Merge pull request #15 from skalenetwork/bug/SKALE-1862-sgx-server-crashes-during-dkg

Bug/skale 1862 sgx server crashes during dkg

BLSCrypto.cpp

@@ -135,6 +135,7 @@ bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
 bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
     char* _sig) {
 
+  std::cerr << "ENTER SIGN" << std::endl;
 
   auto keyStr = std::make_shared<std::string>(_encryptedKeyHex);
 
@@ -147,8 +148,11 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
   }
  // assert(binLen == hash->size());
 
+
+
   auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
 
+  std::cerr << "keyShare created" << std::endl;
  // {
     auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
  // }

BLSPrivateKeyShareSGX.cpp

@@ -79,6 +79,8 @@ BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX(
   requiredSigners = _requiredSigners;
   totalSigners = _totalSigners;
 
+  std::cerr <<   "ENTER BLSPrivateKeyShareSGX CONSTRUCTOR" << std::endl;
+
   if (requiredSigners > totalSigners) {
 
     throw std::invalid_argument("requiredSigners > totalSigners");
@@ -104,10 +106,11 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
     size_t _signerIndex) {
   shared_ptr<signatures::Bls> obj;
 
-  if (_signerIndex == 0) {
-    BOOST_THROW_EXCEPTION(runtime_error("Zero signer index"));
-  }
+//  if (_signerIndex == 0) {
+//    BOOST_THROW_EXCEPTION(runtime_error("Zero signer index"));
+//  }
   if (hash_byte_arr == nullptr) {
+    std::cerr <<   "Hash is null" << std::endl;
     BOOST_THROW_EXCEPTION(runtime_error("Hash is null"));
   }
 
@@ -123,12 +126,14 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
   string* xStr = stringFromFq(&(hash_with_hint.first.X));
 
   if (xStr == nullptr) {
+    std::cerr <<   "Null xStr" << std::endl;
     BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
   }
 
   string* yStr = stringFromFq(&(hash_with_hint.first.Y));
 
-  if (xStr == nullptr) {
+  if (yStr == nullptr) {
+    std::cerr <<   "Null yStr" << std::endl;
     BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
   }
 
@@ -154,6 +159,7 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
   bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey);
 
   if (!result) {
+    cerr <<   "Invalid hex encrypted key" << endl;
     BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
   }
 
@@ -198,6 +204,8 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
   sig.append(":");
   sig.append(hint);
 
+
+
   return sig;
 }
 

DKGCrypto.cpp

@@ -222,10 +222,11 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
     int result ;
     //std::cerr << "encr_sshare length is " << strlen(encr_sshare) << std::endl;
     //std::cerr << "public shares " << publicShares << std::endl;
-
-    char pshares[4097];
+    std::cerr << "publicShares length is " << strlen(publicShares) << std::endl;
+    char pshares[8193];
     strncpy(pshares, publicShares, strlen(publicShares) + 1);
-   // std::cerr << "pshares " << pshares << std::endl;
+    //std::cerr << "pshares " << pshares << std::endl;
+
 
     dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
 
@@ -252,11 +253,13 @@ bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const
   
   uint32_t enc_bls_len = 0;
 
+  std::cerr << "BEFORE create_bls_key IN ENCLAVE " << std::endl;
   create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
 
   std::cerr << "AFTER create_bls_key IN ENCLAVE er msg is  " << errMsg1 << std::endl;
   if ( err_status != 0){
      std::cerr << "ERROR IN ENCLAVE" << std::endl;
+     throw RPCException(ERROR_IN_ENCLAVE, "Something failed in enclave");
      return false;
   }
   else {
@@ -339,27 +342,7 @@ std::vector<std::string> mult_G2(const std::string& x){
     return result;
 }
 
-bool TestCreateBLSShare( const char * s_shares) {
-
-  char *errMsg1 = (char *)calloc(1024, 1);
-  int err_status = 0;
 
-  uint32_t enc_bls_len = 0;
-  uint8_t encr_key[BUF_LEN];
-  memset(encr_key, 1, BUF_LEN);
-  uint64_t dec_key_len ;
-  uint8_t encr_bls_key[BUF_LEN];
-
-  std::cerr << "Enter TestCreateBLSShare" << std::endl;
-  create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len,
-                 encr_bls_key, &enc_bls_len);
-
-  std::cerr << "err msg is " << errMsg1 << std::endl;
-
-  if ( err_status != 0 ){
-    std::cerr << "something went wrong in enclave " << "status is" << err_status << std::endl;
-  }
-}
 
 
 

LevelDB.cpp

@@ -154,7 +154,7 @@ void LevelDB::writeByteArray(std::string &_key, const char *value,
 }
 
 void LevelDB::throwExceptionOnError(Status _status) {
-    std::cerr << " DB exception " << std::endl;
+
     if (_status.IsNotFound())
         return;
 

Makefile.am

@@ -66,7 +66,7 @@ bin_PROGRAMS =  sgxwallet testw
 COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
 
-sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
+sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
 DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp $(COMMON_SRC)
 
 
@@ -95,20 +95,10 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -Lleveldb/build -LlibBLS/build  -LlibBLS/build
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a   -ljsonrpccpp-stub -lpthread -ljsonrpccpp-common \
    -ljsonrpccpp-server -ljsonrpccpp-client -ljsoncpp -lcurl -lprocps intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a \
    intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a
-   #-lboost_system -lboost_filesystem
-
-# -lboost_filesystem
-# -llibboost_filesystem.a
-
-# find /usr -name *libboost_filesystem*so*
-
-# -llibboost_filesystem.so
-### libboost_filesystem.so.67.1
-
 
 
 testw_SOURCES=testw.cpp stubclient.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp \
- DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp $(COMMON_SRC)
+ DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp $(COMMON_SRC)
 nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}

SGXRegistrationServer.cpp

+//
+// Created by kladko on 12/9/19.
+//
+
+#include <iostream>
+#include <fstream>
+#include <sstream>
+
+
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+#include <stdio.h>
+
+#include "sgxwallet_common.h"
+
+#include "RPCException.h"
+#include "LevelDB.h"
+
+#include <thread>
+#include <time.h>
+
+#include <functional>
+
+#include "SGXRegistrationServer.h"
+
+SGXRegistrationServer *sr = nullptr;
+HttpServer *hs2 = nullptr;
+
+bool cert_created = false;
+
+void set_cert_created1(bool b){
+  sleep(10);
+  cert_created = b;
+}
+
+
+SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
+                                 serverVersion_t type)
+    : AbstractRegServer(connector, type), is_cert_created(false) {}
+
+
+Json::Value SignSertificateImpl(const std::string& cert){
+  Json::Value result;
+  result["status"] = 0;
+  result["errorMessage"] = "";
+  try{
+
+  std::ofstream outfile ("cert/test.csr");
+  outfile << cert << std::endl;
+  outfile.close();
+  result["result"] = true;
+  std::thread thr(set_cert_created1, true);
+  thr.detach();
+
+
+ // std::thread timeout_thr (std::bind(&SGXRegistrationServer::set_cert_created, this, true));
+
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+    result["result"] = false;
+  }
+
+  return result;
+}
+
+Json::Value GetSertificateImpl(const std::string& hash){
+  Json::Value result;
+  result["status"] = 0;
+  result["errorMessage"] = "";
+  std::string cert;
+  try{
+    if (!cert_created){
+      result["status"] = 1;
+      result["cert"] = "";
+    }
+    else {
+      std::ifstream infile("cert/test_cert.crt");
+      if (!infile.is_open()) {
+        throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
+      } else {
+        ostringstream ss;
+        ss << infile.rdbuf();
+        cert = ss.str();
+
+        infile.close();
+        result["cert"] = cert;
+        result["status"] = 0;
+      }
+    }
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+    result["status"] = 1;
+  }
+
+  return result;
+}
+
+
+Json::Value SGXRegistrationServer::SignCertificate(const std::string& cert){
+  lock_guard<recursive_mutex> lock(m);
+  return SignSertificateImpl(cert);
+}
+
+Json::Value SGXRegistrationServer::GetCertificate(const std::string& hash){
+  lock_guard<recursive_mutex> lock(m);
+  return GetSertificateImpl(hash);
+}
+
+void SGXRegistrationServer::set_cert_created(bool b){
+  sleep(100);
+  is_cert_created = b;
+}
+
+
+
+int init_registration_server() {
+
+  std::string certPath = "cert/SGXCACertificate.crt";
+  std::string keyPath = "cert/SGXCACertificate.key";
+
+  if (access(certPath.c_str(), F_OK) != 0){
+    std::cerr << "CERTIFICATE IS GOING TO BE CREATED" << std::endl;
+
+    std::string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
+
+    if (system(genCert.c_str()) == 0){
+      std::cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+    }
+    else{
+      std::cerr << "CERTIFICATE GENERATION FAILED" << std::endl;
+      exit(-1);
+    }
+  }
+
+  hs2 = new HttpServer(1027);
+  sr = new SGXRegistrationServer(*hs2,
+                                 JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
+
+  if (!sr->StartListening()) {
+    cerr << "Registration server could not start listening" << endl;
+    exit(-1);
+  }
+  return 0;
+}
\ No newline at end of file

SGXRegistrationServer.h

+//
+// Created by kladko on 12/9/19.
+//
+
+#ifndef SGXD_SGXREGISTRATIONSERVER_H
+#define SGXD_SGXREGISTRATIONSERVER_H
+
+
+#include "abstractregserver.h"
+#include <mutex>
+
+using namespace jsonrpc;
+using namespace std;
+
+class SGXRegistrationServer: public AbstractRegServer {
+  std::recursive_mutex m;
+  bool is_cert_created;
+
+public:
+
+  SGXRegistrationServer(AbstractServerConnector &connector, serverVersion_t type);
+
+  void set_cert_created(bool b);
+
+  virtual Json::Value SignCertificate(const std::string& cert);
+  virtual Json::Value GetCertificate(const std::string& hash);
+
+};
+
+
+extern int init_registration_server();
+
+
+#endif // SGXD_SGXREGISTRATIONSERVER_H
\ No newline at end of file

SGXWalletServer.cpp

@@ -105,7 +105,7 @@ int init_server() {
 
 //int init_server() { //without ssl
 //
-//  hs = new HttpServer(1027, "", "", 1);
+//  hs = new HttpServer(1028);
 //  s = new SGXWalletServer(*hs,
 //                          JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 //  if (!s->StartListening()) {
@@ -600,7 +600,7 @@ Json::Value GetBLSPublicKeyShareImpl(const std::string & BLSKeyName){
         result["errorMessage"] = _e.errString;
     }
 
-    debug_print();
+    //debug_print();
 
     return result;
 }

ServerInit.cpp

@@ -47,6 +47,8 @@
 
 #include "SGXWalletServer.h"
 
+#include "SGXRegistrationServer.h"
+
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
@@ -123,6 +125,7 @@ void init_all() {
     sgxServerInited = 1;
 
     init_server();
+    init_registration_server();
     init_enclave();
     std::cerr << "enclave inited" << std::endl;
     init_daemon();

abstractregserver.h

+//
+// Created by kladko on 12/9/19.
+//
+
+#ifndef SGXD_ABSTRACTREGSERVER_H
+#define SGXD_ABSTRACTREGSERVER_H
+
+#include <jsonrpccpp/server.h>
+
+class AbstractRegServer : public jsonrpc::AbstractServer<AbstractRegServer>
+{
+public:
+  AbstractRegServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractRegServer>(conn, type)
+  {
+    this->bindAndAddMethod(jsonrpc::Procedure("SignCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"certificate",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::SignCertificateI);
+    this->bindAndAddMethod(jsonrpc::Procedure("GetCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::GetCertificateI);
+  }
+
+  inline virtual void SignCertificateI(const Json::Value &request, Json::Value &response)
+  {
+    response = this->SignCertificate( request["certificate"].asString());
+  }
+  inline virtual void GetCertificateI(const Json::Value &request, Json::Value &response)
+  {
+    response = this->GetCertificate( request["hash"].asString());
+  }
+
+
+  virtual Json::Value SignCertificate(const std::string& cert) = 0;
+  virtual Json::Value GetCertificate(const std::string& hash) = 0;
+
+};
+
+#endif // SGXD_ABSTRACTREGSERVER_H
\ No newline at end of file

secure_enclave/secure_enclave.c

@@ -739,12 +739,11 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
   sgx_status_t status = sgx_unseal_data(
       (const sgx_sealed_data_t *)encrypted_key, NULL, 0, (uint8_t*)skey, &key_len);
   if (status != SGX_SUCCESS) {
+    *err_status = 1;
     snprintf(err_string, BUF_LEN,"sgx_unseal_key failed with status %d", status);
     return;
   }
 
-  //char * skey = "a15c19da241e5b1db20d8dd8ca4b5eeaee01c709b49ec57aa78c2133d3c1b3c9";
-
   int num_shares = strlen(s_shares)/192;
 
   mpz_t sum;
@@ -786,11 +785,11 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
         return;
     }
     //decr_sshare[64] = 0;
-    snprintf(err_string + 158 * i, BUF_LEN,"decr sshare is %s", decr_sshare);
-    snprintf(err_string + 158 * i + 79, BUF_LEN," common_key is %s", common_key);
 
-    //snprintf(err_string + 89*i, BUF_LEN,"share is %s length is %d ", decr_sshare, strlen(decr_sshare));
-    //snprintf(err_string + 65*i, BUF_LEN,"%s ", decr_sshare);
+    //snprintf(err_string + 158 * i, BUF_LEN,"decr sshare is %s", decr_sshare);
+    //snprintf(err_string + 158 * i + 79, BUF_LEN," common_key is %s", common_key);
+
+
 
 
     mpz_t decr_secret_share;
@@ -816,7 +815,7 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
 
    char key_share[mpz_sizeinbase(bls_key, 16) + 2];
    char *key = mpz_get_str(key_share, 16, bls_key);
-   snprintf(err_string + 158 * num_shares , BUF_LEN," bls private key is %s", key_share);
+   snprintf(err_string, BUF_LEN," bls private key is %s", key_share);
    uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
 
 

secure_enclave/secure_enclave.edl

@@ -122,7 +122,7 @@ enclave {
          public void dkg_verification(
                                 [user_check] int *err_status,
                                 [out, count = 1024] char* err_string,
-                                [in, count = 4097] const char* public_shares,
+                                [in, count = 8193] const char* public_shares,
                                 [in, count = 193] const char* s_share,
                                 [in, count = 1024] uint8_t* encrypted_key,
                                 uint64_t key_len,

sgxwallet_common.h

@@ -55,9 +55,13 @@
 #define INVALID_ECDSA_KEY_NAME -20
 #define INVALID_HEX -21
 
+#define ERROR_IN_ENCLAVE -33
+
+#define FILE_NOT_FOUND -44
+
 #define SGX_ENCLAVE_ERROR -666;
 
-#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet1.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 
 

testw.cpp

@@ -237,29 +237,29 @@ TEST_CASE("Server BLS sign test", "[bls-server-sign]") {
 
 }
 
-TEST_CASE("KeysDB test", "[keys-db]") {
-
-
-
-    reset_db();
-    init_all();
-
-
-    string key = TEST_BLS_KEY_SHARE;
-    string value = TEST_BLS_KEY_SHARE;
-
-
-
-    REQUIRE_THROWS(readKeyShare(key));
-
-
-    writeKeyShare(key, value, 1, 2, 1);
-
-    REQUIRE(readKeyShare(key) != nullptr);
-
-
-// put your test here
-}
+//TEST_CASE("KeysDB test", "[keys-db]") {
+//
+//
+//
+//    reset_db();
+//    init_all();
+//
+//
+//    string key = TEST_BLS_KEY_SHARE;
+//    string value = TEST_BLS_KEY_SHARE;
+//
+//
+//
+//    REQUIRE_THROWS(readKeyShare(key));
+//
+//
+//    writeKeyShare(key, value, 1, 2, 1);
+//
+//    REQUIRE(readKeyShare(key) != nullptr);
+//
+//
+//// put your test here
+//}
 
 
 
@@ -741,17 +741,14 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
   std::cerr<< "test started" << std::endl;
   init_all();
   cerr << "Server inited" << endl;
-  HttpClient client("http://localhost:1027");
+  HttpClient client("http://localhost:1028");
   StubClient c(client, JSONRPC_CLIENT_V2);
   cerr << "Client inited" << endl;
 
   reset_db();
 
 
-
-
-
-  int n = 2, t = 2;
+  int n = 32, t = 32;
   Json::Value EthKeys[n];
   Json::Value VerifVects[n];
   Json::Value pubEthKeys;
@@ -851,7 +848,6 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
   std::cout << "try to get bls public key" << std::endl;
   std::cout << c.GetBLSPublicKeyShare("BLS_KEY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:0");
 
-  exit(0);
 
 }
 
@@ -957,13 +953,4 @@ TEST_CASE("API test", "[api_test]") {
   sgx_destroy_enclave(eid);
 }
 
-//decr sshare is 0570d18552dc248c5f806cbfeb96cdc40234d51233b3ba80a9c7b790ae4eed13
-//common_key is e6d91ec58664d25dd80071520793ab307bf408158543a9710445bd663041a760decr
-//sshare is d56909d4b29a0f1d306be98c019bed02e9c6b9b56bfe9e933314815983401b40
-//common_key is 0e4506de4faa7a241fccbcc9339cce03737415ba38349ccfa7aec916d37cee07
-//
-//
-//decr sshare is 1f63caaf684e632338cd7c17569fb65d820004266acd36f0b6d2cbd05648b071
-//common_key is e969840c044a3e7252e4677225f2513722d545ff1612f35d0cd66cda65185356decr
-//sshare is 20d254d489bb31fc5b470c641ba280ea35e7da3a86c11ccdb74d3f9898daaa93
-//common_key is 18dffe11f73f6d53e8f53ce1fe0ab8192f7a9180d50fb7e34a01776652e73471
+