Merge branch 'develop' into enhancement/update-documentation

4137999f · Chadwick Strange · GitHub · 139c4a61 · df8ce3b6 · 4137999f
Unverified Commit 4137999f authored Jun 22, 2020 by Chadwick Strange Committed by GitHub Jun 22, 2020
11 changed files
--- a/BLSCrypto.cpp
+++ b/BLSCrypto.cpp
@@ -257,8 +257,6 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
    strncpy(_sig, sig.c_str(), BUF_LEN);
-    printf("_sig is: %s\n", sig.c_str());
    //string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
    //strncpy(_sig, sigShareStr.c_str(), BUF_LEN);

--- a/DockerfileBase
+++ b/DockerfileBase
@@ -12,7 +12,7 @@ RUN    apt update && \
       apt install -yq --no-install-recommends python-yaml vim \
           telnet git ca-certificates build-essential ocaml ocamlbuild \
           automake autoconf libtool wget python libssl-dev libssl-dev \
-           libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev \
+           libcurl4-openssl-dev protobuf-compiler git libprotobuf-dev  libboost-all-dev \
           alien cmake debhelper uuid-dev libxml2-dev ccache vim libprotobuf10 \
           yasm cmake flex bison  libprocps-dev ccache autoconf texinfo libssl-dev \
           libboost-all-dev libjsonrpccpp-dev libjsonrpccpp-tools && \

--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -114,6 +114,11 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
    if (errStatus != 0) {
        throw SGXException(-666, errMsg.data());
    }
+    if (status != SGX_SUCCESS) {
+        spdlog::error("failed to get ECDSA public key {}", status);
+        throw SGXException(666, "failed to get ECDSA public key");
+    }
    string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//
@@ -126,13 +131,13 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
 }
 bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
-        const char *signatureS) {
+        const char *signatureS, int base) {
    bool result = false;
    signature sig = signature_init();
-    auto r = pubKeyStr.substr(0, 64);
+    auto x = pubKeyStr.substr(0, 64);
-    auto s = pubKeyStr.substr(64, 128);
+    auto y = pubKeyStr.substr(64, 128);
    domain_parameters curve = domain_parameters_init();
    domain_parameters_load_curve(curve, secp256k1);
    point publicKey = point_init();
@@ -144,9 +149,12 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
        goto clean;
    }
-    signature_set_str(sig, signatureR, signatureS, 16);
+    if (signature_set_str(sig, signatureR, signatureS, base) != 0) {
+        spdlog::error("Failed to set str signature");
+        goto clean;
+    }
-    point_set_hex(publicKey, r.c_str(), s.c_str());
+    point_set_hex(publicKey, x.c_str(), y.c_str());
    if (!signature_verify(msgMpz, sig, publicKey, curve)) {
        spdlog::error("ECDSA sig not verified");
        goto clean;
@@ -212,7 +220,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
    /* Now verify signature */
-    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
+    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
        exception = make_shared<SGXException>(667, "ECDSA did not verify");
        goto clean;
    }

--- a/Log.h
+++ b/Log.h
@@ -41,6 +41,9 @@
 #include "common.h"
+#include <mutex>  // For std::unique_lock
+#include <shared_mutex>
 using namespace std;
@@ -75,6 +78,8 @@ public:
 #define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
        catch (exception  &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
+#define READ_LOCK(__M__)   ReadLock __rlock(__M__);
+#define WRITE_LOCK(__M__)  WriteLock __wlock(__M__);
 #define LOCK(__M__)  lock_guard<recursive_mutex> lock(__M__);
 #endif

--- a/Makefile.am
+++ b/Makefile.am
@@ -105,7 +105,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in
   -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
   intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a \
   intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a \
-   -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
+    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
 testw_SOURCES=testw.cpp $(COMMON_SRC)

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -662,17 +662,17 @@ Json::Value SGXWalletServer::getServerVersionImpl() {
 Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return generateDKGPolyImpl(_polyName, _t);
 }
 Json::Value SGXWalletServer::getVerificationVector(const string &_polynomeName, int _t, int _n) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return getVerificationVectorImpl(_polynomeName, _t, _n);
 }
 Json::Value SGXWalletServer::getSecretShare(const string &_polyName, const Json::Value &_publicKeys, int t, int n) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return getSecretShareImpl(_polyName, _publicKeys, t, n);
 }
@@ -680,41 +680,41 @@ Json::Value
 SGXWalletServer::dkgVerification(const string &_publicShares, const string &ethKeyName, const string &SecretShare,
                                 int t,
                                 int n, int index) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return dkgVerificationImpl(_publicShares, ethKeyName, SecretShare, t, n, index);
 }
 Json::Value
 SGXWalletServer::createBLSPrivateKey(const string &blsKeyName, const string &ethKeyName, const string &polyName,
                                     const string &SecretShare, int t, int n) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return createBLSPrivateKeyImpl(blsKeyName, ethKeyName, polyName, SecretShare, t, n);
 }
 Json::Value SGXWalletServer::getBLSPublicKeyShare(const string &blsKeyName) {
-    LOCK(m)
+    READ_LOCK(m)
    return getBLSPublicKeyShareImpl(blsKeyName);
 }
 Json::Value SGXWalletServer::generateECDSAKey() {
-    LOCK(m)
+    WRITE_LOCK(m)
    return generateECDSAKeyImpl();
 }
 Json::Value SGXWalletServer::renameECDSAKey(const string &_keyName, const string &_tmpKeyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return renameECDSAKeyImpl(_keyName, _tmpKeyName);
 }
 Json::Value SGXWalletServer::getPublicECDSAKey(const string &_keyName) {
-    LOCK(m)
+    READ_LOCK(m)
    return getPublicECDSAKeyImpl(_keyName);
 }
 Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyShareName, const string &_messageHash) {
-    LOCK(m)
+    READ_LOCK(m)
    spdlog::debug("MessageHash first {}", _messageHash);
    return ecdsaSignMessageHashImpl(_base, _keyShareName, _messageHash);
 }
@@ -723,43 +723,43 @@ Json::Value SGXWalletServer::ecdsaSignMessageHash(int _base, const string &_keyS
 Json::Value
 SGXWalletServer::importBLSKeyShare(const string &_keyShare, const string &_keyShareName, int _t, int _n,
                                   int index) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return importBLSKeyShareImpl(_keyShare, _keyShareName, _t, _n, index);
 }
 Json::Value SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n,
                                                int _signerIndex) {
-    LOCK(m)
+    READ_LOCK(m)
    return blsSignMessageHashImpl(_keyShareName, _messageHash, _t, _n, _signerIndex);
 }
 Json::Value SGXWalletServer::importECDSAKey(const string &_key, const string &_keyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return importECDSAKeyImpl(_key, _keyName);
 }
 Json::Value SGXWalletServer::complaintResponse(const string &polyName, int ind) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return complaintResponseImpl(polyName, ind);
 }
 Json::Value SGXWalletServer::multG2(const string &x) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return multG2Impl(x);
 }
 Json::Value SGXWalletServer::isPolyExists(const string &polyName) {
-    LOCK(m)
+    WRITE_LOCK(m)
    return isPolyExistsImpl(polyName);
 }
 Json::Value SGXWalletServer::getServerStatus() {
-    LOCK(m)
+    READ_LOCK(m)
    return getServerStatusImpl();
 }
 Json::Value SGXWalletServer::getServerVersion() {
-    LOCK(m)
+    READ_LOCK(m)
    return getServerVersionImpl();
 }

--- a/SGXWalletServer.hpp
+++ b/SGXWalletServer.hpp
@@ -24,7 +24,12 @@
 #ifndef SGXWALLET_SGXWALLETSERVER_HPP
 #define SGXWALLET_SGXWALLETSERVER_HPP
+#include <boost/thread/locks.hpp>
+#include <boost/thread/shared_mutex.hpp>
+typedef boost::shared_mutex Lock;
+typedef boost::unique_lock< Lock >  WriteLock;
+typedef boost::shared_lock< Lock >  ReadLock;
 #include <jsonrpccpp/server/connectors/httpserver.h>
 #include <mutex>
@@ -40,7 +45,7 @@ class SGXWalletServer : public AbstractStubServer {
-    recursive_mutex m;
+    Lock m;
    static shared_ptr<SGXWalletServer> server;
    static shared_ptr<HttpServer> httpServer;

--- a/TestUtils.cpp
+++ b/TestUtils.cpp
@@ -376,6 +376,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t,
        CHECK_STATE(response["status"] == 0);
        pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
        CHECK_STATE(pubBLSKeys[i]["status"] == 0);
    }
    for (int i = 0; i < t; i++) {

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -361,7 +361,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    if (!signature_verify(msgMpz, sign, publicKey, curve)) {
        *errStatus = 2;
-        snprintf(errString, BUF_LEN, "ECDSA sig not verified");
+        snprintf(errString, BUF_LEN, "ECDSA signature is not verified");
        LOG_WARN(errString);
        goto clean;
    }

--- a/sgxwall.cpp
+++ b/sgxwall.cpp
@@ -85,8 +85,12 @@ void SGXWallet::serializeKeys(vector<string>& _ecdsaKeyNames, vector<string>& _b
    for (uint i = 0; i < _ecdsaKeyNames.size(); i++) {
        auto key = to_string(i + 1);
-        ecdsaKeysJson[key] = _ecdsaKeyNames[i];
-        blsKeysJson[key] = _blsKeyNames[i];
+        string keyFull(3 - key.size(), '0');
+        keyFull.append(key);
+        ecdsaKeysJson[keyFull] = _ecdsaKeyNames[i];
+        blsKeysJson[keyFull] = _blsKeyNames[i];
    }
    top["ecdsaKeyNames"] = ecdsaKeysJson;
@@ -180,7 +184,9 @@ int main(int argc, char *argv[]) {
    initAll(enclaveLogLevel, checkClientCertOption, autoSignClientCertOption);
-    if (generateTestKeys) {
+    ifstream is("sgx_data/4node.json");
+    if (generateTestKeys && !is.good()) {
        cerr << "Generating test keys ..." << endl;
@@ -193,14 +199,16 @@ int main(int argc, char *argv[]) {
        int schainID = 1;
        int dkgID = 1;
-        TestUtils::doDKG(c, 4, 1, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
+        TestUtils::doDKG(c, 4, 3, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
        SGXWallet::serializeKeys(ecdsaKeyNames, blsKeyNames, "sgx_data/4node.json");
        schainID = 2;
        dkgID = 2;
-        TestUtils::doDKG(c, 16, 5, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
+        TestUtils::doDKG(c, 16, 11, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
        SGXWallet::serializeKeys(ecdsaKeyNames, blsKeyNames, "sgx_data/16node.json");

--- a/testw.cpp
+++ b/testw.cpp
@@ -296,6 +296,21 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
            throw;
        }
    }
+    for (int i = 0; i <= 20; i++) {
+        try {
+            auto keyName = genECDSAKeyAPI(c);
+            Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
+            REQUIRE(sig["status"].asInt() == 0);
+            Json::Value getPubKey = c.getPublicECDSAKey(keyName);
+            REQUIRE(getPubKey["status"].asInt() == 0);
+        } catch (JsonRpcException &e) {
+            cerr << e.what() << endl;
+            throw;
+        }
+    }
 }
 TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {