Skip to content

S
sgxwallet
Unverified Commit 1b65b688 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #91 from skalenetwork/SKALE-1880-FIX-ECDSA-VERIFICATION 

Skale 1880 fix ecdsa verification
parents 1aedf162 dcca6f29
Hide whitespace changes
Inline Side-by-side
Showing with 694 additions and 503 deletions
.gitignore
View file @ 1b65b688
# Created by .ignore support plugin (hsz.mobi)
.idea/
sgx-gmp/
gmp-build
tgmp-build
install-sh
config.log
config.status
Makefile.in
Makefile
secure_enclave_u.h
secure_enclave_u.c
secure_enclave.edl
am--include-marker
*.o
aclocal.m4
missing
compile
depcomp
ltmain.sh
secure_enclave.signed.so
sgxgmpmath
sgxgmppi
.deps
CMakeCache.txt
cmake_install.cmake
sgxd.cbp
sgx-gmp
sgx-sdk-build
secure_enclave/Makefile
secure_enclave/secure_enclave.signed.so
secure_enclave/secure_enclave.so
secure_enclave/secure_enclave_t.c
secure_enclave/secure_enclave_t.h
sgxd
cert/SGXServerCertificate*
autom4te.cache
sgxwallet
testw
configure
jsonrpc/zlib
jsonrpc/argtable2
jsonrpc/jsoncpp
jsonrpc/libjson-rpc-cpp
jsonrpc/curl-from-git.tar.gz
jsonrpc/curl
jsonrpc/libmicrohttpd
secure_enclave/.deps
test-driver
/.idea/
/cmake-build-debug/
/build/
/sgx_data/
/jsonrpc/
/gmp-build/
/tgmp-build/
/install-sh
/config.log
/config.status
/Makefile.in
/Makefile
/secure_enclave_u.h
/secure_enclave_u.c
/secure_enclave.edl
/am--include-marker
/*.o
/*.m4
/missing
/compile
/depcomp
/ltmain.sh
/secure_enclave.signed.so
/sgxgmpmath
/sgxgmppi
/.deps
/CMakeCache.txt
/cmake_install.cmake
/sgxd.cbp
/sgx-gmp/
/sgx-sdk-build/
/secure_enclave/Makefile
/secure_enclave/secure_enclave.signed.so
/secure_enclave/secure_enclave.so
/secure_enclave/secure_enclave_t.c
/secure_enclave/secure_enclave_t.h
/sgxd
/cert/SGXServerCertificate*
/autom4te.cache
/sgxwallet
/testw
/configure
/secure_enclave/.deps
/test-driver
/intel-sgx-ssl/
/m4
/.testw.py.swp
/cert_util
Dockerfile
View file @ 1b65b688
FROM skalenetwork/sgxwallet_base:latest
COPY . /usr/src/sdk
WORKDIR /usr/src/sdk
RUN ccache -sz
RUN touch /var/hwmode
COPY *.cpp ./
COPY *.h ./
COPY *.txt ./
COPY *.c ./
COPY *.am ./
COPY *.hpp ./
COPY *.gmp ./
COPY *.ac ./
COPY *.json ./
COPY docker ./docker
COPY build-aux ./build-aux
COPY cert ./cert
COPY jsonrpc ./jsonrpc
COPY autoconf.bash ./
COPY leveldb ./leveldb
COPY m4 ./m4
COPY scripts ./scripts
COPY secure_enclave ./secure_enclave
COPY spdlog ./spdlog
COPY SGXWALLET_VERSION ./
RUN ./autoconf.bash
RUN ./configure
......
ECDSACrypto.cpp
View file @ 1b65b688
......@@ -32,13 +32,15 @@
#include <random>
#include "spdlog/spdlog.h"
#include "common.h"
#include "secure_enclave/Verify.h"
#include "BLSCrypto.h"
#include "ECDSACrypto.h"
#include "ECDSACrypto.h"
string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
......@@ -49,46 +51,46 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
}
void fillRandomBuffer(vector<unsigned char>& _buffer) {
ifstream devRandom("/dev/urandom", ios::in|ios::binary);
devRandom.exceptions(std::ifstream::failbit | std::ifstream::badbit);
devRandom.read((char*) _buffer.data(), _buffer.size());
void fillRandomBuffer(vector<unsigned char> &_buffer) {
ifstream devRandom("/dev/urandom", ios::in | ios::binary);
devRandom.exceptions(ifstream::failbit | ifstream::badbit);
devRandom.read((char *) _buffer.data(), _buffer.size());
devRandom.close();
}
std::vector<std::string> genECDSAKey() {
vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0);
int errStatus = 0;
vector<uint8_t> encr_pr_key(1024, 0);
vector<char>pub_key_x(1024, 0);
vector<char>pub_key_y(1024, 0);
vector <uint8_t> encr_pr_key(1024, 0);
vector<char> pub_key_x(1024, 0);
vector<char> pub_key_y(1024, 0);
uint32_t enc_len = 0;
if (!encryptKeys)
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(),
&enc_len, pub_key_x.data(), pub_key_y.data());
&enc_len, pub_key_x.data(), pub_key_y.data());
else
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
if (status != SGX_SUCCESS || errStatus != 0) {
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
std::vector<std::string> keys(3);
vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
keys.at(0) = hexEncrKey.data();
keys.at(1) = std::string(pub_key_x.data()) + std::string(pub_key_y.data());
keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
vector<unsigned char> randBuffer(32,0);
vector<unsigned char> randBuffer(32, 0);
fillRandomBuffer(randBuffer);
vector<char> rand_str(64,0);
vector<char> rand_str(64, 0);
carray2Hex(randBuffer.data(), 32, rand_str.data());
......@@ -99,12 +101,12 @@ std::vector<std::string> genECDSAKey() {
return keys;
}
std::string getECDSAPubKey(const char *_encryptedKeyHex) {
string getECDSAPubKey(const char *_encryptedKeyHex) {
vector<char> errMsg(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0);
vector<uint8_t> encrPrKey(BUF_LEN, 0);
vector <uint8_t> encrPrKey(BUF_LEN, 0);
int errStatus = 0;
uint64_t enc_len = 0;
......@@ -115,77 +117,135 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) {
if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data());
else status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
pubKeyY.data());
else
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (errStatus != 0) {
throw SGXException(-666, errMsg.data());
}
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//
spdlog::debug("enc_len is {}", enc_len);
spdlog::debug("pubkey is {}", pubKey);
spdlog::debug("pubkey length is {}", pubKey.length());
spdlog::debug("err str is {}", errMsg.data());
spdlog::debug("err status is {}", errStatus);
if (pubKey.size() != 128) {
spdlog::error("Incorrect pub key size", status);
throw SGXException(666, "Incorrect pub key size");
}
return pubKey;
}
vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) {
vector<string> signature_vect(3);
bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
const char *signatureS) {
char *errMsg = (char *) calloc(1024, 1);
int errStatus = 0;
char *signature_r = (char *) calloc(1024, 1);
char *signature_s = (char *) calloc(1024, 1);
uint8_t signature_v = 0;
uint64_t dec_len = 0;
//uint8_t encr_key[BUF_LEN];
uint8_t *encr_key = (uint8_t *) calloc(1024, 1);
if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
bool result = false;
signature sig = signature_init();
auto r = pubKeyStr.substr(0, 64);
auto s = pubKeyStr.substr(64, 128);
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init();
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hashHex, 16) == -1) {
spdlog::error("invalid message hash {}", hashHex);
goto clean;
}
signature_set_str(sig, signatureR, signatureS, 16);
point_set_hex(publicKey, r.c_str(), s.c_str());
if (!signature_verify(msgMpz, sig, publicKey, curve)) {
spdlog::error("ECDSA sig not verified");
goto clean;
}
result = true;
spdlog::debug("encryptedKeyHex: {}", encryptedKeyHex);
spdlog::debug("HASH: {}", hashHex);
spdlog::debug("encrypted len: {}", dec_len);
clean:
mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey);
signature_free(sig);
if (!encryptKeys)
status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base);
else
status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base);
if (errStatus != 0) {
throw SGXException(-666, errMsg);
return result;
}
vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) {
vector <string> signatureVector(3);
vector<char> errMsg(1024, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
string pubKeyStr = "";
shared_ptr<SGXException> exception = NULL;
if (!hex2carray(encryptedKeyHex, &decLen, encryptedKey.data())) {
exception = make_shared<SGXException>(INVALID_HEX, "Invalid encryptedKeyHex");
goto clean;
}
pubKeyStr = getECDSAPubKey(encryptedKeyHex);
spdlog::debug("signature r in ecdsa_sign_hash: {}", signature_r);
spdlog::debug("signature s in ecdsa_sign_hash: {}", signature_s);
if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
} else
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (errStatus != 0) {
exception = make_shared<SGXException>(666, errMsg.data());
goto clean;
}
if (status != SGX_SUCCESS) {
spdlog::error(" failed to sign ");
spdlog::error("failed to sign {}", status);
exception = make_shared<SGXException>(666, "failed to sign");
goto clean;
}
signature_vect.at(0) = to_string(signature_v);
signatureVector.at(0) = to_string(signatureV);
if (base == 16) {
signature_vect.at(1) = "0x" + string(signature_r);
signature_vect.at(2) = "0x" + string(signature_s);
signatureVector.at(1) = "0x" + string(signatureR.data());
signatureVector.at(2) = "0x" + string(signatureS.data());
} else {
signature_vect.at(1) = string(signature_r);
signature_vect.at(2) = string(signature_s);
signatureVector.at(1) = string(signatureR.data());
signatureVector.at(2) = string(signatureS.data());
}
free(errMsg);
free(signature_r);
free(signature_s);
free(encr_key);
/* Now verify signature */
if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
exception = make_shared<SGXException>(667, "ECDSA did not verify");
goto clean;
}
clean:
if (exception)
throw *exception;
return signature_vect;
return signatureVector;
}
\ No newline at end of file
ECDSAImpl.c 0 → 100644
View file @ 1b65b688
#include "secure_enclave/Point.c"
#include "secure_enclave/DomainParameters.c"
#include "secure_enclave/NumberTheory.c"
#include "secure_enclave/Signature.c"
#include "secure_enclave/Curves.c"
\ No newline at end of file
Makefile.am
View file @ 1b65b688
......@@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am
##
## And a pattern rule for building prexoxy functions from EDL files:
##
## %_u.h %_u.c: %.edl
## %_u.h %_u.c: %.edl34
##
## And sets these Makefile variables:
##
......@@ -33,7 +33,7 @@ SUBDIRS=secure_enclave
##
## SGX_EDGER8R_FLAGS=
WALLET_VERSION := $(shell cat VERSION)
## Needed to make our pattern rule work.
......@@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
#AM_CPPFLAGS += -g -Og
AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault
AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
## Additional targets to remove with 'make clean'. You must list
## any edger8r generated files here.
......@@ -67,9 +67,11 @@ bin_PROGRAMS = sgxwallet testw cert_util
## have to be explicitly listed.
COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp ECDSACrypto.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \
ECDSACrypto.cpp \
DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \
sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \
ECDSAImpl.c
COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC)
......@@ -115,4 +117,4 @@ cert_util_SOURCES= InvalidStateException.cpp Exception.cpp InvalidArgumentExcep
cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
-LlibBLS/build/libff/libff \
-l:libbls.a -l:libleveldb.a \
-l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl
-l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl
\ No newline at end of file
SGXWALLET_VERSION deleted 100644 → 0
View file @ 1aedf162
#define SGXWALLET_VERSION "1.49.5"
SGXWalletServer.cpp
View file @ 1b65b688
......@@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
if (!checkName(_keyShareName, "BLS_KEY")) {
throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name");
}
string cutHash = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
string hashTmp = _messageHash;
if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
}
while (cutHash[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
while (hashTmp[0] == '0') {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
}
if (!checkHex(cutHash)) {
if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
throw SGXException(UNKNOWN_ERROR, "invalid key name");
}
shared_ptr <string> key_ptr = readFromDb(_tempKeyName);
shared_ptr <string> encryptedKey = readFromDb(_tempKeyName);
writeDataToDB(_keyName, *key_ptr);
writeDataToDB(_keyName, *encryptedKey);
LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName);
} HANDLE_SGX_EXCEPTION(result)
......@@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
result["signature_r"] = "";
result["signature_s"] = "";
vector <string> sign_vect(3);
vector <string> signatureVector(3);
try {
string cutHash = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
string hashTmp = _messageHash;
if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
}
while (cutHash[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
while (hashTmp[0] == '0') {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
}
if (!checkECDSAKeyName(_keyName)) {
throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
}
if (!checkHex(cutHash)) {
if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
if (_base <= 0 || _base > 32) {
throw SGXException(-22, "Invalid base");
}
shared_ptr <string> key_ptr = readFromDb(_keyName, "");
shared_ptr <string> encryptedKey = readFromDb(_keyName, "");
sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base);
if (sign_vect.size() != 3) {
signatureVector = ecdsaSignHash(encryptedKey->c_str(), hashTmp.c_str(), _base);
if (signatureVector.size() != 3) {
throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature");
}
spdlog::debug("got signature_s {}", sign_vect.at(2));
spdlog::debug("got signature_s {}", signatureVector.at(2));
result["signature_v"] = sign_vect.at(0);
result["signature_r"] = sign_vect.at(1);
result["signature_s"] = sign_vect.at(2);
result["signature_v"] = signatureVector.at(0);
result["signature_r"] = signatureVector.at(1);
result["signature_s"] = signatureVector.at(2);
} HANDLE_SGX_EXCEPTION(result)
......@@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t ");
}
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
shared_ptr<string> encrPoly = readFromDb(_polyName);
verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n);
verifVector = get_verif_vect(encrPoly->c_str(), _t, _n);
for (int i = 0; i < _t; i++) {
vector <string> cur_coef = verifVector.at(i);
vector <string> currentCoef = verifVector.at(i);
for (int j = 0; j < 4; j++) {
result["verificationVector"][i][j] = cur_coef.at(j);
result["verificationVector"][i][j] = currentCoef.at(j);
}
}
......@@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
shared_ptr <string> encrPoly = readFromDb(_polyName);
vector <string> pubKeysStrs;
for (int i = 0; i < _n; i++) {
......@@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string s = trustedGetSecretShares(_polyName, encr_poly_ptr->c_str(), pubKeysStrs, _t, _n);
string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
//cerr << "result is " << s << endl;
result["secretShare"] = s;
......@@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() {
return result;
}
Json::Value SGXWalletServer::getServerVersionImpl() {
Json::Value SGXWalletServer::getServerVersionImpl() {
INIT_RESULT(result)
result["version"] = SGXWALLET_VERSION;
result["version"] = TOSTRING(SGXWALLET_VERSION);
return result;
}
......
SGXWalletServer.hpp
View file @ 1b65b688
......@@ -33,8 +33,13 @@
using namespace jsonrpc;
using namespace std;
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
class SGXWalletServer : public AbstractStubServer {
recursive_mutex m;
static shared_ptr<SGXWalletServer> server;
......@@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer {
public:
static const char* getVersion() {
return TOSTRING(SGXWALLET_VERSION);
}
SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type);
virtual Json::Value
......
ServerInit.cpp
View file @ 1b65b688
......@@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
static int sgxServerInited;
cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl;
cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl;
CHECK_STATE(sgxServerInited == 0)
sgxServerInited = 1;
......
ServerInit.h
View file @ 1b65b688
......@@ -25,7 +25,6 @@
#define SGXWALLET_SERVERINIT_H
#include "stdint.h"
#include "SGXWALLET_VERSION"
#ifdef __cplusplus
#define EXTERNC extern "C"
......
VERSION
View file @ 1b65b688
1.49
\ No newline at end of file
1.50.2
\ No newline at end of file
common.h
View file @ 1b65b688
......@@ -16,7 +16,7 @@
You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file BLSEnclave.cpp
@file common.h
@author Stan Kladko
@date 2020
*/
......@@ -34,10 +34,13 @@ using namespace std;
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h"
#define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}}
inline std::string className(const std::string &prettyFunction) {
size_t colons = prettyFunction.find("::");
if (colons == std::string::npos)
......
secure_enclave/Curves.c
View file @ 1b65b688
......@@ -24,7 +24,13 @@
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Curves.h"
#include "Point.h"
......
secure_enclave/Curves.h
View file @ 1b65b688
......@@ -25,6 +25,12 @@
#ifndef SGXWALLET_CURVES_H
#define SGXWALLET_CURVES_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Curves that can be loaded using domain_parameters_load_curve()*/
typedef enum { secp112r1 = 0,
......@@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0,
#define NUMBER_OF_CURVES (secp521r1+1)
/*Load a curve depending on it's curve number, defined by the enum*/
void domain_parameters_load_curve(domain_parameters out, curve_list curve);
EXTERNC void domain_parameters_load_curve(domain_parameters out, curve_list curve);
/* REMARK:
For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes!
......
secure_enclave/DHDkg.c
View file @ 1b65b688
......@@ -23,7 +23,11 @@
#include <stdlib.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Curves.h"
......
secure_enclave/DKGUtils.cpp
View file @ 1b65b688
......@@ -23,7 +23,12 @@
#include "DKGUtils.h"
#include <sgx_tgmp.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
#include <../trusted_libff/libff/algebra/fields/fp.hpp>
......
secure_enclave/DKGUtils.h
View file @ 1b65b688
......@@ -30,7 +30,12 @@
#define EXTERNC
#endif
#include <sgx_tgmp.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
EXTERNC int gen_dkg_poly( char* secret, unsigned _t);
......
secure_enclave/DomainParameters.c
View file @ 1b65b688
......@@ -21,7 +21,12 @@
@date 2019
*/
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
......
secure_enclave/DomainParameters.h
View file @ 1b65b688
......@@ -23,6 +23,11 @@
#ifndef SGXWALLET_DOMAINPARAMETERS_H
#define SGXWALLET_DOMAINPARAMETERS_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type that represents a point*/
typedef struct point_s* point;
......@@ -48,13 +53,13 @@ struct domain_parameters_s
};
/*Initialize a curve*/
domain_parameters domain_parameters_init();
EXTERNC domain_parameters domain_parameters_init();
/*Sets the name of a curve*/
void domain_parameters_set_name(domain_parameters curve, char* name);
EXTERNC void domain_parameters_set_name(domain_parameters curve, char* name);
/*Set domain parameters from decimal unsigned long ints*/
void domain_parameters_set_ui(domain_parameters curve,
EXTERNC void domain_parameters_set_ui(domain_parameters curve,
char* name,
unsigned long int p,
unsigned long int a,
......@@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve,
unsigned long int h);
/*Set domain parameters from hexadecimal string*/
void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h);
EXTERNC void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h);
/*Release memory*/
void domain_parameters_clear(domain_parameters curve);
EXTERNC void domain_parameters_clear(domain_parameters curve);
#endif
\ No newline at end of file
secure_enclave/EnclaveCommon.cpp
View file @ 1b65b688
......@@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) {
EXTERNC void LOG_INFO(char* _msg) {
logMsg(L_INFO, _msg);
};
EXTERNC void LOG_WARNING(char* _msg) {
EXTERNC void LOG_WARN(char* _msg) {
logMsg(L_WARNING, _msg);
};
......
secure_enclave/EnclaveCommon.h
View file @ 1b65b688
......@@ -53,7 +53,7 @@ EXTERNC void enclave_init();
EXTERNC void LOG_INFO(char* msg);
EXTERNC void LOG_WARNING(char* _msg);
EXTERNC void LOG_WARN(char* _msg);
EXTERNC void LOG_ERROR(char* _msg);
EXTERNC void LOG_DEBUG(char* _msg);
EXTERNC void LOG_TRACE(char* _msg);
......
secure_enclave/NumberTheory.c
View file @ 1b65b688
......@@ -23,8 +23,14 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h"
/*Calculate R = a^k mod P, using repeated square-and-multiply algorithm
......
secure_enclave/Point.c
View file @ 1b65b688
......@@ -23,11 +23,16 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <string.h>
#include <assert.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h"
#include "DomainParameters.h"
......@@ -77,14 +82,14 @@ void point_set(point R, point P)
}
/*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base)
void point_set_str(point p, const char *x, const char *y, int base)
{
mpz_set_str(p->x, x, base);
mpz_set_str(p->y, y, base);
}
/*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y)
void point_set_hex(point p, const char *x, const char *y)
{
point_set_str(p,x,y,16);
}
......
secure_enclave/Point.h
View file @ 1b65b688
......@@ -26,56 +26,58 @@
#define SGXWALLET_POINT_H
#include "DomainParameters.h"
/*Initialize a point*/
point point_init();
EXTERNC point point_init();
/*Release point*/
void point_clear(point p);
EXTERNC void point_clear(point p);
/*Set point to be a infinity*/
void point_at_infinity(point p);
EXTERNC void point_at_infinity(point p);
/*Set R to the additive inverse of P, in the curve curve*/
void point_inverse(point R, point P, domain_parameters curve);
EXTERNC void point_inverse(point R, point P, domain_parameters curve);
/*Print point to standart output stream*/
void point_print(point p);
EXTERNC void point_print(point p);
/*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y);
EXTERNC void point_set_hex(point p, const char *x, const char *y);
/*Set point from decimal unsigned long ints*/
void point_set_ui(point p, unsigned long int x, unsigned long int y);
EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y);
/*Addition of point P + Q = result*/
void point_addition(point result, point P, point Q, domain_parameters curve);
EXTERNC void point_addition(point result, point P, point Q, domain_parameters curve);
/*Set point R = 2P*/
void point_doubling(point R, point P, domain_parameters curve);
EXTERNC void point_doubling(point R, point P, domain_parameters curve);
/*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/
void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve);
EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve);
/*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base);
EXTERNC void point_set_str(point p, const char *x, const char *y, int base);
/*Compare two points return 1 if not the same, returns 0 if they are the same*/
bool point_cmp(point P, point Q);
EXTERNC bool point_cmp(point P, point Q);
/*Decompress a point from hexadecimal representation
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/
void point_decompress(point P, char* zPoint, domain_parameters curve);
EXTERNC void point_decompress(point P, char* zPoint, domain_parameters curve);
/*Compress a point to hexadecimal string
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/
char* point_compress(point P);
EXTERNC char* point_compress(point P);
/*Make R a copy of P*/
void point_copy(point R, point P);
EXTERNC void point_copy(point R, point P);
/*Set a point from another point*/
void point_set(point R, point P);
EXTERNC void point_set(point R, point P);
#endif
\ No newline at end of file
secure_enclave/Signature.c
View file @ 1b65b688
......@@ -23,9 +23,17 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h>
#include <assert.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Point.h"
#include "NumberTheory.h"
......@@ -51,13 +59,13 @@ void signature_print(signature sig) {
}
/*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base) {
void signature_set_str(signature sig, const char *r, const char *s, int base) {
mpz_set_str(sig->r, r, base);
mpz_set_str(sig->s, s, base);
}
/*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s) {
void signature_set_hex(signature sig, const char *r, const char *s) {
signature_set_str(sig, r, s, 16);
}
......@@ -84,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa
point_multiplication(public_key, private_key, curve->G, curve);
}
#ifndef USER_SPACE
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) {
//message must not have a bit length longer than that of n
......@@ -171,13 +180,26 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
}
#endif
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {
//Initialize variables
mpz_t one, w, u1, u2, t, tt2;
mpz_init(one); mpz_init(w); mpz_init(u1);
mpz_init(u2); mpz_init(t); mpz_init(tt2);
mpz_init(one);
mpz_init(w);
mpz_init(u1);
mpz_init(u2);
mpz_init(t);
mpz_init(tt2);
mpz_set_ui(one, 1);
......@@ -224,15 +246,15 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par
point_clear(t1);
point_clear(t2);
mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t);
mpz_clear(one);
mpz_clear(w);
mpz_clear(u1);
mpz_clear(u2);
mpz_clear(t);
mpz_clear(tt2);
return result;
}
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
secure_enclave/Signature.h
View file @ 1b65b688
......@@ -24,6 +24,12 @@
#ifndef SGXWALLET_SIGNATURE_H
#define SGXWALLET_SIGNATURE_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type for representing a signature*/
struct signature_s
{
......@@ -35,36 +41,36 @@ struct signature_s
typedef struct signature_s* signature;
/*Initialize a signature*/
signature signature_init();
EXTERNC signature signature_init();
/*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base);
EXTERNC void signature_set_str(signature sig, const char *r, const char *s, int base);
/*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s);
EXTERNC void signature_set_hex(signature sig, const char *r, const char *s);
/*Set signature from decimal unsigned long ints*/
void signature_set_ui(signature sig, unsigned long int r, unsigned long int s);
EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s);
/*Print signature to standart output stream*/
void signature_print(signature sig);
EXTERNC void signature_print(signature sig);
/*Make R a copy of P*/
void signature_copy(signature R, signature sig);
EXTERNC void signature_copy(signature R, signature sig);
/*Compare two signatures return 1 if not the same, returns 0 if they are the same*/
bool signature_cmp(signature sig1, signature sig2);
EXTERNC bool signature_cmp(signature sig1, signature sig2);
/*Release signature*/
void signature_free(signature sig);
EXTERNC void signature_free(signature sig);
/*Generates a public key for a private key*/
void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve);
EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve);
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve);
EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve);
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve);
EXTERNC bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve);
#endif
secure_enclave/Verify.h 0 → 100644
View file @ 1b65b688
/*
Copyright (C) 2019-Present SKALE Labs
This file is part of sgxwallet.
sgxwallet is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
sgxwallet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file Verify.h
@author Stan Kladko
@date 2020
*/
#ifndef SGXWALLET_VERIFY_H
#define SGXWALLET_VERIFY_H
#define USER_SPACE 1
#include "secure_enclave/Point.h"
#include "secure_enclave/DomainParameters.h"
#include "secure_enclave/NumberTheory.h"
#include "secure_enclave/Signature.h"
#include "secure_enclave/Curves.h"
#endif //SGXWALLET_VERIFY_H
secure_enclave/secure_enclave.c
View file @ 1b65b688
......@@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen,
(sgx_sealed_data_t *) encrypted_key);
(sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal ecsdsa private key failed");
snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status;
return;
}
......@@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
}
void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &dec_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status;
return;
}
//strncpy(err_string, skey, 1024);
//strncpy(errString, skey, 1024);
mpz_t skey_mpz;
mpz_init(skey_mpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key");
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key");
*errStatus = -10;
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
return;
}
//Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve);
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal");
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
return;
}
......@@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
int base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -281,104 +281,130 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) {
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
char* arr_m = NULL;
char* arr_r = NULL;
char* arr_s;
char* arrM = NULL;
char* arrR = NULL;
char* arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
mpz_t skey_mpz;
mpz_init(skey_mpz);
mpz_t msg_mpz;
mpz_init(msg_mpz);
signature sign = signature_init();
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init();
char* secretKey = calloc(ECDSA_SKEY_LEN,1);
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len);
if (!hash) {
*errStatus = 1;
char* msg = "NULL message hash";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_key with status %d", status);
if (strnlen(hash, 64 ) > 64) {
*errStatus = 2;
char* msg = "Hash too long";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
//snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_init(msgMpz);
if (mpz_set_str(skey_mpz, secretKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid secret key");
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
LOG_WARN(errString);
goto clean;
}
if (mpz_set_str(msg_mpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid message hash");
if (!encryptedPrivateKey) {
*errStatus = 3;
snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
LOG_ERROR(errString);
goto clean;
}
//mpz_set_str(msg_mpz,"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a", 16);
signature_sign(sign, msg_mpz, skey_mpz, curve);
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);
signature_extract_public_key(publicKey, skey_mpz, curve);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(errString, BUF_LEN,
"sgx_unseal_data failed for encryptedPrivateKey:status %d", status);
LOG_ERROR(errString);
goto clean;
}
if (!signature_verify(msg_mpz, sign, publicKey, curve)) {
*errStatus = -2;
snprintf(err_string, BUF_LEN, "signature is not verified");
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed");
LOG_ERROR(errString);
goto clean;
}
//char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2];
//char* px = mpz_get_str(arr_x, 16, Pkey->x);
//snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x);
arr_m = calloc(mpz_sizeinbase(msg_mpz, 16) + 2 ,1);
mpz_get_str(arr_m, 16, msg_mpz);
//snprintf(err_string, BUF_LEN, "message is %s ", arr_m);
arr_r = calloc(mpz_sizeinbase(sign->r, base) + 2,1);
mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024);
signature_sign(sign, msgMpz, privateKeyMpz, curve);
signature_extract_public_key(publicKey, privateKeyMpz, curve);
arr_s = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arr_s, base, sign->s);
strncpy(sig_s, arr_s, 1024);
if (!signature_verify(msgMpz, sign, publicKey, curve)) {
*errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified");
LOG_WARN(errString);
goto clean;
}
arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1);
mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v;
clean:
mpz_clear(skey_mpz);
mpz_clear(msg_mpz);
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey);
free(secretKey);
signature_free(sign);
if (arr_m != NULL) {
free(arr_m);
}
if (arr_r != NULL) {
free(arr_r);
if (privateKey)
free(privateKey);
if (arrR) {
free(arrR);
}
if (arr_s != NULL) {
free(arr_s);
if (arrS) {
free(arrS);
}
return;
......@@ -386,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key,
}
void trustedEncryptKey(int *errStatus, char *err_string, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
void trustedEncryptKey(int *errStatus, char *errString, char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN);
memset(errString, 0, BUF_LEN);
checkKey(errStatus, err_string, key);
checkKey(errStatus, errString, key);
if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
return;
}
......@@ -407,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return;
}
memset(encrypted_key, 0, BUF_LEN);
memset(encryptedPrivateKey, 0, BUF_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen,
(sgx_sealed_data_t *) encrypted_key);
(sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) {
*errStatus = SEAL_KEY_FAILED;
snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status);
snprintf(errString, BUF_LEN, "SGX seal data failed with status %d", status);
return;
}
......@@ -427,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
trustedDecryptKey(errStatus, err_string, encrypted_key, sealedLen, decryptedKey);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey);
if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, ":trustedDecryptKey failed");
snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed");
return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return;
}
......@@ -445,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
*errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return;
}
*errStatus = 0;
}
void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__);
......@@ -462,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
*errStatus = -9;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return;
}
//snprintf(err_string, BUF_LEN, "decr key is %s", key);
//snprintf(errString, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
......@@ -484,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated");
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
}
......@@ -494,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
}
void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
......@@ -507,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
trustedDecryptKey(errStatus, err_string, encrypted_key, enc_len, key);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) {
strncpy(signature, err_string, BUF_LEN);
strncpy(signature, errString, BUF_LEN);
return;
}
......@@ -526,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
free(sig);
}
void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
......@@ -537,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
return;
}
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
uint32_t sealedLen = sgx_calc_sealed_data_size(0,
DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret);
......@@ -546,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
(sgx_sealed_data_t *) encrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX seal data failed");
snprintf(errString, BUF_LEN, "SGX seal data failed");
*errStatus = status;
return;
}
......@@ -555,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
//free(dkg_secret);
}
void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -566,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
......@@ -574,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
*dec_len = decr_len;
}
void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares,
unsigned _t, unsigned _n) {
......@@ -583,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return;
}
*dec_len = decr_len;
// strncpy(err_string, decrypted_dkg_secret, 1024);
// strncpy(errString, decrypted_dkg_secret, 1024);
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
//free(decrypted_dkg_secret);
}
void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
......@@ -605,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
return;
}
//strncpy(err_string, decrypted_dkg_secret, 1024);
// strncpy(err_string, "before calc_public_shares ", 1024);
//strncpy(errString, decrypted_dkg_secret, 1024);
// strncpy(errString, "before calc_public_shares ", 1024);
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db");
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return;
}
free(decrypted_dkg_secret);
}
void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encrypted_poly) {
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len;
sgx_status_t status = sgx_unseal_data(
......@@ -629,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len,
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG (__FUNCTION__);
......@@ -648,7 +674,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
uint32_t enc_len;
trustedGenerateEcdsaKey(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) {
return;
}
......@@ -659,11 +685,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
(const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
*errStatus = status;
return;
}
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey);
snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
char *common_key[ECDSA_SKEY_LEN];
gen_session_key(skey, pub_keyB, common_key);
......@@ -672,14 +698,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "\nt does not match poly degree\n");
snprintf(errString, BUF_LEN, "\nt does not match poly degree\n");
return;
}
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share);
snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share\n");
snprintf(errString, BUF_LEN, "invalid decr secret share\n");
return;
}
......@@ -687,7 +713,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -698,7 +724,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
}
void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
......@@ -709,9 +735,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return;
}
......@@ -719,18 +745,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
}
void trustedDkgVerify(int *errStatus, char *err_string, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t key_len, unsigned _t, int _ind, int *result) {
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return;
}
......@@ -744,14 +770,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
common_key[ECDSA_SKEY_LEN - 1] = 0;
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -763,28 +789,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s);
return;
}
*result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "common_key in verification is %s", common_key);
snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
}
void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return;
}
......@@ -810,7 +836,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -820,7 +846,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -829,7 +855,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decrypted secret share");
snprintf(errString, BUF_LEN, "invalid decrypted secret share");
mpz_clear(decr_secret_share);
return;
}
......@@ -849,7 +875,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
......@@ -857,7 +883,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
(sgx_sealed_data_t *) encr_bls_key);
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "seal bls private key failed with status %d ", status);
snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status);
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
......@@ -871,7 +897,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_clear(q);
}
void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) {
void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
......@@ -880,21 +906,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke
uint32_t len = key_len;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey_hex, &len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey_hex, &len);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return;
}
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key");
snprintf(errString, BUF_LEN, "could not calculate bls public key");
return;
}
}
void trustedGenerateSEK(int *errStatus, char *err_string,
void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
......@@ -915,7 +941,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed");
snprintf(errString, BUF_LEN, "seal SEK failed");
*errStatus = status;
return;
}
......@@ -925,7 +951,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
}
void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len) {
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -936,7 +962,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx unseal SEK failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status);
return;
}
......@@ -945,7 +971,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
}
void trustedSetSEK_backup(int *errStatus, char *err_string,
void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
......@@ -958,7 +984,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status);
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
*errStatus = status;
return;
}
......@@ -966,8 +992,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
*enc_len = sealedLen;
}
void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -996,10 +1022,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -1016,21 +1042,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encrypted_key);
int stat = AES_encrypt(skey_str, encryptedPrivateKey);
if (stat != 0) {
snprintf(err_string, BUF_LEN, "ecdsa private key encryption failed");
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat;
return;
}
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encrypted_key, *enc_len, skey_str);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) {
snprintf(err_string + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
//*errStatus = stat;
return;
}
......@@ -1040,8 +1066,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
point_clear(Pkey);
}
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -1050,38 +1076,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status;
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(err_string, skey, 1024);
strncpy(errString, skey, 1024);
mpz_t skey_mpz;
mpz_init(skey_mpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey);
*errStatus = -10;
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
return;
}
//Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve);
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal");
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
return;
}
......@@ -1108,13 +1134,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) {
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
......@@ -1123,88 +1149,88 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0';
snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t skey_mpz;
mpz_init(skey_mpz);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid secret key");
mpz_clear(skey_mpz);
snprintf(errString, BUF_LEN, "invalid secret key");
mpz_clear(privateKeyMpz);
return;
}
mpz_t msg_mpz;
mpz_init(msg_mpz);
if (mpz_set_str(msg_mpz, hash, 16) == -1) {
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid message hash");
mpz_clear(msg_mpz);
snprintf(errString, BUF_LEN, "invalid message hash");
mpz_clear(msgMpz);
return;
}
signature sign = signature_init();
signature_sign(sign, msg_mpz, skey_mpz, curve);
signature_sign(sign, msgMpz, privateKeyMpz, curve);
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
if (!signature_verify(msg_mpz, sign, Pkey, curve)) {
if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2;
snprintf(err_string, BUF_LEN, "signature is not verified! ");
snprintf(errString, BUF_LEN, "signature is not verified! ");
return;
}
char arr_m[mpz_sizeinbase(msg_mpz, 16) + 2];
char *msg = mpz_get_str(arr_m, 16, msg_mpz);
snprintf(err_string, BUF_LEN, "message is %s ", arr_m);
char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
char *msg = mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arr_r[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024);
char arrR[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
char arr_s[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arr_s, base, sign->s);
strncpy(sig_s, arr_s, 1024);
char arrS[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v;
mpz_clear(skey_mpz);
mpz_clear(msg_mpz);
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
}
void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN);
memset(errString, 0, BUF_LEN);
memset(encrypted_key, 0, BUF_LEN);
memset(encryptedPrivateKey, 0, BUF_LEN);
int stat = AES_encrypt(key, encrypted_key);
int stat = AES_encrypt(key, encryptedPrivateKey);
if (stat != 0) {
*errStatus = stat;
snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat);
snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
return;
}
......@@ -1213,18 +1239,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey);
if (stat != 0) {
*errStatus = stat;
snprintf(err_string, BUF_LEN, ":trustedDecryptKey failed with status %d", stat);
snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat);
return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return;
}
......@@ -1232,32 +1258,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
*errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return;
}
*errStatus = 0;
}
void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
uint32_t decLen;
*errStatus = -9;
int status = AES_decrypt(encrypted_key, enc_len, key);
int status = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (status != 0) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
if (decLen > MAX_KEY_LENGTH) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
......@@ -1268,16 +1294,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated");
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
}
*errStatus = 0;
memcpy(err_string, AES_key, 1024);
memcpy(errString, AES_key, 1024);
}
void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
......@@ -1288,11 +1314,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
char sig[BUF_LEN];
memset(sig, 0, BUF_LEN);
int stat = AES_decrypt(encrypted_key, enc_len, key);
int stat = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (stat != 0) {
*errStatus = stat;
strncpy(signature, err_string, BUF_LEN);
strncpy(signature, errString, BUF_LEN);
return;
}
......@@ -1308,7 +1334,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
}
void
trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
......@@ -1320,12 +1346,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
return;
}
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX AES encrypt DKG poly failed");
snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
*errStatus = status;
return;
}
......@@ -1338,14 +1364,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt dkg poly failed");
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
*errStatus = status;
return;
}
if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,
"encrypted poly is not equal to decrypted poly");
*errStatus = -333;
}
......@@ -1354,7 +1380,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
}
void
trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -1362,14 +1388,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
}
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *encrypted_poly, uint64_t *enc_len) {
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -1378,12 +1404,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len,
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
char skey[ECDSA_SKEY_LEN];
......@@ -1395,7 +1421,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
uint32_t enc_len;
trustedGenerateEcdsaKeyAES(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) {
return;
}
......@@ -1405,11 +1431,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status);
*errStatus = status;
return;
}
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey);
snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
*dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
......@@ -1422,14 +1448,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, decryptedDkgPoly);
snprintf(errString, BUF_LEN, decryptedDkgPoly);
return;
}
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share);
snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
return;
}
......@@ -1437,7 +1463,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1449,7 +1475,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
}
void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
......@@ -1463,33 +1489,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db");
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return;
}
}
void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int *result) {
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN);
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status;
return;
}
......@@ -1506,7 +1532,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
if (common_key == NULL || strlen(common_key) == 0) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1515,7 +1541,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1523,27 +1549,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s);
return;
}
*result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "secret share dec %s", public_shares);
snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
}
void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, key_len, skey);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -1571,7 +1597,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -1581,7 +1607,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -1591,8 +1617,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 111;
//snprintf(err_string, BUF_LEN ,"invalid decrypted secret share");
snprintf(err_string, BUF_LEN, decr_sshare);
//snprintf(errString, BUF_LEN ,"invalid decrypted secret share");
snprintf(errString, BUF_LEN, decr_sshare);
mpz_clear(decr_secret_share);
return;
}
......@@ -1612,7 +1638,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
......@@ -1620,7 +1646,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
......@@ -1634,7 +1660,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
}
void
trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) {
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
......@@ -1642,10 +1668,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
uint32_t len = key_len;
int status = AES_decrypt(encrypted_key, key_len, skey_hex);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "aes_decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
return;
}
......@@ -1653,7 +1679,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key");
snprintf(errString, BUF_LEN, "could not calculate bls public key");
return;
}
}
......
testw.cpp
View file @ 1b65b688
......@@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
REQUIRE(c.getServerVersion()["version"] == SGXWALLET_VERSION);
REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment