Skip to content

S
sgxwallet
Unverified Commit 24a2bd1f authored by kladko's avatar kladko
Browse files
Options

SKALE-3067-cleanup-sgx

parent f88387af
Hide whitespace changes
Inline Side-by-side
Showing with 55 additions and 44 deletions
secure_enclave/secure_enclave.c
View file @ 24a2bd1f
...@@ -206,9 +206,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -206,9 +206,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
signature_extract_public_key(Pkey, skey, curve); signature_extract_public_key(Pkey, skey, curve);
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; SAFE_CHAR_BUF(arr_x, BUF_LEN);
SAFE_CHAR_BUF(arr_x, len);
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
...@@ -218,7 +216,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -218,7 +216,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
SAFE_CHAR_BUF(arr_y, mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2); SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -226,7 +224,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -226,7 +224,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
SAFE_CHAR_BUF(skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); SAFE_CHAR_BUF(skey_str, BUF_LEN);
mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str)); snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
...@@ -249,7 +247,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -249,7 +247,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
mpz_clear(seed); mpz_clear(seed);
mpz_clear(skey); mpz_clear(skey);
point_clear(Pkey); point_clear(Pkey);
} }
...@@ -264,54 +261,45 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -264,54 +261,45 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
*errString = 0; *errString = 0;
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
point Pkey = point_init();
point Pkey_test = point_init();
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status; *errStatus = status;
LOG_ERROR(errString);
return; return;
} }
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key"); snprintf(errString, BUF_LEN, "wrong string to init private key");
LOG_ERROR(errString);
*errStatus = -10; *errStatus = -10;
goto clean;
mpz_clear(privateKeyMpz);
return;
} }
//Public key //Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, privateKeyMpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
LOG_ERROR(errString);
*errStatus = -11; *errStatus = -11;
goto clean;
mpz_clear(privateKeyMpz);
point_clear(Pkey);
point_clear(Pkey_test);
return;
} }
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2; int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
SAFE_CHAR_BUF(arr_x, len); SAFE_CHAR_BUF(arr_x, BUF_LEN);
mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
...@@ -321,7 +309,7 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -321,7 +309,7 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
SAFE_CHAR_BUF(arr_y, mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2); SAFE_CHAR_BUF(arr_y, BUF_LEN);
mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
...@@ -332,8 +320,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -332,8 +320,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
*errStatus = 0; *errStatus = 0;
clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
point_clear(Pkey); point_clear(Pkey);
point_clear(Pkey_test); point_clear(Pkey_test);
} }
...@@ -424,10 +412,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -424,10 +412,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
point_clear(publicKey); point_clear(publicKey);
signature_free(sign); signature_free(sign);
return; return;
} }
...@@ -440,14 +426,13 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key, ...@@ -440,14 +426,13 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
*errString = 0; *errString = 0;
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG; *errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; LOG_ERROR(errString);
goto clean;
} }
memset(encryptedPrivateKey, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
...@@ -468,24 +453,30 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key, ...@@ -468,24 +453,30 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed"); snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed");
return; LOG_ERROR(errString);
goto clean;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) { if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
...@@ -504,12 +495,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -504,12 +495,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; LOG_ERROR(errString);
goto clean;
} }
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "wrong decLen"); snprintf(errString, BUF_LEN, "wrong decLen");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = -10; *errStatus = -10;
...@@ -518,10 +511,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -518,10 +511,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
...@@ -543,7 +540,8 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -543,7 +540,8 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
if (*errStatus != 0) { if (*errStatus != 0) {
strncpy(signature, errString, BUF_LEN); strncpy(signature, errString, BUF_LEN);
return; LOG_ERROR(errString);
goto clean;
} }
enclave_sign(key, _hashX, _hashY, sig); enclave_sign(key, _hashX, _hashY, sig);
...@@ -552,10 +550,14 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -552,10 +550,14 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
if (strnlen(signature, BUF_LEN) < 10) { if (strnlen(signature, BUF_LEN) < 10) {
*errStatus = -1; *errStatus = -1;
return; strncpy(errString, "signature too short", BUF_LEN);
LOG_ERROR(errString);
goto clean;
} }
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
...@@ -570,7 +572,9 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg ...@@ -570,7 +572,9 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
if (gen_dkg_poly(dkg_secret, _t) != 0) { if (gen_dkg_poly(dkg_secret, _t) != 0) {
*errStatus = -1; *errStatus = -1;
return; strncpy(errString, "Couldnt generate poly", BUF_LEN);
LOG_ERROR(errString);
goto clean;
} }
uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH); uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH);
...@@ -580,14 +584,17 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg ...@@ -580,14 +584,17 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "SGX seal data failed"); snprintf(errString, BUF_LEN, "SGX seal data failed");
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void void
...@@ -606,13 +613,17 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_ ...@@ -606,13 +613,17 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
LOG_ERROR(errString);
*errStatus = status; *errStatus = status;
return; goto clean;
} }
*dec_len = decr_len; *dec_len = decr_len;
*errStatus = 0; *errStatus = 0;
clean:
;
} }
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment