Skip to content

S
sgxwallet
Unverified Commit 3f490811 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #220 from skalenetwork/SECURE_ENCLAVE_CHANGES 

Secure enclave changes
parents 553187f1 47a9b257
Hide whitespace changes
Inline Side-by-side
Showing with 49 additions and 49 deletions
.gitmodules
View file @ 3f490811
......@@ -16,3 +16,7 @@
[submodule "sgx-software-enable"]
path = sgx-software-enable
url = https://github.com/intel/sgx-software-enable
[submodule "secure_enclave/secp256k1-sgx"]
path = secure_enclave/secp256k1-sgx
url = https://github.com/bl4ck5un/secp256k1-sgx
branch = master
DKGCrypto.cpp
View file @ 3f490811
......@@ -197,7 +197,7 @@ vector <vector<string>> getVerificationVectorMult(const std::string& encryptedPo
vector<vector<string>> result(t);
for (size_t i = 0; i < t; ++i) {
for (int i = 0; i < t; ++i) {
libff::alt_bn128_G2 current_coefficient;
current_coefficient.X.c0 = libff::alt_bn128_Fq(verificationVector[i][0].c_str());
current_coefficient.X.c1 = libff::alt_bn128_Fq(verificationVector[i][1].c_str());
......@@ -224,7 +224,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
CHECK_STATE(_encryptedPolyHex);
vector<char> hexEncrKey(BUF_LEN, 0);
vector<char> errMsg1(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
vector <uint8_t> encrDKGPoly(BUF_LEN, 0);
int errStatus = 0;
uint64_t encLen = 0;
......@@ -238,10 +238,6 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
READ_LOCK(sgxInitMutex);
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
string result;
for (int i = 0; i < _n; i++) {
......@@ -259,26 +255,22 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
spdlog::debug("pubKeyB is {}", pub_keyB);
sgx_status_t status = SGX_SUCCESS;
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
status = trustedGetEncryptedSecretShare(eid, &errStatus,
errMsg.data(),
encrDKGPoly.data(), encLen,
encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
i + 1);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
spdlog::debug("cur_share is {}", currentShare.data());
result += string(currentShare.data());
spdlog::debug("dec len is {}", decLen);
hexEncrKey = carray2Hex(encryptedSkey.data(), decLen);
string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":";
spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data());
spdlog::debug("name to write to db is {}", dhKeyName);
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
spdlog::debug("name to write to db is {}", shareG2_name);
spdlog::debug("s_shareG2: {}", sShareG2.data());
SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
......
SGXWalletServer.cpp
View file @ 3f490811
......@@ -157,6 +157,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
httpServer = make_shared<HttpServer>(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts,
NUM_THREADS);
server = make_shared<SGXWalletServer>(*httpServer,
JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
......@@ -658,10 +659,10 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
}
for (int i = 0; i < _n; i++) {
string name = _polyName + "_" + to_string(i) + ":";
LevelDB::getLevelDb()->deleteDHDKGKey(name);
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
LevelDB::getLevelDb()->deleteKey(shareG2_name);
string name = _polyName + "_" + to_string(i) + ":";
LevelDB::getLevelDb()->deleteDHDKGKey(name);
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
LevelDB::getLevelDb()->deleteKey(shareG2_name);
}
LevelDB::getLevelDb()->deleteKey(_polyName);
......
VERSION
View file @ 3f490811
1.58.6
\ No newline at end of file
1.58.7
\ No newline at end of file
common.h
View file @ 3f490811
......@@ -101,7 +101,7 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
extern std::shared_timed_mutex sgxInitMutex;
extern uint64_t initTime;
#if SGX_MODE == SIM
#ifdef SGX_HW_SIM
#define ENCLAVE_RESTART_PERIOD_S 5
#else
#define ENCLAVE_RESTART_PERIOD_S 60 * 10
......
secure_enclave/EnclaveCommon.cpp
View file @ 3f490811
......@@ -82,8 +82,8 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
try {
_fq->as_bigint().to_mpz(t);
char *tmp = mpz_get_str(arr, 10, t);
ret = new string(tmp);
mpz_get_str(arr, 10, t);
ret = new string(arr);
} catch (exception &e) {
LOG_ERROR(e.what());
goto clean;
......@@ -107,13 +107,13 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
try {
_g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X);
sX = stringFromFq(&_g1->X);
if (!sX) {
goto clean;
}
auto sY = stringFromFq(&_g1->Y);
sY = stringFromFq(&_g1->Y);
if (!sY) {
goto clean;
......@@ -131,8 +131,8 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
clean:
SAFE_FREE(sX);
SAFE_FREE(sY);
SAFE_DELETE(sX);
SAFE_DELETE(sY);
return ret;
......@@ -226,7 +226,7 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
}
try {
auto key = keyFromString(_keyString);
key = keyFromString(_keyString);
if (!key) {
LOG_ERROR("Null key");
......@@ -243,13 +243,13 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
sign.to_affine_coordinates();
auto r = stringFromG1(&sign);
r = stringFromG1(&sign);
memset(sig, 0, BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN);
ret = true;
ret = true;
} catch (exception &e) {
LOG_ERROR(e.what());
......
secp256k1-sgx @ 5f235e8e
Subproject commit 5f235e8e9e821cd972c4a57afdfe47a7fe83acd0
secure_enclave/secure_enclave.c
View file @ 3f490811
......@@ -163,7 +163,7 @@ void trustedEnclaveInit(uint64_t _logLevel) {
LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!");
#endif
#if SGX_MODE == SIM
#ifdef SGX_HW_SIM
LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE SIMULATION MODE! NEVER USE IN PRODUCTION!");
#endif
......@@ -847,10 +847,14 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
LOG_INFO("SGX call completed");
}
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
void trustedGetEncryptedSecretShare(int *errStatus, char *errString,
uint8_t *_encrypted_poly, uint64_t _enc_len,
uint8_t *encrypted_skey, uint64_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -864,6 +868,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
LOG_DEBUG(__FUNCTION__);
trustedSetEncryptedDkgPoly(&status, errString, _encrypted_poly, _enc_len);
CHECK_STATUS2("trustedSetEncryptedDkgPoly failed with status %d ");
SAFE_CHAR_BUF(skey, BUF_LEN);
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
......@@ -1118,8 +1127,6 @@ trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKe
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN,
&type, &exportable);
......
secure_enclave/secure_enclave.edl
View file @ 3f490811
......@@ -88,15 +88,15 @@ enclave {
[out, count = 3072] uint8_t* decrypted_dkg_secret
);
public void trustedSetEncryptedDkgPoly(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint64_t enc_len);
public void trustedGetEncryptedSecretShare(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint64_t enc_len,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[out] uint64_t* dec_len,
[out, count = 193] char* result_str,
......
testw.cpp
View file @ 3f490811
......@@ -370,20 +370,15 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
uint64_t enc_len = encLen;
PRINT_SRC_LINE
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
vector <uint8_t> encrPRDHKey(BUF_LEN, 0);
string pub_keyB = SAMPLE_PUBLIC_KEY_B;
vector<char> s_shareG2(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
status = trustedGetEncryptedSecretShare(eid, &errStatus,errMsg.data(),
encryptedDKGSecret.data(), encLen,
encrPRDHKey.data(), &encLen,
result.data(),
s_shareG2.data(),
(char *) pub_keyB.data(), 2, 2, 1);
......@@ -779,8 +774,8 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0);
REQUIRE(errStatus == 0);
REQUIRE(key.compare(decr_key.data()) == 0);
REQUIRE(errStatus == 0);
}
......
testw.h
View file @ 3f490811
......@@ -31,7 +31,7 @@
#define SAMPLE_KEY_NAME "tmp_NEK:8abc8e8280fb060988b65da4b8cb00779a1e816ec42f8a40ae2daa520e484a01"
#define SAMPLE_AES_KEY "123456789"
#define SAMPLE_POLY_NAME "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
#define SAMPLE_POLY_NAME "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
#define RPC_ENDPOINT "http://localhost:1029"
#define SAMPLE_PUBLIC_KEY_B "c0152c48bf640449236036075d65898fded1e242c00acb45519ad5f788ea7cbf9a5df1559e7fc87932eee5478b1b9023de19df654395574a690843988c3ff475"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment