 +1113,15 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
CHECK_STATE(bls_pub_key);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
SAFE_CHAR_BUF(skey_hex, BUF_LEN);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("AES decrypt failed %d");
......
secure_enclave/secure_enclave.config.xml
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x100000000</HeapMaxSize>
<TCSNum>128</TCSNum>
......
secure_enclave/secure_enclave.config.xml.release
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x100000000</HeapMaxSize>
<TCSNum>128</TCSNum>
......
secure_enclave/secure_enclave.config.xml.sim
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x10000000</HeapMaxSize>
<TCSNum>32</TCSNum>
<TCSMaxNum>32</TCSMaxNum>
<TCSMinPool>32</TCSMinPool>
<HeapMaxSize>0x1000000</HeapMaxSize>
<TCSNum>16</TCSNum>
<TCSMaxNum>16</TCSMaxNum>
<TCSMinPool>16</TCSMinPool>
<TCSPolicy>0</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
......
secure_enclave/secure_enclave.edl
View file @ 0f995bb1
......@@ -11,14 +11,14 @@ enclave {
trusted {
include "sgx_tgmp.h"
public void trustedEnclaveInit(uint32_t _logLevel);
public void trustedEnclaveInit(uint64_t _logLevel);
public void trustedGenerateSEK(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[out, count = 65] char* hex_SEK);
public void trustedSetSEK(
......@@ -26,79 +26,79 @@ enclave {
[out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK);
public void trustedSetSEK_backup(
public void trustedSetSEKBackup(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[in, string] const char* SEK_hex);
public void trustedGenerateEcdsaKeyAES (
public void trustedGenerateEcdsaKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedGetPublicEcdsaKeyAES(
public void trustedGetPublicEcdsaKey(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t dec_len,
uint64_t dec_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedEcdsaSignAES(
public void trustedEcdsaSign(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[in, string] const char* hash,
[out, count = SMALL_BUF_SIZE] char* sig_r,
[out, count = SMALL_BUF_SIZE] char* sig_s,
[out] uint8_t* sig_v,
int base);
public void trustedEncryptKeyAES (
public void trustedEncryptKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[out] uint32_t *enc_len);
[out] uint64_t *enc_len);
public void trustedDecryptKeyAES (
public void trustedDecryptKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[out, count = SMALL_BUF_SIZE] char* key );
public void trustedGenDkgSecretAES (
public void trustedGenDkgSecret (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = 3072] uint8_t* encrypted_dkg_secret,
[out] uint32_t * enc_len, size_t _t);
[out] uint64_t * enc_len, size_t _t);
public void trustedDecryptDkgSecretAES (
public void trustedDecryptDkgSecret (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
uint64_t enc_len,
[out, count = 3072] uint8_t* decrypted_dkg_secret
);
public void trustedSetEncryptedDkgPolyAES(
public void trustedSetEncryptedDkgPoly(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint32_t enc_len);
uint64_t enc_len);
public void trustedGetEncryptedSecretShareAES(
public void trustedGetEncryptedSecretShare(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[out] uint32_t* dec_len,
[out] uint64_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, string] char* pub_keyB,
......@@ -106,16 +106,16 @@ enclave {
uint8_t _n,
uint8_t ind);
public void trustedGetPublicSharesAES(
public void trustedGetPublicShares(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
uint64_t enc_len,
[out, count = 10000] char* public_shares,
unsigned _t,
unsigned _n);
public void trustedDkgVerifyAES(
public void trustedDkgVerify(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, string] const char* public_shares,
......@@ -126,25 +126,25 @@ enclave {
int _ind,
[out] int* result);
public void trustedCreateBlsKeyAES(
public void trustedCreateBlsKey(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 6145] const char* s_shares,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len,
[out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
[out] uint32_t *enc_bls_key_len);
[out] uint64_t *enc_bls_key_len);
public void trustedBlsSignMessageAES (
public void trustedBlsSignMessage (
[out] int *errStatus,
[out, count = TINY_BUF_SIZE] char* err_string,
[in, count = TINY_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[in, string] char* hashX ,
[in, string] char* hashY,
[out, count = SMALL_BUF_SIZE] char* signature);
public void trustedGetBlsPubKeyAES(
public void trustedGetBlsPubKey(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
......
sgxwallet.c
View file @ 0f995bb1
......@@ -36,6 +36,5 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "sgxwallet.h"
sgx_launch_token_t token = {0};
sgx_enclave_id_t eid;
sgx_status_t status;
int updated;
sgx_enclave_id_t eid = 0;
int updated = 0;
sgxwallet.h
View file @ 0f995bb1
......@@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern sgx_enclave_id_t eid;
extern int updated;
extern sgx_launch_token_t token;
extern sgx_status_t status;
#define ENCLAVE_NAME "secure_enclave.signed.so"
......
sgxwallet_common.h
View file @ 0f995bb1
......@@ -109,4 +109,34 @@ extern bool autoconfirm;
#define TEST_VALUE "1234567890"
#define RESTART_BEGIN \
int __ATTEMPTS__ = 0; \
do {\
__ATTEMPTS__++; \
{\
READ_LOCK(initMutex);
#define RESTART_END \
} \
if (status != SGX_SUCCESS || errStatus == 3) { \
spdlog::error(__FUNCTION__); \
spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \
reinitEnclave(); \
} \
} while ((status != SGX_SUCCESS || errStatus == 3) && __ATTEMPTS__ < 2);
#define RESTART_END_POINTER \
} \
if (status != SGX_SUCCESS || *errStatus == 3) { \
spdlog::error(__FUNCTION__);\
spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus); \
reinitEnclave(); \
} \
} while ((status != SGX_SUCCESS || *errStatus == 3) && __ATTEMPTS__ < 2);
#endif //SGXWALLET_SGXWALLET_COMMON_H
testw.cpp
View file @ 0f995bb1
......@@ -98,7 +98,7 @@ public:
class TestFixtureNoResetFromBackup {
public:
TestFixtureNoResetFromBackup() {
setFullOptions(L_INFO, false, true, true );
setFullOptions(L_INFO, false, true, true);
initAll(L_INFO, false, true);
}
......@@ -123,13 +123,13 @@ public:
TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes-key-sig-gen]") {
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector<uint8_t> encrPrivKey(BUF_LEN, 0);
vector <uint8_t> encrPrivKey(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0);
uint32_t encLen = 0;
uint64_t encLen = 0;
PRINT_SRC_LINE
auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
pubKeyX.data(),
pubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
......@@ -141,27 +141,28 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes
uint8_t signatureV = 0;
for (int i=0; i < 50; i++) {
for (int i = 0; i < 50; i++) {
PRINT_SRC_LINE
status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") {
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector<uint8_t> encrPrivKey(BUF_LEN, 0);
vector <uint8_t> encrPrivKey(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0);
uint32_t encLen = 0;
uint64_t encLen = 0;
PRINT_SRC_LINE
auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
pubKeyX.data(),
pubKeyY.data());
......@@ -173,13 +174,14 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") {
TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-key]") {
int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0);
vector<uint8_t> encPrivKey(BUF_LEN, 0);
vector <uint8_t> encPrivKey(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0);
uint32_t encLen = 0;
uint64_t encLen = 0;
PRINT_SRC_LINE
auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(),
auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(),
pubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
......@@ -189,7 +191,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke
vector<char> receivedPubKeyY(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen,
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen,
receivedPubKeyX.data(),
receivedPubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
......@@ -259,8 +261,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
auto keyName = genECDSAKeyAPI(c);
Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
for (int i = 0; i <= 20; i++) {
......@@ -287,21 +288,21 @@ TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {
TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") {
vector<uint8_t> encryptedDKGSecret(BUF_LEN, 0);
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint32_t encLen = 0;
uint64_t encLen = 0;
PRINT_SRC_LINE
auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32);
auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
vector<char> secret(BUF_LEN, 0);
vector<char> errMsg1(BUF_LEN, 0);
status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(),
status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(),
encLen, (uint8_t *) secret.data());
REQUIRE(status == SGX_SUCCESS);
......@@ -309,17 +310,16 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") {
}
TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares]") {
vector<uint8_t> encryptedDKGSecret(BUF_LEN, 0);
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint32_t encLen = 0;
uint64_t encLen = 0;
unsigned t = 32, n = 32;
PRINT_SRC_LINE
auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n);
auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
......@@ -328,30 +328,30 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares
char colon = ':';
vector<char> pubShares(10000, 0);
PRINT_SRC_LINE
status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(),
status = trustedGetPublicShares(eid, &errStatus, errMsg1.data(),
encryptedDKGSecret.data(), encLen, pubShares.data(), t, n);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
vector<string> g2Strings = splitString(pubShares.data(), ',');
vector<libff::alt_bn128_G2> pubSharesG2;
vector <string> g2Strings = splitString(pubShares.data(), ',');
vector <libff::alt_bn128_G2> pubSharesG2;
for (u_int64_t i = 0; i < g2Strings.size(); i++) {
vector<string> coeffStr = splitString(g2Strings.at(i).c_str(), ':');
vector <string> coeffStr = splitString(g2Strings.at(i).c_str(), ':');
pubSharesG2.push_back(TestUtils::vectStringToG2(coeffStr));
}
vector<char> secret(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen,
status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen,
(uint8_t *) secret.data());
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
signatures::Dkg dkgObj(t, n);
vector<libff::alt_bn128_Fr> poly = TestUtils::splitStringToFr(secret.data(), colon);
vector<libff::alt_bn128_G2> pubSharesDkg = dkgObj.VerificationVector(poly);
vector <libff::alt_bn128_Fr> poly = TestUtils::splitStringToFr(secret.data(), colon);
vector <libff::alt_bn128_G2> pubSharesDkg = dkgObj.VerificationVector(poly);
for (uint32_t i = 0; i < pubSharesDkg.size(); i++) {
libff::alt_bn128_G2 el = pubSharesDkg.at(i);
el.to_affine_coordinates();
......@@ -364,28 +364,28 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
vector<char> result(BUF_LEN, 0);
int errStatus = 0;
uint32_t encLen = 0;
uint64_t encLen = 0;
vector<uint8_t> encryptedDKGSecret(BUF_LEN, 0);
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
PRINT_SRC_LINE
auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
uint64_t enc_len = encLen;
PRINT_SRC_LINE
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
vector<uint8_t> encrPRDHKey(BUF_LEN, 0);
vector <uint8_t> encrPRDHKey(BUF_LEN, 0);
string pub_keyB = SAMPLE_PUBLIC_KEY_B;
vector<char> s_shareG2(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
result.data(),
s_shareG2.data(),
(char *) pub_keyB.data(), 2, 2, 1);
......@@ -419,8 +419,8 @@ TEST_CASE_METHOD(TestFixture, "DKG_BLS test", "[dkg-bls]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
vector<string> ecdsaKeyNames;
vector<string> blsKeyNames;
vector <string> ecdsaKeyNames;
vector <string> blsKeyNames;
int schainID = TestUtils::randGen();
int dkgID = TestUtils::randGen();
......@@ -440,7 +440,8 @@ TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
std::string name = "BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0";
libff::alt_bn128_Fr key = libff::alt_bn128_Fr("6507625568967977077291849236396320012317305261598035438182864059942098934847");
libff::alt_bn128_Fr key = libff::alt_bn128_Fr(
"6507625568967977077291849236396320012317305261598035438182864059942098934847");
std::string key_str = TestUtils::stringFromFr(key);
PRINT_SRC_LINE
c.importBLSKeyShare(key_str, name);
......@@ -473,7 +474,6 @@ TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
}
TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
PRINT_SRC_LINE
......@@ -552,7 +552,13 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") {
//wrong verif
Json::Value Skeys = c.getSecretShare(polyName, publicKeys, 2, 2);
REQUIRE_NOTHROW(c.getSecretShare(polyName, publicKeys, 2, 2));
REQUIRE(Skeys == c.getSecretShare(polyName, publicKeys, 2, 2));
Json::Value verifVect = c.getVerificationVector(polyName, 2, 2);
REQUIRE_NOTHROW(c.getVerificationVector(polyName, 2, 2));
REQUIRE(verifVect == c.getVerificationVector(polyName, 2, 2));
Json::Value verificationWrongSkeys = c.dkgVerification("", "", "", 2, 2, 1);
REQUIRE(verificationWrongSkeys["status"].asInt() != 0);
}
......@@ -587,8 +593,8 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
Json::Value secretShares[n];
Json::Value pubBLSKeys[n];
Json::Value blsSigShares[n];
vector<string> pubShares(n);
vector<string> polyNames(n);
vector <string> pubShares(n);
vector <string> polyNames(n);
int schainID = TestUtils::randGen();
int dkgID = TestUtils::randGen();
......@@ -623,7 +629,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
}
int k = 0;
vector<string> secShares(n);
vector <string> secShares(n);
for (int i = 0; i < n; i++)
for (int j = 0; j < n; j++) {
......@@ -644,15 +650,16 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
string hash = SAMPLE_HASH;
auto hash_arr = make_shared<array<uint8_t, 32 >>();
auto hash_arr = make_shared < array < uint8_t,
32 >> ();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) {
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
map<size_t, shared_ptr<BLSPublicKeyShare>> coeffs_pkeys_map;
map <size_t, shared_ptr<BLSPublicKeyShare>> coeffs_pkeys_map;
for (int i = 0; i < t; i++) {
string endName = polyNames[i].substr(4);
......@@ -669,43 +676,44 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n);
REQUIRE(blsSigShares[i]["status"] == 0);
shared_ptr<string> sig_share_ptr = make_shared<string>(blsSigShares[i]["signatureShare"].asString());
shared_ptr <string> sig_share_ptr = make_shared<string>(blsSigShares[i]["signatureShare"].asString());
BLSSigShare sig(sig_share_ptr, i + 1, t, n);
sigShareSet.addSigShare(make_shared<BLSSigShare>(sig));
vector<string> pubKey_vect;
vector <string> pubKey_vect;
for (uint8_t j = 0; j < 4; j++) {
pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString());
}
BLSPublicKeyShare pubKey(make_shared<vector<string >>(pubKey_vect), t, n);
BLSPublicKeyShare pubKey(make_shared < vector < string >> (pubKey_vect), t, n);
PRINT_SRC_LINE
REQUIRE(pubKey.VerifySigWithHelper(hash_arr, make_shared<BLSSigShare>(sig), t, n));
coeffs_pkeys_map[i + 1] = make_shared<BLSPublicKeyShare>(pubKey);
}
shared_ptr<BLSSignature> commonSig = sigShareSet.merge();
BLSPublicKey common_public(make_shared<map<size_t, shared_ptr<BLSPublicKeyShare >>>(coeffs_pkeys_map), t,
n);
shared_ptr <BLSSignature> commonSig = sigShareSet.merge();
BLSPublicKey
common_public(make_shared < map < size_t, shared_ptr < BLSPublicKeyShare >>>(coeffs_pkeys_map), t,
n);
REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n));
}
TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
int errStatus = -1;
int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen;
uint64_t encLen;
string key = SAMPLE_AES_KEY;
vector<uint8_t> encrypted_key(BUF_LEN, 0);
vector <uint8_t> encrypted_key(BUF_LEN, 0);
PRINT_SRC_LINE
auto status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
auto status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
REQUIRE(status == 0);
REQUIRE(errStatus == 0);
vector<char> decr_key(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0);
REQUIRE(errStatus == 0);
......@@ -714,7 +722,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypto]") {
vector<thread> threads;
vector <thread> threads;
int num_threads = 4;
for (int i = 0; i < num_threads; i++) {
threads.push_back(thread(TestUtils::sendRPCRequest));
......@@ -726,10 +734,45 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
}
TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
try {
PRINT_SRC_LINE
auto keyName = genECDSAKeyAPI(c);
ofstream namefile("/tmp/keyname");
namefile << keyName;
PRINT_SRC_LINE
} catch (JsonRpcException & e)
{
cerr << e.what() << endl;
throw;
}
}
TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
try {
PRINT_SRC_LINE
string keyName;
ifstream namefile("/tmp/keyname");
getline(namefile, keyName);
Json::Value sig = c.ecdsaSignMessageHash(16, keyName, SAMPLE_HASH);
REQUIRE(sig["status"].asInt() == 0);
Json::Value getPubKey = c.getPublicECDSAKey(keyName);
REQUIRE(getPubKey["status"].asInt() == 0);
} catch (JsonRpcException &e) {
cerr << e.what() << endl;
throw;
}
}
TEST_CASE_METHOD(TestFixtureNoResetFromBackup, "Backup restore", "[backup-restore]") {
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment