Merge branch 'develop' into enhancement/update-documentation

BLSCrypto.cpp

@@ -257,8 +257,6 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
 
     strncpy(_sig, sig.c_str(), BUF_LEN);
 
-    printf("_sig is: %s\n", sig.c_str());
-
     //string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
     //strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
 

DockerfileBase

@@ -12,7 +12,7 @@ RUN    apt update && \
        apt install -yq --no-install-recommends python-yaml vim \
            telnet git ca-certificates build-essential ocaml ocamlbuild \
            automake autoconf libtool wget python libssl-dev libssl-dev \
-           libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev \
+           libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev  libboost-all-dev \
            alien cmake debhelper uuid-dev libxml2-dev ccache vim libprotobuf10 \
            yasm cmake flex bison  libprocps-dev ccache autoconf texinfo libssl-dev \
            libboost-all-dev libjsonrpccpp-dev libjsonrpccpp-tools && \

ECDSACrypto.cpp

@@ -114,6 +114,11 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
     if (errStatus != 0) {
         throw SGXException(-666, errMsg.data());
     }
+
+    if (status != SGX_SUCCESS) {
+        spdlog::error("failed to get ECDSA public key {}", status);
+        throw SGXException(666, "failed to get ECDSA public key");
+    }
     string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//
 
 
@@ -126,13 +131,13 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
 }
 
 bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
-        const char *signatureS) {
+        const char *signatureS, int base) {
     bool result = false;
 
     signature sig = signature_init();
 
-    auto r = pubKeyStr.substr(0, 64);
-    auto s = pubKeyStr.substr(64, 128);
+    auto x = pubKeyStr.substr(0, 64);
+    auto y = pubKeyStr.substr(64, 128);
     domain_parameters curve = domain_parameters_init();
     domain_parameters_load_curve(curve, secp256k1);
     point publicKey = point_init();
@@ -144,9 +149,12 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
         goto clean;
     }
 
-    signature_set_str(sig, signatureR, signatureS, 16);
+    if (signature_set_str(sig, signatureR, signatureS, base) != 0) {
+        spdlog::error("Failed to set str signature");
+        goto clean;
+    }
 
-    point_set_hex(publicKey, r.c_str(), s.c_str());
+    point_set_hex(publicKey, x.c_str(), y.c_str());
     if (!signature_verify(msgMpz, sig, publicKey, curve)) {
         spdlog::error("ECDSA sig not verified");
         goto clean;
@@ -212,7 +220,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
 
     /* Now verify signature */
 
-    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
+    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
         exception = make_shared<SGXException>(667, "ECDSA did not verify");
         goto clean;
     }

Log.h

@@ -41,6 +41,9 @@
 
 #include "common.h"
 
+#include <mutex>  // For std::unique_lock
+#include <shared_mutex>
+
 using namespace std;
 
 
@@ -75,6 +78,8 @@ public:
 #define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
         catch (exception  &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
 
+#define READ_LOCK(__M__)   ReadLock __rlock(__M__);
+#define WRITE_LOCK(__M__)  WriteLock __wlock(__M__);
 #define LOCK(__M__)  lock_guard<recursive_mutex> lock(__M__);
 
 #endif

Makefile.am

@@ -105,7 +105,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in
    -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
    intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a \
    intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a \
-   -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
+    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
 
 
 testw_SOURCES=testw.cpp $(COMMON_SRC)

SGXWalletServer.cpp

@@ -662,17 +662,17 @@ Json::Value SGXWalletServer::getServerVersionImpl() {
 
 
 Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return generateDKGPolyImpl(_polyName, _t);
 }
 
 Json::Value SGXWalletServer::getVerificationVector(const string &_polynomeName, int _t, int _n) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return getVerificationVectorImpl(_polynomeName, _t, _n);
 }
 
 Json::Value SGXWalletServer::getSecretShare(const string &_polyName, const Json::Value &_publicKeys, int t, int n) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return getSecretShareImpl(_polyName, _publicKeys, t, n);
 }
 
@@ -680,41 +680,41 @@ Json::Value
 SGXWalletServer::dkgVerification(const string &_publicShares, const string &ethKeyName, const string &SecretShare,
                                  int t,
                                  int n, int index) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return dkgVerificationImpl(_publicShares, ethKeyName, SecretShare, t, n, index);
 }
 
 Json::Value
 SGXWalletServer::createBLSPrivateKey(const string &blsKeyName, const string &ethKeyName, const string &polyName,
                                      const string &SecretShare, int t, int n) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return createBLSPrivateKeyImpl(blsKeyName, ethKeyName, polyName, SecretShare, t, n);
 }
 
 Json::Value SGXWalletServer::getBLSPublicKeyShare(const string &blsKeyName) {
-    LOCK(m)
+    READ_LOCK(m)
     return getBLSPublicKeyShareImpl(blsKeyName);
 }
 
 
 Json::Value SGXWalletServer::generateECDSAKey() {
-    LOCK(m)
+    WRITE_LOCK(m)
     return generateECDSAKeyImpl();
 }
 
 Json::Value SGXWalletServer::renameECDSAKey(const string &_keyName, const string &_tmpKeyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return renameECDSAKeyImpl(_keyName, _tmpKeyName);
 }
 
 Json::Value SGXWalletServer::getPublicECDSAKey(const string &_keyName) {
-    LOCK(m)
+    READ_LOCK(m)
     return getPublicECDSAKeyImpl(_keyName);
 }
 
 
 Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyShareName, const string &_messageHash) {
-    LOCK(m)
+    READ_LOCK(m)
     spdlog::debug("MessageHash first {}", _messageHash);
     return ecdsaSignMessageHashImpl(_base, _keyShareName, _messageHash);
 }
@@ -723,43 +723,43 @@ Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyS
 Json::Value
 SGXWalletServer::importBLSKeyShare(const string &_keyShare, const string &_keyShareName, int _t, int _n,
                                    int index) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return importBLSKeyShareImpl(_keyShare, _keyShareName, _t, _n, index);
 }
 
 Json::Value SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n,
                                                 int _signerIndex) {
-    LOCK(m)
+    READ_LOCK(m)
     return blsSignMessageHashImpl(_keyShareName, _messageHash, _t, _n, _signerIndex);
 }
 
 Json::Value SGXWalletServer::importECDSAKey(const string &_key, const string &_keyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return importECDSAKeyImpl(_key, _keyName);
 }
 
 Json::Value SGXWalletServer::complaintResponse(const string &polyName, int ind) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return complaintResponseImpl(polyName, ind);
 }
 
 Json::Value SGXWalletServer::multG2(const string &x) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return multG2Impl(x);
 }
 
 Json::Value SGXWalletServer::isPolyExists(const string &polyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
     return isPolyExistsImpl(polyName);
 }
 
 Json::Value SGXWalletServer::getServerStatus() {
-    LOCK(m)
+    READ_LOCK(m)
     return getServerStatusImpl();
 }
 
 Json::Value SGXWalletServer::getServerVersion() {
-    LOCK(m)
+    READ_LOCK(m)
     return getServerVersionImpl();
 }
 

SGXWalletServer.hpp

@@ -24,7 +24,12 @@
 #ifndef SGXWALLET_SGXWALLETSERVER_HPP
 #define SGXWALLET_SGXWALLETSERVER_HPP
 
+#include <boost/thread/locks.hpp>
+#include <boost/thread/shared_mutex.hpp>
 
+typedef boost::shared_mutex Lock;
+typedef boost::unique_lock< Lock >  WriteLock;
+typedef boost::shared_lock< Lock >  ReadLock;
 
 #include <jsonrpccpp/server/connectors/httpserver.h>
 #include <mutex>
@@ -40,7 +45,7 @@ class SGXWalletServer : public AbstractStubServer {
 
 
 
-    recursive_mutex m;
+    Lock m;
 
     static shared_ptr<SGXWalletServer> server;
     static shared_ptr<HttpServer> httpServer;

TestUtils.cpp

@@ -376,6 +376,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t,
         CHECK_STATE(response["status"] == 0);
         pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
         CHECK_STATE(pubBLSKeys[i]["status"] == 0);
+
     }
 
     for (int i = 0; i < t; i++) {

secure_enclave/secure_enclave.c

@@ -361,7 +361,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
 
     if (!signature_verify(msgMpz, sign, publicKey, curve)) {
         *errStatus = 2;
-        snprintf(errString, BUF_LEN, "ECDSA sig not verified");
+        snprintf(errString, BUF_LEN, "ECDSA signature is not verified");
         LOG_WARN(errString);
         goto clean;
     }

sgxwall.cpp

@@ -85,8 +85,12 @@ void SGXWallet::serializeKeys(vector<string>& _ecdsaKeyNames, vector<string>& _b
 
     for (uint i = 0; i < _ecdsaKeyNames.size(); i++) {
         auto key = to_string(i + 1);
-        ecdsaKeysJson[key] = _ecdsaKeyNames[i];
-        blsKeysJson[key] = _blsKeyNames[i];
+
+        string keyFull(3 - key.size(), '0');
+        keyFull.append(key);
+
+        ecdsaKeysJson[keyFull] = _ecdsaKeyNames[i];
+        blsKeysJson[keyFull] = _blsKeyNames[i];
     }
 
     top["ecdsaKeyNames"] = ecdsaKeysJson;
@@ -180,7 +184,9 @@ int main(int argc, char *argv[]) {
 
     initAll(enclaveLogLevel, checkClientCertOption, autoSignClientCertOption);
 
-    if (generateTestKeys) {
+    ifstream is("sgx_data/4node.json");
+
+    if (generateTestKeys && !is.good()) {
 
         cerr << "Generating test keys ..." << endl;
 
@@ -193,14 +199,16 @@ int main(int argc, char *argv[]) {
         int schainID = 1;
         int dkgID = 1;
 
-        TestUtils::doDKG(c, 4, 1, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
+        TestUtils::doDKG(c, 4, 3, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
 
         SGXWallet::serializeKeys(ecdsaKeyNames, blsKeyNames, "sgx_data/4node.json");
 
+
         schainID = 2;
         dkgID = 2;
 
-        TestUtils::doDKG(c, 16, 5, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
+
+        TestUtils::doDKG(c, 16, 11, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
 
         SGXWallet::serializeKeys(ecdsaKeyNames, blsKeyNames, "sgx_data/16node.json");
 

testw.cpp

@@ -296,6 +296,21 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
             throw;
         }
     }
+
+    for (int i = 0; i <= 20; i++) {
+        try {
+
+            auto keyName = genECDSAKeyAPI(c);
+
+            Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
+            REQUIRE(sig["status"].asInt() == 0);
+            Json::Value getPubKey = c.getPublicECDSAKey(keyName);
+            REQUIRE(getPubKey["status"].asInt() == 0);
+        } catch (JsonRpcException &e) {
+            cerr << e.what() << endl;
+            throw;
+        }
+    }
 }
 
 TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {