Skip to content

S
sgxwallet
Unverified Commit 0f995bb1 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #183 from skalenetwork/develop 

Create stable branch
parents bc336404 a10c7a05
Expand all Show whitespace changes
Inline Side-by-side
Showing with 1118 additions and 747 deletions
BLSCrypto.cpp
View file @ 0f995bb1
......@@ -22,47 +22,47 @@
*/
#include <memory>
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "third_party/intel/create_enclave.h"
#include "bls.h"
#include <bls/BLSutils.h>
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "BLSPrivateKeyShareSGX.h"
#include "sgxwallet_common.h"
#include "third_party/intel/create_enclave.h"
#include "secure_enclave_u.h"
#include "third_party/intel/sgx_detect.h"
#include <gmp.h>
#include <sgx_urts.h>
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "SGXWalletServer.h"
#include "BLSCrypto.h"
#include "SEKManager.h"
#include "LevelDB.h"
#include "ServerInit.h"
#include "BLSCrypto.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
string *FqToString(libff::alt_bn128_Fq *_fq) {
CHECK_STATE(_fq);
std::string *FqToString(libff::alt_bn128_Fq *_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(arr);
return new string(arr);
}
int char2int(char _input) {
......@@ -75,11 +75,18 @@ int char2int(char _input) {
return -1;
}
void carray2Hex(const unsigned char *d, int _len, char *_hexArray) {
void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,
uint64_t _hexArrayLen) {
CHECK_STATE(d);
CHECK_STATE(_hexArray);
char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
for (int j = 0; j < _len; j++) {
CHECK_STATE(_hexArrayLen > 2 * _len);
for (uint64_t j = 0; j < _len; j++) {
_hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)];
_hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F];
}
......@@ -87,38 +94,29 @@ void carray2Hex(const unsigned char *d, int _len, char *_hexArray) {
_hexArray[_len * 2] = 0;
}
bool hex2carray(const char *_hex, uint64_t *_bin_len, uint8_t *_bin) {
int len = strnlen(_hex, 2 * BUF_LEN);
if (len == 0 && len % 2 == 1)
return false;
bool hex2carray(const char *_hex, uint64_t *_bin_len,
uint8_t *_bin, uint64_t _max_length) {
*_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) {
int high = char2int((char) _hex[i * 2]);
int low = char2int((char) _hex[i * 2 + 1]);
CHECK_STATE(_hex);
CHECK_STATE(_bin);
CHECK_STATE(_bin_len)
if (high < 0 || low < 0) {
return false;
}
_bin[i] = (unsigned char) (high * 16 + low);
}
uint64_t len = strnlen(_hex, 2 * _max_length + 1);
return true;
}
CHECK_STATE(len != 2 * _max_length + 1);
CHECK_STATE(len <= 2 * _max_length);
bool hex2carray2(const char *_hex, uint64_t *_bin_len,
uint8_t *_bin, const int _max_length) {
int len = strnlen(_hex, _max_length);
if (len == 0 && len % 2 == 1)
return false;
*_bin_len = len / 2;
for (int i = 0; i < len / 2; i++) {
for (uint64_t i = 0; i < len / 2; i++) {
int high = char2int((char) _hex[i * 2]);
int low = char2int((char) _hex[i * 2 + 1]);
......@@ -134,13 +132,20 @@ bool hex2carray2(const char *_hex, uint64_t *_bin_len,
bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex,
char *_sig) {
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
CHECK_STATE(_sig);
auto keyStr = make_shared<string>(_encryptedKeyHex);
auto hash = make_shared<array<uint8_t, 32>>();
auto hash = make_shared < array < uint8_t,
32 >> ();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())) {
if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -156,43 +161,39 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t
}
bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
auto hash = make_shared<array<uint8_t, 32>>();
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
CHECK_STATE(_sig);
auto hash = make_shared < array < uint8_t,
32 >> ();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())) {
if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
shared_ptr<signatures::Bls> obj;
shared_ptr <signatures::Bls> obj;
obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint = obj->HashtoG1withHint(hash);
pair <libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
string *xStr = FqToString(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string *yStr = FqToString(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
vector<char> errMsg(BUF_LEN, 0);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature[BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
......@@ -202,34 +203,30 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
int errStatus = 0;
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
sz, xStrArg, yStrArg, signature);
RESTART_END
if (status != SGX_SUCCESS) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with status:" << status << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
if (errStatus != 0) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with errStatus:" << errStatus << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
std::string sig = signature;
string sig = signature;
sig.append(":");
sig.append(hint);
......@@ -240,36 +237,37 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
}
bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig);
}
std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
auto errMsg = make_shared<vector<char>>(BUF_LEN, 0);
string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
CHECK_STATE(errStatus);
CHECK_STATE(err_string);
CHECK_STATE(_key);
auto keyArray = make_shared < vector < char >> (BUF_LEN, 0);
auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0);
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);
unsigned int encryptedLen = 0;
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = 0;
status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
uint64_t encryptedLen = 0;
spdlog::debug("errStatus is {}", *errStatus);
spdlog::debug("errMsg is ", errMsg->data());
sgx_status_t status = SGX_SUCCESS;
if (*errStatus != 0) {
throw SGXException(-666, errMsg->data());
}
RESTART_BEGIN
status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
&encryptedLen);
RESTART_END_POINTER
if (status != SGX_SUCCESS) {
*errStatus = -1;
return "";
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
std::string result(2 * BUF_LEN, '\0');
SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1);
carray2Hex(encryptedKey->data(), encryptedLen, &result.front());
carray2Hex(encryptedKey->data(), encryptedLen, resultBuf, 2 * BUF_LEN + 1);
return result;
return string(resultBuf);
}
BLSCrypto.h
View file @ 0f995bb1
......@@ -38,13 +38,10 @@ EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t
EXTERNC int char2int(char _input);
EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray);
EXTERNC void carray2Hex(const unsigned char *d, uint64_t , char* _hexArray,
uint64_t _hexArrayLen);
EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin );
EXTERNC bool hex2carray2(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin, const int _max_length );
uint8_t* _bin, uint64_t _max_length );
std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key);
......
BLSPrivateKeyShareSGX.cpp
View file @ 0f995bb1
......@@ -25,111 +25,109 @@
#include "BLSSignature.h"
#include "BLSutils.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "secure_enclave_u.h"
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "common.h"
#include "SEKManager.h"
#include "BLSPrivateKeyShareSGX.h"
std::string *stringFromFq(libff::alt_bn128_Fq*_fq) {
string *stringFromFq(libff::alt_bn128_Fq *_fq) {
CHECK_STATE(_fq);
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
return new string(tmp);
}
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
string *stringFromG1(libff::alt_bn128_G1 *_g1) {
CHECK_STATE(_g1);
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sZ = stringFromFq(&_g1->Z);
auto sG1 = new std::string(*sX + ":" + *sY + ":" + *sZ);
auto sG1 = new string(*sX + ":" + *sY + ":" + *sZ);
delete(sX);
delete(sY);
delete(sZ);
delete (sX);
delete (sY);
delete (sZ);
return sG1;
}
BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX(
shared_ptr<string> _encryptedKeyHex, size_t _requiredSigners,
shared_ptr <string> _encryptedKeyHex, size_t _requiredSigners,
size_t _totalSigners) {
requiredSigners = _requiredSigners;
totalSigners = _totalSigners;
if (requiredSigners > totalSigners) {
throw std::invalid_argument("requiredSigners > totalSigners");
throw invalid_argument("requiredSigners > totalSigners");
}
if (totalSigners == 0) {
throw std::invalid_argument("totalSigners == 0");
throw invalid_argument("totalSigners == 0");
}
if (_encryptedKeyHex == nullptr) {
throw std::invalid_argument("Null key");
throw invalid_argument("Null key");
}
if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) {
throw std::invalid_argument("Encrypted key size too long");
throw invalid_argument("Encrypted key size too long");
}
encryptedKeyHex = _encryptedKeyHex;
}
std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
shared_ptr<signatures::Bls> obj;
shared_ptr <signatures::Bls> obj;
if (hash_byte_arr == nullptr) {
std::cerr << "Hash is null" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Hash is null"));
}
CHECK_STATE(hash_byte_arr)
obj = make_shared<signatures::Bls>(
signatures::Bls(requiredSigners, totalSigners));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
pair <libff::alt_bn128_G1, string> hash_with_hint =
obj->HashtoG1withHint(hash_byte_arr);
int errStatus = 0;
string* xStr = stringFromFq(&(hash_with_hint.first.X));
string *xStr = stringFromFq(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string* yStr = stringFromFq(&(hash_with_hint.first.Y));
string *yStr = stringFromFq(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature [BUF_LEN];
vector<char> errMsg(BUF_LEN, 0);
SAFE_CHAR_BUF(xStrArg, BUF_LEN)SAFE_CHAR_BUF(yStrArg, BUF_LEN)SAFE_CHAR_BUF(signature, BUF_LEN);
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
......@@ -139,31 +137,25 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey);
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey,
BUF_LEN);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
spdlog::error("Invalid hex encrypted key");
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
cerr << "Key is " + *encryptedKeyHex << endl;
sgx_status_t status = SGX_SUCCESS;
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
RESTART_BEGIN
status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
RESTART_END
printf("sig is: %s\n", signature);
if (status != SGX_SUCCESS) {
gmp_printf("SGX enclave call to trustedBlsSignMessage failed: 0x%04x\n", status);
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (errStatus != 0) {
BOOST_THROW_EXCEPTION(runtime_error("Enclave trustedBlsSignMessage failed:" + to_string(errStatus) + ":" + errMsg ));
}
int sigLen;
......@@ -171,10 +163,10 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen)));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
std::string sig = signature;
string sig = signature;
sig.append(":");
sig.append(hint);
......@@ -182,14 +174,17 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
return sig;
}
std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
shared_ptr <BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
std::string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
CHECK_STATE(hash_byte_arr);
string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
auto sig = make_shared<string>(signature);
std::shared_ptr<BLSSigShare> s = std::make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
shared_ptr <BLSSigShare> s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners);
return s;
......
CMakeLists.txt
View file @ 0f995bb1
......@@ -20,7 +20,7 @@ add_executable(sgxwallet
secure_enclave/DHDkg.h
secure_enclave/DKGUtils.cpp
secure_enclave/DKGUtils.h
secure_enclave/DomainParameters.c
secure_enclave/DomainParameters.cpp
secure_enclave/DomainParameters.h
secure_enclave/EnclaveConstants.h
secure_enclave/NumberTheory.c
......
DKGCrypto.cpp
View file @ 0f995bb1
This diff is collapsed.
DKGCrypto.h
View file @ 0f995bb1
......@@ -37,15 +37,15 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
vector<string> splitString(const char* coeffs, const char symbol);
string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
string decryptDHKey(const string& polyName, int ind);
bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
vector<string> GetBLSPubKey(const char * encryptedKeyHex);
vector<string> getBLSPubKey(const char * encryptedKeyHex);
vector<string> mult_G2(const string& x);
......@@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s
vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares);
bool TestCreateBLSShare( const char * s_shares);
bool testCreateBLSShare( const char * s_shares);
#endif //SGXD_DKGCRYPTO_H
ECDSACrypto.cpp
View file @ 0f995bb1
......@@ -38,6 +38,7 @@
#include "BLSCrypto.h"
#include "SEKManager.h"
#include "ECDSACrypto.h"
void fillRandomBuffer(vector<unsigned char> &_buffer) {
......@@ -48,36 +49,39 @@ void fillRandomBuffer(vector<unsigned char> &_buffer) {
}
vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector <uint8_t> encr_pr_key(1024, 0);
vector<char> pub_key_x(1024, 0);
vector<char> pub_key_y(1024, 0);
vector <uint8_t> encr_pr_key(BUF_LEN, 0);
vector<char> pub_key_x(BUF_LEN, 0);
vector<char> pub_key_y(BUF_LEN, 0);
uint64_t enc_len = 0;
uint32_t enc_len = 0;
sgx_status_t status = SGX_SUCCESS;
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
RESTART_BEGIN
status = trustedGenerateEcdsaKey(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
if (status != SGX_SUCCESS || errStatus != 0) {
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data(),
BUF_LEN * 2);
keys.at(0) = hexEncrKey.data();
keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
vector<unsigned char> randBuffer(32, 0);
fillRandomBuffer(randBuffer);
vector<char> rand_str(64, 0);
vector<char> rand_str(BUF_LEN, 0);
carray2Hex(randBuffer.data(), 32, rand_str.data());
carray2Hex(randBuffer.data(), 32, rand_str.data(), BUF_LEN);
keys.at(2) = rand_str.data();
......@@ -95,22 +99,20 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
int errStatus = 0;
uint64_t enc_len = 0;
if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data())) {
if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data(),
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedGetPublicEcdsaKey(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
RESTART_END
if (errStatus != 0) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(-666, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
if (status != SGX_SUCCESS) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(666, "failed to get ECDSA public key");
}
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());
if (pubKey.size() != 128) {
......@@ -123,6 +125,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
const char *signatureS, int base) {
CHECK_STATE(hashHex)
CHECK_STATE(signatureR)
CHECK_STATE(signatureS)
auto x = pubKeyStr.substr(0, 64);
auto y = pubKeyStr.substr(64, 128);
......@@ -166,38 +173,40 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
}
vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *hashHex, int base) {
CHECK_STATE(hashHex);
vector <string> signatureVector(3);
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
vector<char> signatureR(BUF_LEN, 0);
vector<char> signatureS(BUF_LEN, 0);
vector<uint8_t> encryptedKey(BUF_LEN, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
string pubKeyStr = "";
if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) {
if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data(),
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedEcdsaSignAES(eid, &errStatus,
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedEcdsaSign(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
RESTART_END
if (errStatus != 0) {
spdlog::error("failed to sign {}", errStatus);
throw SGXException(666, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (status != SGX_SUCCESS) {
spdlog::error("failed to sign in enclave {}", status);
throw SGXException(666, "failed to sign");
}
signatureVector.at(0) = to_string(signatureV);
if (base == 16) {
signatureVector.at(1) = "0x" + string(signatureR.data());
signatureVector.at(2) = "0x" + string(signatureS.data());
......
ECDSAImpl.c
View file @ 0f995bb1
#include "secure_enclave/Point.c"
#include "secure_enclave/DomainParameters.c"
#include "secure_enclave/DomainParameters.cpp"
#include "secure_enclave/NumberTheory.c"
#include "secure_enclave/Signature.c"
#include "secure_enclave/Curves.c"
LevelDB.cpp
View file @ 0f995bb1
......@@ -154,17 +154,16 @@ std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
return keys;
}
void LevelDB::writeDataUnique(const string & Name, const string &value) {
auto key = Name;
void LevelDB::writeDataUnique(const string & name, const string &value) {
auto key = name;
if (readString(Name) != nullptr) {
spdlog::debug("name {}",Name, " already exists");
if (readString(name)) {
spdlog::debug("Name {} already exists", name);
throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
}
writeString(key, value);
}
......
Makefile.am
View file @ 0f995bb1
......@@ -64,6 +64,7 @@ bin_PROGRAMS = sgxwallet testw cert_util
## You can't use $(wildcard ...) with automake so all source files
## have to be explicitly listed.
## have to be explicitly listed
COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp BLSCrypto.cpp \
......
SEKManager.cpp
View file @ 0f995bb1
......@@ -21,21 +21,25 @@
@date 2020
*/
#include "SEKManager.h"
#include "SGXException.h"
#include "BLSCrypto.h"
#include "LevelDB.h"
#include <fstream>
#include <iostream>
#include <algorithm>
#include "third_party/spdlog/spdlog.h"
#include "sgxwallet_common.h"
#include "common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "BLSCrypto.h"
#include "LevelDB.h"
#include "ServerDataChecker.h"
#include "third_party/spdlog/spdlog.h"
#include "ServerInit.h"
#include "SEKManager.h"
using namespace std;
......@@ -52,82 +56,90 @@ bool case_insensitive_match(string s1, string s2) {
void create_test_key() {
int errStatus = 0;
vector<char> errMsg(1024, 0);
uint32_t enc_len;
uint64_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_key, BUF_LEN);
string key = TEST_VALUE;
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if (status != SGX_SUCCESS) {
cerr << "encrypt test key failed with status " << status << endl;
throw SGXException(status, errMsg.data());
}
sgx_status_t status = SGX_SUCCESS;
if (errStatus != 0) {
cerr << "encrypt test key failed with status " << errStatus << endl;
throw SGXException(errStatus, errMsg.data());
{
READ_LOCK(initMutex);
status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
vector<char> hexEncrKey(2 * enc_len + 1, 0);
uint64_t test_len;
vector <uint8_t> test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
cerr << "wrong encrypted test key" << endl;
}
carray2Hex(encrypted_key, enc_len, hexEncrKey.data(), 2 * enc_len + 1);
LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data());
}
shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
void validate_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
vector <uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
spdlog::error("wrong test key");
exit(-1);
}
vector<char> decr_key(BUF_LEN, 0);
uint64_t len = 0;
vector<char> errMsg(BUF_LEN, 0);
vector<char> decr_key(1024, 0);
vector<char> errMsg(1024, 0);
int err_status = 0;
auto encrypted_SEK = make_shared < vector < uint8_t >> (1024, 0);
uint32_t l = len;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
if (status != SGX_SUCCESS) {
spdlog::error("trustedSetSEK_backup failed with error code {}", status);
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(),
BUF_LEN)) {
spdlog::error("Corrupt test key is LevelDB");
exit(-1);
}
if (err_status != 0) {
spdlog::error("trustedSetSEK_backup failed with error status {}", status);
exit(-1);
}
sgx_status_t status = SGX_SUCCESS;
status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0) {
spdlog::error("Failed to decrypt test key");
spdlog::error(errMsg.data());
exit(-1);
{
READ_LOCK(initMutex);
status = trustedDecryptKey(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data()) != 0) {
spdlog::error("Invalid SEK");
spdlog::error("Invalid storage key. You need to recover using backup key");
spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
spdlog::error("Then run sgxwallet using backup flag");
exit(-1);
}
}
shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
vector<char> decr_key(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
int err_status = 0;
auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0);
uint64_t l = 0;
sgx_status_t status = SGX_SUCCESS;
{
READ_LOCK(initMutex);
status = trustedSetSEKBackup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
SEK.c_str());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
encrypted_SEK->resize(l);
validate_SEK();
return encrypted_SEK;
}
......@@ -135,30 +147,31 @@ void gen_SEK() {
vector<char> errMsg(1024, 0);
int err_status = 0;
vector <uint8_t> encrypted_SEK(1024, 0);
uint32_t enc_len = 0;
uint64_t enc_len = 0;
char SEK[65];
memset(SEK, 0, 65);
SAFE_CHAR_BUF(SEK, 65);
spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS) {
throw SGXException(status, errMsg.data());
}
sgx_status_t status = SGX_SUCCESS;
{
if (err_status != 0) {
throw SGXException(err_status, errMsg.data());
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
if (strnlen(SEK, 33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32");
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data());
carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data(), 2 * enc_len + 1);
spdlog::info(string("Encrypted storage encryption key:") + hexEncrKey.data());
ofstream sek_file(BACKUP_PATH);
sek_file.clear();
......@@ -185,31 +198,51 @@ void gen_SEK() {
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
validate_SEK();
shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
setSEK(encrypted_SEK_ptr);
validate_SEK();
}
void reinitEnclave() {
// unfortunately process needs to be restarted to reinit enclave
// exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the
// wallet
exit(3);
}
void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void setSEK(shared_ptr <string> hex_encrypted_SEK) {
CHECK_STATE(hex_encrypted_SEK);
vector<char> errMsg(1024, 0);
int err_status = 0;
uint8_t encrypted_SEK[BUF_LEN];
memset(encrypted_SEK, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_SEK, BUF_LEN);
uint64_t len;
uint64_t len = 0;
if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) {
if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK,
BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
sgx_status_t status = SGX_SUCCESS;
{
status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data());
}
if (err_status != 0) {
cerr << "RPCException thrown" << endl;
throw SGXException(err_status, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
validate_SEK();
}
#include "experimental/filesystem"
......@@ -218,7 +251,6 @@ void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void enter_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
if (test_key_ptr == nullptr) {
spdlog::error("Error: corrupt or empty LevelDB database");
......@@ -251,7 +283,8 @@ void enter_SEK() {
vector<char> hexEncrKey(BUF_LEN, 0);
carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data());
carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data(),
BUF_LEN);
spdlog::info("Got sealed storage encryption key.");
......@@ -274,7 +307,7 @@ void initSEK() {
spdlog::warn("SEK was not created yet. Going to create SEK");
gen_SEK();
} else {
trustedSetSEK(encrypted_SEK_ptr);
setSEK(encrypted_SEK_ptr);
}
}
}
......
SEKManager.h
View file @ 0f995bb1
......@@ -32,7 +32,7 @@
void gen_SEK();
#ifdef __cplusplus
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK);
void setSEK(std::shared_ptr<std::string> hex_encr_SEK);
#endif
#ifdef __cplusplus
......@@ -45,4 +45,11 @@ EXTERNC void enter_SEK();
EXTERNC void initSEK();
EXTERNC void setSEK();
EXTERNC void reinitEnclave();
#endif //SGXD_SEKMANAGER_H
SGXWalletServer.cpp
View file @ 0f995bb1
......@@ -54,6 +54,9 @@
using namespace std;
std::shared_timed_mutex initMutex;
uint64_t initTime;
void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) {
spdlog::info("Entering {}", __FUNCTION__);
......@@ -243,6 +246,7 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
}
value = readFromDb(_keyShareName);
if (!bls_sign(value->c_str(), _messageHash.c_str(), t, n, signature.data())) {
throw SGXException(-1, "Could not sign data ");
}
......@@ -402,7 +406,6 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["secretShare"] = "";
result["SecretShare"] = "";
try {
if (_pubKeys.size() != (uint64_t) _n) {
......@@ -425,9 +428,15 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
string secret_share_name = "encryptedSecretShare:" + _polyName;
shared_ptr <string> encryptedSecretShare = checkDataFromDb(secret_share_name);
if (encryptedSecretShare != nullptr) {
result["secretShare"] = *encryptedSecretShare.get();
} else {
string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
result["SecretShare"] = s;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
......@@ -489,7 +498,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
bool res = createBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
if (res) {
spdlog::info("BLS KEY SHARE CREATED ");
} else {
......@@ -504,6 +513,9 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
}
LevelDB::getLevelDb()->deleteKey(_polyName);
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName);
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result);
......@@ -519,7 +531,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
}
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
vector <string> public_key_vect = getBLSPubKey(encryptedKeyHex_ptr->c_str());
for (uint8_t i = 0; i < 4; i++) {
result["blsPublicKeyShare"][i] = public_key_vect.at(i);
}
......@@ -562,7 +574,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu
vector<string> public_keys = calculateAllBlsPublicKeys(public_shares);
if (public_keys.size() != n) {
if (public_keys.size() != (uint64_t)n) {
throw SGXException(UNKNOWN_ERROR, "");
}
......@@ -590,6 +602,18 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
result["share*G2"] = *shareG2_ptr;
result["dhKey"] = DHKey;
// TODO: delete dh keys
// for (int i = 0; i < _n; i++) {
// string name = _polyName + "_" + to_string(i) + ":";
// LevelDB::getLevelDb()->deleteDHDKGKey(name);
// string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
// LevelDB::getLevelDb()->deleteKey(shareG2_name);
// }
LevelDB::getLevelDb()->deleteKey(_polyName);
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName);
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result);
......@@ -738,7 +762,7 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) {
}
shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
auto dataStr = checkDataFromDb(prefix + name);
if (dataStr == nullptr) {
throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
......@@ -747,6 +771,12 @@ shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string
return dataStr;
}
shared_ptr <string> SGXWalletServer::checkDataFromDb(const string &name, const string &prefix) {
auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
return dataStr;
}
void SGXWalletServer::writeKeyShare(const string &_keyShareName, const string &_value) {
if (LevelDB::getLevelDb()->readString(_keyShareName) != nullptr) {
throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Key share with this name already exists");
......
SGXWalletServer.hpp
View file @ 0f995bb1
......@@ -90,6 +90,8 @@ public:
static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
static void writeDataToDB(const string &Name, const string &value);
static void writeKeyShare(const string &_keyShareName, const string &_value);
......
ServerDataChecker.cpp
View file @ 0f995bb1
......@@ -72,7 +72,7 @@ bool checkECDSAKeyName(const string& keyName) {
bool checkHex(const string& hex, const uint32_t sizeInBytes){
if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
spdlog::error("key is too long or zero - ", hex.length());
spdlog::error("key is too long or zero {} ", hex.length());
return false;
}
......
ServerInit.cpp
View file @ 0f995bb1
......@@ -57,6 +57,8 @@
#include "SGXException.h"
#include "SGXWalletServer.hpp"
uint32_t enclaveLogLevel = 0;
void initUserSpace() {
libff::inhibit_profiling_counters = true;
......@@ -66,9 +68,8 @@ void initUserSpace() {
LevelDB::initDataFolderAndDBs();
}
void initEnclave(uint32_t _logLevel) {
eid = 0;
updated = 0;
uint64_t initEnclave() {
#ifndef SGX_HW_SIM
unsigned long support;
......@@ -81,6 +82,21 @@ void initEnclave(uint32_t _logLevel) {
spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
sgx_status_t status = SGX_SUCCESS;
{
WRITE_LOCK(initMutex);
if (eid != 0) {
if (sgx_destroy_enclave(eid) != SGX_SUCCESS) {
spdlog::error("Could not destroy enclave");
}
}
eid = 0;
updated = 0;
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
......@@ -96,20 +112,27 @@ void initEnclave(uint32_t _logLevel) {
spdlog::info("Enclave created and started successfully");
status = trustedEnclaveInit(eid, _logLevel);
status = trustedEnclaveInit(eid, enclaveLogLevel);
}
if (status != SGX_SUCCESS) {
spdlog::error("trustedEnclaveInit failed: {}", status);
exit(1);
return status;
}
spdlog::info("Enclave libtgmp library and logging initialized successfully");
return SGX_SUCCESS;
}
void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
static atomic<bool> sgxServerInited(false);
static mutex initMutex;
enclaveLogLevel = _logLevel;
lock_guard <mutex> lock(initMutex);
......@@ -122,7 +145,19 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
CHECK_STATE(sgxServerInited != 1)
sgxServerInited = 1;
initEnclave(_logLevel);
uint64_t counter = 0;
uint64_t initResult = 0;
while ((initResult = initEnclave()) != 0 && counter < 10){
sleep(1);
counter ++;
}
if (initResult != 0) {
spdlog::error("Coult not init enclave");
}
initUserSpace();
initSEK();
......@@ -136,12 +171,15 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
sgxServerInited = true;
} catch (SGXException &_e) {
spdlog::error(_e.getMessage());
exit(-1);
} catch (exception &_e) {
spdlog::error(_e.what());
exit(-1);
}
catch (...) {
exception_ptr p = current_exception();
printf("Exception %s \n", p.__cxa_exception_type()->name());
spdlog::error("Unknown exception");
exit(-1);
}
};
ServerInit.h
View file @ 0f995bb1
......@@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign);
EXTERNC void initUserSpace();
EXTERNC void initEnclave(uint32_t _logLevel);
EXTERNC uint64_t initEnclave();
......
TestUtils.cpp
View file @ 0f995bb1
......@@ -32,6 +32,7 @@
#include "third_party/intel/create_enclave.h"
#include "secure_enclave_u.h"
#include "third_party/intel/sgx_detect.h"
#include "third_party/spdlog/spdlog.h"
#include <gmp.h>
#include <sgx_urts.h>
#include <stdio.h>
......@@ -218,7 +219,7 @@ void TestUtils::sendRPCRequest() {
auto hash_arr = make_shared < array < uint8_t, 32 >> ();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) {
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -351,7 +352,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t,
auto hash_arr = make_shared<array<uint8_t, 32 >>();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) {
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......
VERSION
View file @ 0f995bb1
1.58.0
\ No newline at end of file
1.58.5
\ No newline at end of file
common.h
View file @ 0f995bb1
......@@ -32,6 +32,8 @@ using namespace std;
#include <map>
#include <memory>
#include <boost/throw_exception.hpp>
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h"
......@@ -50,10 +52,64 @@ inline std::string className(const std::string &prettyFunction) {
#define __CLASS_NAME__ className( __PRETTY_FUNCTION__ )
#include <execinfo.h>
inline void print_stack() {
void *array[10];
size_t size;
// get void*'s for all entries on the stack
size = backtrace(array, 10);
// print out all the frames to stderr
fprintf(stderr, "Error: signal \n");
backtrace_symbols_fd(array, size, STDERR_FILENO);
exit(1);
}
#define CHECK_STATE(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
auto __msg__ = std::string("State check failed::") + #_EXPRESSION_ + " " + std::string(__FILE__) + ":" + std::to_string(__LINE__); \
print_stack(); \
throw InvalidStateException(__msg__, __CLASS_NAME__);}
#define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \
if (__STATUS__ != SGX_SUCCESS) { \
string __ERR_STRING__ = string("SGX enclave call to ") + \
__FUNCTION__ + " failed with status:" \
+ to_string(__STATUS__) + \
" Err message:" + __ERR_MSG__; \
BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \
}\
\
if (__ERR_STATUS__ != 0) {\
string __ERR_STRING__ = string("SGX enclave call to ") +\
__FUNCTION__ + " failed with errStatus:" + \
to_string(__ERR_STATUS__) + \
" Err message:" + __ERR_MSG__;\
BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#include <shared_mutex>
extern std::shared_timed_mutex initMutex;
extern uint64_t initTime;
#if SGX_MODE == SIM
#define ENCLAVE_RESTART_PERIOD_S 5
#else
#define ENCLAVE_RESTART_PERIOD_S 60 * 10
#endif
#define READ_LOCK(__X__) std::shared_lock<std::shared_timed_mutex> __LOCK__(__X__);
#define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);
#endif //SGXWALLET_COMMON_H
docker/start.sh
View file @ 0f995bb1
......@@ -43,8 +43,10 @@ fi
if [[ "$1" == "-t" ]]; then
echo "Test run requested"
sleep 5
./testw.py
else
sleep 3
./sgxwallet $1 $2 $3 $4 $5
fi
docs/backup-procedure.md
View file @ 0f995bb1
......@@ -2,12 +2,12 @@
# SGXWallet Backup Procedure
When SGXWallet is initialized, the server will print the backup key.
When SGXWallet is initialized, the server will write the backup key into `sgx_data/sgxwallet_backup_key.txt`.
**This key must be securely recorded and stored.**
Be sure to store this key in a safe place, then go into a docker container and securely remove it with the following command:
```bash
docker exec -it <SGX_CONTAINER_NAME> bash && apt-get install secure-delete && srm -vz backup_key.txt
docker exec -it <SGX_CONTAINER_NAME> bash && srm -vz ./sgx_data/sgxwallet_backup_key.txt
```
Master-Slave replication is recommended to support the SGXWallet backup strategy. Below are general instructions for a basic backup and recovery process.
......@@ -30,24 +30,12 @@ docker-compose down
command: -s -y -d -b
```
2. Edit the `docker-compose.yml` and add `stdin_open: true` option. For example:
```yaml
version: "3"
services:
sgxwallet:
image: skalenetwork/sgxwallet:latest
stdin_open: true
```
3. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory.
2. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory.
3. Create file `sgx_data/sgxwallet_backup_key.txt` in the recovery directory and write the backup key into it.
4. Execute:
```bash
docker-compose up -d
```
5. Open another terminal window and run `docker attach container_name` there.
6. Enter the backup key when prompted.
7. Edit the `docker-compose.yml` file, remove the `-b` flag and `stdin_open: true` option.
5. Edit the `docker-compose.yml` file, remove the `-b` flag.
run_sgx/docker-compose.yml
View file @ 0f995bb1
......@@ -2,6 +2,7 @@ version: '3'
services:
sgxwallet:
image: skalenetwork/sgxwallet:latest
restart: always
ports:
- "1026:1026"
- "1027:1027"
......
run_sgx_sim/docker-compose.yml
View file @ 0f995bb1
......@@ -2,6 +2,7 @@ version: '3'
services:
sgxwallet:
image: skalenetwork/sgxwallet_sim:develop-latest
restart: always
ports:
- "1026:1026"
- "1027:1027"
......
secure_enclave/AESUtils.c
View file @ 0f995bb1
......@@ -27,9 +27,23 @@
#include "stdlib.h"
#include <string.h>
#include "AESUtils.h"
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
sgx_aes_gcm_128bit_key_t AES_key[1024];
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type,
unsigned char exportable, uint64_t* resultLen) {
if (!type) {
LOG_ERROR("Null type in AES_encrypt");
return -1;
}
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
......@@ -41,25 +55,38 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
return -2;
}
uint64_t len = strlen(message);
uint64_t len = strlen(message) + 1;
if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}
SAFE_CHAR_BUF(fullMessage, len + 2);
fullMessage[0] = type;
fullMessage[1] = exportable;
strncpy(fullMessage + 2, message, len );
len = len + 2;
message = fullMessage;
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[512]), (uint8_t*)message, len,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
*resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
return status;
}
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
uint8_t *type, uint8_t* exportable){
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
......@@ -71,6 +98,16 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return -2;
}
if (!type) {
LOG_ERROR("Null type in AES_encrypt");
return -3;
}
if (!encr_message) {
LOG_ERROR("Null exportable in AES_encrypt");
return -4;
}
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
......@@ -86,12 +123,18 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
(unsigned char*) message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);
*type = message[0];
*exportable = message[1];
for (int i = 2; i < strlen(message) + 1; i++) {
message[i - 2 ] = message[i];
}
return status;
}
secure_enclave/AESUtils.h
View file @ 0f995bb1
......@@ -24,10 +24,22 @@
#ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_key[1024];
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
unsigned char type, unsigned char exportable, uint64_t* resultLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
uint8_t *type, uint8_t* exportable) ;
#define ECDSA '1'
#define BLS '2'
#define DKG '3'
#define EXPORTABLE '1'
#define NON_EXPORTABLE '2'
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
#endif //SGXD_AESUTILS_H
secure_enclave/DomainParameters.c secure_enclave/DomainParameters.cpp
View file @ 0f995bb1
......@@ -31,10 +31,13 @@
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include "EnclaveCommon.h"
#include "Point.h"
#include "DomainParameters.h"
#define CHECK_ARG_ABORT(_EXPRESSION_) \
......@@ -46,17 +49,28 @@
/*Initialize a curve*/
domain_parameters domain_parameters_init()
{
domain_parameters curve;
curve = calloc(sizeof(struct domain_parameters_s),1);
curve = (domain_parameters) calloc(sizeof(struct domain_parameters_s),1);
CHECK_ARG_ABORT(curve);
//Initialize all members
mpz_init(curve->p);
mpz_init(curve->a);
mpz_init(curve->b);
curve->G = point_init();
mpz_init(curve->n);
mpz_init(curve->h);
curve->G = point_init();
CHECK_ARG_ABORT(curve->G);
return curve;
}
......
secure_enclave/EnclaveCommon.cpp
View file @ 0f995bb1
......@@ -173,14 +173,25 @@ void enclave_init() {
return;
inited = 1;
LOG_INFO("Initing libff");
try {
LOG_INFO("Initing params");
libff::init_alt_bn128_params();
LOG_INFO("Initing curve");
curve = domain_parameters_init();
LOG_INFO("Initing curve domain");
domain_parameters_load_curve(curve, secp256k1);
} catch (exception& e) {
LOG_ERROR("Exception in libff init");
LOG_ERROR(e.what());
abort();
} catch (...) {
LOG_ERROR("Unknown exception in libff");
abort();
}
LOG_INFO("Inited libff");
}
......@@ -345,19 +356,19 @@ void logMsg(log_level _level, const char *_msg) {
}
EXTERNC void LOG_INFO(const char *_msg) {
void LOG_INFO(const char *_msg) {
logMsg(L_INFO, _msg);
};
EXTERNC void LOG_WARN(const char *_msg) {
void LOG_WARN(const char *_msg) {
logMsg(L_WARNING, _msg);
};
EXTERNC void LOG_ERROR(const char *_msg) {
void LOG_ERROR(const char *_msg) {
logMsg(L_ERROR, _msg);
};
EXTERNC void LOG_DEBUG(const char *_msg) {
void LOG_DEBUG(const char *_msg) {
logMsg(L_DEBUG, _msg);
};
EXTERNC void LOG_TRACE(const char *_msg) {
void LOG_TRACE(const char *_msg) {
logMsg(L_TRACE, _msg);
};
secure_enclave/Makefile.am
View file @ 0f995bb1
......@@ -83,8 +83,8 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......
secure_enclave/Makefile.in
View file @ 0f995bb1
......@@ -108,9 +108,9 @@ PROGRAMS = $(libexec_PROGRAMS)
am__objects_1 =
am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \
secure_enclave.$(OBJEXT) Curves.$(OBJEXT) \
DomainParameters.$(OBJEXT) NumberTheory.$(OBJEXT) \
Point.$(OBJEXT) Signature.$(OBJEXT) DHDkg.$(OBJEXT) \
AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) EnclaveCommon.$(OBJEXT) \
NumberTheory.$(OBJEXT) Point.$(OBJEXT) Signature.$(OBJEXT) \
DHDkg.$(OBJEXT) AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) \
EnclaveCommon.$(OBJEXT) DomainParameters.$(OBJEXT) \
alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \
alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1)
secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS)
......@@ -337,8 +337,8 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml
ENCLAVE_KEY = test_insecure_private_key.pem #$(ENCLAVE)_private.pem
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \
DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......
secure_enclave/SIGNED_ENCLAVE_VERSION
View file @ 0f995bb1
#define SIGNED_ENCLAVE_VERSION "0"
\ No newline at end of file
#define SIGNED_ENCLAVE_VERSION "1"
\ No newline at end of file
secure_enclave/Signature.c
View file @ 0f995bb1
......@@ -57,6 +57,15 @@ signature signature_init() {
return sig;
}
/*Release signature*/
void signature_free(signature sig) {
if (!sig)
return;
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Set signature from strings of a base from 2-62*/
int signature_set_str(signature sig, const char *r, const char *s, int base) {
......@@ -104,10 +113,9 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
return;
}
point Q = point_init();
//Initializing variables
mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed;
point Q = point_init();
mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed, s_mul_2;
mpz_init(k);
mpz_init(x);
mpz_init(r);
......@@ -121,7 +129,6 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
mpz_init(rem);
mpz_init(neg);
mpz_init(seed);
mpz_t s_mul_2;
mpz_init(s_mul_2);
SAFE_CHAR_BUF(rand_char, 32);
......@@ -182,32 +189,27 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
point_clear(Q);
mpz_clear(k);
mpz_clear(r);
mpz_clear(s);
mpz_clear(r);
mpz_clear(x);
mpz_clear(rem);
mpz_clear(neg);
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(t3);
mpz_clear(t4);
mpz_clear(t5);
mpz_clear(seed);
mpz_clear(n_div_2);
mpz_clear(s_mul_2);
}
#endif
/*Release signature*/
void signature_free(signature sig) {
if (!sig)
return;
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {
......
secure_enclave/secure_enclave.c
View file @ 0f995bb1
This diff is collapsed.
secure_enclave/secure_enclave.config.xml
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x100000000</HeapMaxSize>
<TCSNum>128</TCSNum>
......
secure_enclave/secure_enclave.config.xml.release
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x100000000</HeapMaxSize>
<TCSNum>128</TCSNum>
......
secure_enclave/secure_enclave.config.xml.sim
View file @ 0f995bb1
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<ISVSVN>1</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x10000000</HeapMaxSize>
<TCSNum>32</TCSNum>
<TCSMaxNum>32</TCSMaxNum>
<TCSMinPool>32</TCSMinPool>
<HeapMaxSize>0x1000000</HeapMaxSize>
<TCSNum>16</TCSNum>
<TCSMaxNum>16</TCSMaxNum>
<TCSMinPool>16</TCSMinPool>
<TCSPolicy>0</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
......
secure_enclave/secure_enclave.edl
View file @ 0f995bb1
......@@ -11,14 +11,14 @@ enclave {
trusted {
include "sgx_tgmp.h"
public void trustedEnclaveInit(uint32_t _logLevel);
public void trustedEnclaveInit(uint64_t _logLevel);
public void trustedGenerateSEK(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[out, count = 65] char* hex_SEK);
public void trustedSetSEK(
......@@ -26,79 +26,79 @@ enclave {
[out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK);
public void trustedSetSEK_backup(
public void trustedSetSEKBackup(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[in, string] const char* SEK_hex);
public void trustedGenerateEcdsaKeyAES (
public void trustedGenerateEcdsaKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[out] uint32_t *enc_len,
[out] uint64_t *enc_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedGetPublicEcdsaKeyAES(
public void trustedGetPublicEcdsaKey(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t dec_len,
uint64_t dec_len,
[out, count = SMALL_BUF_SIZE] char * pub_key_x,
[out, count = SMALL_BUF_SIZE] char * pub_key_y);
public void trustedEcdsaSignAES(
public void trustedEcdsaSign(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[in, string] const char* hash,
[out, count = SMALL_BUF_SIZE] char* sig_r,
[out, count = SMALL_BUF_SIZE] char* sig_s,
[out] uint8_t* sig_v,
int base);
public void trustedEncryptKeyAES (
public void trustedEncryptKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[out] uint32_t *enc_len);
[out] uint64_t *enc_len);
public void trustedDecryptKeyAES (
public void trustedDecryptKey (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[out, count = SMALL_BUF_SIZE] char* key );
public void trustedGenDkgSecretAES (
public void trustedGenDkgSecret (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[out, count = 3072] uint8_t* encrypted_dkg_secret,
[out] uint32_t * enc_len, size_t _t);
[out] uint64_t * enc_len, size_t _t);
public void trustedDecryptDkgSecretAES (
public void trustedDecryptDkgSecret (
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
uint64_t enc_len,
[out, count = 3072] uint8_t* decrypted_dkg_secret
);
public void trustedSetEncryptedDkgPolyAES(
public void trustedSetEncryptedDkgPoly(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint32_t enc_len);
uint64_t enc_len);
public void trustedGetEncryptedSecretShareAES(
public void trustedGetEncryptedSecretShare(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[out] uint32_t* dec_len,
[out] uint64_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, string] char* pub_keyB,
......@@ -106,16 +106,16 @@ enclave {
uint8_t _n,
uint8_t ind);
public void trustedGetPublicSharesAES(
public void trustedGetPublicShares(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
uint64_t enc_len,
[out, count = 10000] char* public_shares,
unsigned _t,
unsigned _n);
public void trustedDkgVerifyAES(
public void trustedDkgVerify(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, string] const char* public_shares,
......@@ -126,25 +126,25 @@ enclave {
int _ind,
[out] int* result);
public void trustedCreateBlsKeyAES(
public void trustedCreateBlsKey(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 6145] const char* s_shares,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len,
[out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
[out] uint32_t *enc_bls_key_len);
[out] uint64_t *enc_bls_key_len);
public void trustedBlsSignMessageAES (
public void trustedBlsSignMessage (
[out] int *errStatus,
[out, count = TINY_BUF_SIZE] char* err_string,
[in, count = TINY_BUF_SIZE] uint8_t* encrypted_key,
uint32_t enc_len,
uint64_t enc_len,
[in, string] char* hashX ,
[in, string] char* hashY,
[out, count = SMALL_BUF_SIZE] char* signature);
public void trustedGetBlsPubKeyAES(
public void trustedGetBlsPubKey(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
......
sgxwallet.c
View file @ 0f995bb1
......@@ -36,6 +36,5 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "sgxwallet.h"
sgx_launch_token_t token = {0};
sgx_enclave_id_t eid;
sgx_status_t status;
int updated;
sgx_enclave_id_t eid = 0;
int updated = 0;
sgxwallet.h
View file @ 0f995bb1
......@@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern sgx_enclave_id_t eid;
extern int updated;
extern sgx_launch_token_t token;
extern sgx_status_t status;
#define ENCLAVE_NAME "secure_enclave.signed.so"
......
sgxwallet_common.h
View file @ 0f995bb1
......@@ -109,4 +109,34 @@ extern bool autoconfirm;
#define TEST_VALUE "1234567890"
#define RESTART_BEGIN \
int __ATTEMPTS__ = 0; \
do {\
__ATTEMPTS__++; \
{\
READ_LOCK(initMutex);
#define RESTART_END \
} \
if (status != SGX_SUCCESS || errStatus == 3) { \
spdlog::error(__FUNCTION__); \
spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \
reinitEnclave(); \
} \
} while ((status != SGX_SUCCESS || errStatus == 3) && __ATTEMPTS__ < 2);
#define RESTART_END_POINTER \
} \
if (status != SGX_SUCCESS || *errStatus == 3) { \
spdlog::error(__FUNCTION__);\
spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus); \
reinitEnclave(); \
} \
} while ((status != SGX_SUCCESS || *errStatus == 3) && __ATTEMPTS__ < 2);
#endif //SGXWALLET_SGXWALLET_COMMON_H
testw.cpp
View file @ 0f995bb1
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment