SKALE-2002 clean up and fix incorrect memset

2dc5a146 · Oleh Nikolaiev · 5d159a10 · 2dc5a146 · 2dc5a146 · 2dc5a146
Unverified Commit 2dc5a146 authored Jun 05, 2020 by Oleh Nikolaiev
6 changed files
--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -98,7 +98,6 @@ void SGXWalletServer::printDB() {
 }
 int SGXWalletServer::initHttpsServer(bool _checkCerts) {
    string rootCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
    string keyCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
@@ -147,7 +146,6 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
 int SGXWalletServer::initHttpServer() { //without ssl
    httpServer = make_shared<HttpServer>(BASE_PORT + 3);
    server = make_shared<SGXWalletServer>(*httpServer,
                                     JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
@@ -269,7 +267,6 @@ Json::Value SGXWalletServer::importECDSAKeyImpl(const string &_key, const string
 Json::Value SGXWalletServer::generateECDSAKeyImpl() {
    Json::Value result;
    result["status"] = 0;
    result["errorMessage"] = "";
@@ -323,7 +320,6 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
        shared_ptr <string> encryptedKey = readFromDb(_tempKeyName);
        writeDataToDB(_keyName, *encryptedKey);
        LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName);
@@ -334,10 +330,8 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
 Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_keyName, const string &_messageHash) {
    INIT_RESULT(result)
    result["signature_v"] = "";
    result["signature_r"] = "";
    result["signature_s"] = "";
@@ -345,7 +339,6 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
    vector <string> signatureVector(3);
    try {
        string hashTmp = _messageHash;
        if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
@@ -383,7 +376,6 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
 }
 Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
    INIT_RESULT(result)
    result["publicKey"] = "";
@@ -409,7 +401,6 @@ Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
 }
 Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t) {
    INIT_RESULT(result)
    string encrPolyHex;
@@ -432,7 +423,6 @@ Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t
 }
 Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, int _t, int _n) {
    Json::Value result;
    result["status"] = 0;
    result["errorMessage"] = "";
@@ -494,7 +484,6 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
        }
        string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
-        //cerr << "result is " << s << endl;
        result["secretShare"] = s;
    } catch (SGXException &_e) {
@@ -509,14 +498,12 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
 Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, const string &_ethKeyName,
                                                 const string &_secretShare, int _t, int _n, int _index) {
    Json::Value result;
    result["status"] = 0;
    result["errorMessage"] = "";
    result["result"] = true;
    try {
        if (!checkECDSAKeyName(_ethKeyName)) {
            throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
        }
@@ -537,7 +524,6 @@ Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, co
        }
    } catch (SGXException &_e) {
-        //cerr << " err str " << _e.errString << endl;
        result["status"] = _e.status;
        result["errorMessage"] = _e.errString;
        result["result"] = false;
@@ -549,14 +535,11 @@ Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, co
 Json::Value
 SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string &_ethKeyName, const string &_polyName,
                                         const string &_secretShare, int _t, int _n) {
    Json::Value result;
    result["status"] = 0;
    result["errorMessage"] = "";
    try {
        if (_secretShare.length() != (uint64_t) _n * 192) {
            spdlog::error("Invalid secret share length - {}", _secretShare.length());
            spdlog::error("Secret share - {}", _secretShare);
@@ -600,7 +583,6 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
 }
 Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName) {
    INIT_RESULT(result)
    try {
@@ -615,14 +597,12 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
        for (uint8_t i = 0; i < 4; i++) {
            result["blsPublicKeyShare"][i] = public_key_vect.at(i);
        }
    } HANDLE_SGX_EXCEPTION(result)
    return result;
 }
 Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int _ind) {
    INIT_RESULT(result)
    try {
@@ -644,7 +624,6 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
 }
 Json::Value SGXWalletServer::multG2Impl(const string &_x) {
    INIT_RESULT(result)
    try {
@@ -675,7 +654,6 @@ Json::Value SGXWalletServer::isPolyExistsImpl(const string &_polyName) {
 }
 Json::Value SGXWalletServer::getServerStatusImpl() {
    INIT_RESULT(result)
    return result;
@@ -792,7 +770,6 @@ Json::Value SGXWalletServer::getServerVersion() {
 }
 shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
    auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
    if (dataStr == nullptr) {
@@ -803,7 +780,6 @@ shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string
 }
 shared_ptr <string> SGXWalletServer::readKeyShare(const string &_keyShareName) {
    auto keyShareStr = LevelDB::getLevelDb()->readString("BLSKEYSHARE:" + _keyShareName);
    if (keyShareStr == nullptr) {
@@ -815,7 +791,6 @@ shared_ptr <string> SGXWalletServer::readKeyShare(const string &_keyShareName) {
 }
 void SGXWalletServer::writeKeyShare(const string &_keyShareName, const string &_value, int _index, int _n, int _t) {
    Json::Value val;
    Json::FastWriter writer;
@@ -850,6 +825,5 @@ void SGXWalletServer::writeDataToDB(const string &Name, const string &value) {
    }
    LevelDB::getLevelDb()->writeString(key, value);
 }
--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -60,13 +60,10 @@ void initUserSpace() {
    LevelDB::initDataFolderAndDBs();
 }
 void initEnclave(uint32_t _logLevel) {
    eid = 0;
    updated = 0;
 #ifndef SGX_HW_SIM
    unsigned long support;
    support = get_sgx_support();
@@ -78,7 +75,6 @@ void initEnclave(uint32_t _logLevel) {
    spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
    status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
                                       &updated, &eid, 0);
@@ -101,14 +97,9 @@ void initEnclave(uint32_t _logLevel) {
    }
    spdlog::info("Enclave libtgmp library and logging initialized successfully");
 }
 void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign) {
    static int sgxServerInited;
    cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl;

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -1097,7 +1097,9 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    if (status != 0) {
        *errStatus = status;
        snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
        domain_parameters_clear(curve);
        return;
    }
@@ -1109,8 +1111,10 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
        *errStatus = -1;
        snprintf(errString, BUF_LEN, "invalid secret key");
        mpz_clear(privateKeyMpz);
        domain_parameters_clear(curve);
        return;
    }
@@ -1119,9 +1123,11 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    if (mpz_set_str(msgMpz, hash, 16) == -1) {
        *errStatus = -1;
        snprintf(errString, BUF_LEN, "invalid message hash");
        mpz_clear(privateKeyMpz);
        mpz_clear(msgMpz);
        domain_parameters_clear(curve);
        return;
    }
@@ -1352,7 +1358,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
    LOG_DEBUG(__FUNCTION__);
    char skey[ECDSA_SKEY_LEN];
-    memset(skey, 0, BUF_LEN);
+    memset(skey, 0, ECDSA_SKEY_LEN);
    char pub_key_x[BUF_LEN];
    memset(pub_key_x, 0, BUF_LEN);
    char pub_key_y[BUF_LEN];

--- a/sgxwallet.c
+++ b/sgxwallet.c
@@ -68,7 +68,6 @@ void printUsage() {
 enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3,  L_ERROR = 4 };
 int main(int argc, char *argv[]) {
    bool encryptKeysOption  = false;
    bool useHTTPSOption = true;
    bool printDebugInfoOption = false;
@@ -84,9 +83,6 @@ int main(int argc, char *argv[]) {
        exit(1);
    }
    while ((opt = getopt(argc, argv, "cshd0abyvVn")) != -1) {
        switch (opt) {
            case 'h':

--- a/testw.cpp
+++ b/testw.cpp
@@ -1011,6 +1011,7 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
 TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
    std::string key = SAMPLE_AES_KEY;
+    std::string hex = SAMPLE_HEX_HASH;
    int errStatus = 0;
    vector<char> errMsg(BUF_LEN, 0);
@@ -1019,36 +1020,34 @@ TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
    trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrPrivKey.data(), &enc_len);
    REQUIRE(errStatus == SGX_SUCCESS);
-    int errStatusAES = 0;
-    vector<char> errMsgAES(BUF_LEN, 0);
-    vector <uint8_t> encrPrivKeyAES(BUF_LEN, 0);
-    uint32_t enc_lenAES = 0;
-    trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), key.c_str(), encrPrivKeyAES.data(), &enc_lenAES);
-    REQUIRE( errStatusAES == SGX_SUCCESS );
    errMsg.clear();
-    string hex = SAMPLE_HEX_HASH;
    vector<char> signatureR(BUF_LEN, 0);
    vector<char> signatureS(BUF_LEN, 0);
    uint8_t signatureV = 0;
-    //uint32_t dec_len = 0;
    status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), enc_len, (unsigned char *) hex.data(),
                              signatureR.data(),
                              signatureS.data(), &signatureV, 16);
    REQUIRE( status == SGX_SUCCESS );
    REQUIRE( errStatus == SGX_SUCCESS );
+    int errStatusAES = 0;
+    vector<char> errMsgAES(BUF_LEN, 0);
+    vector <uint8_t> encrPrivKeyAES(BUF_LEN, 0);
+    uint32_t enc_lenAES = 0;
+    trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), key.c_str(), encrPrivKeyAES.data(), &enc_lenAES);
+    REQUIRE( errStatusAES == SGX_SUCCESS );
    errMsgAES.clear();
    vector<char> signatureRAES(BUF_LEN, 0);
    vector<char> signatureSAES(BUF_LEN, 0);
    uint8_t signatureVAES = 0;
-    uint32_t dec_lenAES = 0;
+    status = trustedEcdsaSignAES(eid, &errStatusAES, errMsgAES.data(), encrPrivKeyAES.data(), enc_lenAES, (unsigned char *) hex.data(),
-    status = trustedEcdsaSignAES(eid, &errStatusAES, errMsgAES.data(), encrPrivKeyAES.data(), dec_lenAES, (unsigned char *) hex.data(),
                              signatureRAES.data(),
                              signatureSAES.data(), &signatureVAES, 16);
    REQUIRE( status == SGX_SUCCESS );
+    REQUIRE( errStatusAES == SGX_SUCCESS );
    REQUIRE( signatureR == signatureRAES );
    REQUIRE( signatureS == signatureSAES );

--- a/testw.py
+++ b/testw.py
@@ -50,8 +50,8 @@ testList = [ "[cert-sign]",
            "[many-threads-crypto]",
            "[aes-encrypt-decrypt]",
            "[sgx-encrypt-decrypt]",
-            "[aes-dkg]"#,
+            "[aes-dkg]",
-            #"[aes-not-aes]" <- this test doesn't pass for now - will fix it later
+            "[aes-not-aes]" 
            ]