SKALE-XXXX Make randomizers work in enclave

ECDSACrypto.cpp

+//
+// Created by kladko on 9/23/19.
+//
+
+#include "ECDSACrypto.h"
+#include "sgxwallet.h"
+
+char* gen_ecdsa_key(){
+  char *errMsg = (char *)calloc(1024, 1);
+  int err_status = 0;
+  char* encr_pr_key = (char *)calloc(1024, 1);
+  char *pub_key_x = (char *)calloc(1024, 1);
+  char *pub_key_y = (char *)calloc(1024, 1);
+  uint32_t enc_len = 0;
+
+  status = generate_ecdsa_key(eid, &err_status, errMsg, (uint8_t*)encr_pr_key, &enc_len, pub_key_x, pub_key_y );
+
+  return encr_pr_key;
+}
+
+std::vector<std::string> ecdsa_sign_hash(const char* encryptedKey, const char* hashHex){
+  std::vector<std::string> signature_vect(3);
+
+  char *errMsg = (char *)calloc(1024, 1);
+  int err_status = 0;
+  char* signature_r = (char*)malloc(1024);
+  char* signature_s = (char*)malloc(1024);
+  char* signature_v = (char*)calloc(4,1);
+  uint32_t dec_len = 0;
+
+  status = ecdsa_sign1(eid, &err_status, errMsg, (uint8_t*)encryptedKey, dec_len, (unsigned char*)hashHex, signature_r, signature_s, signature_v );
+
+  signature_vect.at(0) = signature_v;
+  signature_vect.at(1) = "0x" + std::string(signature_r);
+  signature_vect.at(2) = "0x" + std::string(signature_s);
+
+  return signature_vect;
+}
\ No newline at end of file

ECDSACrypto.h

+//
+// Created by kladko on 9/23/19.
+//
+
+#ifndef SGXD_ECDSACRYPTO_H
+#define SGXD_ECDSACRYPTO_H
+
+#include <vector>
+#include <string>
+
+
+
+/*#ifdef __cplusplus
+#define EXTERNC extern "C"
+#else
+#define EXTERNC
+#endif*/
+
+char* gen_ecdsa_key();
+
+std::vector<std::string> ecdsa_sign_hash(const char* encryptedKey, const char* hashHex);
+
+#endif //SGXD_ECDSACRYPTO_H

Makefile.am

@@ -65,7 +65,7 @@ bin_PROGRAMS =  sgxwallet testw
 COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
 
-sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp RPCException.cpp  BLSCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp $(COMMON_SRC)
+sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp $(COMMON_SRC)
 
 nodist_sgxwallet_SOURCES = $(COMMON_ENCLAVE_SRC)
 EXTRA_sgxwallet_DEPENDENCIES = secure_enclave.signed.so
@@ -90,7 +90,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
 
 sgxwallet_LDADD=-l$(SGX_URTS_LIB) -Lleveldb/build -LlibBLS/build  -LlibBLS/build/libff/libff -l:libbls.a -l:libleveldb.a -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a   -ljsonrpccpp-stub -lpthread -ljsonrpccpp-common -ljsonrpccpp-server -ljsoncpp -lprocps intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a 
 
-testw_SOURCES=testw.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp BLSPrivateKeyShareSGX.cpp $(COMMON_SRC)
+testw_SOURCES=testw.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp $(COMMON_SRC)
 nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}

SGXWalletServer.cpp

@@ -23,6 +23,7 @@
 #include "RPCException.h"
 #include "LevelDB.h"
 #include "BLSCrypto.h"
+#include "ECDSACrypto.h"
 #include "SGXWalletServer.h"
 #include "SGXWalletServer.hpp"
 
@@ -136,21 +137,27 @@ Json::Value importECDSAKeyImpl(const std::string &key, const std::string &keyNam
 
 Json::Value generateECDSAKeyImpl(const std::string &_keyName) {
 
-
     Json::Value result;
     result["status"] = 0;
     result["errorMessage"] = "";
     result["encryptedKey"] = "";
 
-    // add key generation in enclave
+    char* encryptedKey = nullptr;
 
     try {
-        writeECDSAKey(_keyName, "");
+       /* char* encryptedKey = gen_ecdsa_key();
+        if (encryptedKey == nullptr) {
+            throw RPCException(UNKNOWN_ERROR, "");
+        }*/
+
+        writeECDSAKey(_keyName, encryptedKey);
     } catch (RPCException &_e) {
         result["status"] = _e.status;
         result["errorMessage"] = _e.errString;
     }
 
+    result["encryptedKey"] = encryptedKey;
+
     return result;
 }
 
@@ -159,16 +166,25 @@ Json::Value ecdsaSignMessageHashImpl(const std::string &_keyName, const std::str
     Json::Value result;
     result["status"] = 0;
     result["errorMessage"] = "";
-    result["signature"] = "";
+    result["signature_v"] = "";
+    result["signature_r"] = "";
+    result["signature_s"] = "";
+
+    std::vector<std::string> sign_vect;
 
 
     try {
-        readECDSAKey(_keyName);
+       std::shared_ptr<std::string> key_ptr = readECDSAKey(_keyName);
+       sign_vect = ecdsa_sign_hash ((*key_ptr).c_str(), messageHash.c_str());
     } catch (RPCException &_e) {
         result["status"] = _e.status;
         result["errorMessage"] = _e.errString;
     }
 
+    result["signature_v"] = sign_vect.at(0);
+    result["signature_r"] = sign_vect.at(1);
+    result["signature_s"] = sign_vect.at(2);
+
     return result;
 }
 
@@ -230,11 +246,28 @@ void writeKeyShare(const string &_keyShareName, const string &value, int index,
     levelDb->writeString(key, value);
 }
 
-shared_ptr <std::string> readECDSAKey(const string &_keyShare) {
-    return nullptr;
+shared_ptr <std::string> readECDSAKey(const string &_keyName) {
+  auto keyStr = levelDb->readString("ECDSAKEY::" + _keyName);
 
+  if (keyStr == nullptr) {
+    throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Key share with this name does not exists");
+  }
+
+  return keyStr;
 }
 
-void writeECDSAKey(const string &_keyShare, const string &value) {
+void writeECDSAKey(const string &_keyName, const string &value) {
+    Json::Value val;
+    Json::FastWriter writer;
+
+    val["value"] = value;
+    std::string json = writer.write(val);
+
+    auto key = "ECDSAKEY:" + _keyName;
+
+    if (levelDb->readString(_keyName) != nullptr) {
+        throw new RPCException(KEY_SHARE_DOES_NOT_EXIST, "Key with this name already exists");
+    }
 
+    levelDb->writeString(key, value);
 }
\ No newline at end of file

SGXWalletServer.hpp

@@ -33,7 +33,7 @@ void writeKeyShare(const string &_keyShareName, const string &value, int index,
 
 shared_ptr<std::string> readKeyShare(const string& _keyShare);
 
-void writeECDSAKey(const string& _key, const string& value);
+void writeECDSAKey(const string& _keyName, const string& value);
 
 shared_ptr<std::string> readECDSAKey(const string& _key);
 
@@ -42,7 +42,7 @@ Json::Value importBLSKeyShareImpl(int index, const std::string& keyShare, const
 Json::Value blsSignMessageHashImpl(const std::string& keyShareName, const std::string& messageHash);
 Json::Value importECDSAKeyImpl(const std::string& key, const std::string& keyName);
 Json::Value generateECDSAKeyImpl(const std::string& keyName);
-Json::Value ecdsaSignMessageHashImpl(const std::string& keyShareName, const std::string& messageHash);
+Json::Value ecdsaSignMessageHashImpl(const std::string& keyName, const std::string& messageHash);
 
 
 

secure_enclave/secure_enclave.c

@@ -134,25 +134,33 @@ void generate_ecdsa_key(int *err_status, char *err_string,
   domain_parameters curve = domain_parameters_init();
   domain_parameters_load_curve(curve, secp256k1);
 
+  unsigned char* rand_char = (unsigned char*)malloc(32);
+  sgx_read_rand( (unsigned char*)rand_char, 32);
+
+  mpz_t seed;
+  mpz_init(seed);
+  mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
+
+  free(rand_char);
+
   mpz_t skey;
   mpz_init(skey);
+  mpz_mod(skey, seed, curve->p);
+  mpz_clear(seed);
+
   //mpz_set_str(skey, "4160780231445160889237664391382223604184857153814275770598791864649971919844", 10);
 
+
   //Public key
   point Pkey = point_init();
 
-  gmp_randstate_t state;
-  gmp_randinit_mt(state);
-
-  mpz_urandomm(skey, state, curve->p);
-
   signature_generate_key(Pkey, skey, curve);
 
   int len = mpz_sizeinbase (Pkey->x, 10) + 2;
   //snprintf(err_string, BUF_LEN, "len = %d\n", len);
   char arr_x[len];
   char* px = mpz_get_str(arr_x, 10, Pkey->x);
-  snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
+  //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
   strncpy(pub_key_x, arr_x, 1024);
 
 
@@ -162,7 +170,7 @@ void generate_ecdsa_key(int *err_status, char *err_string,
 
   char skey_str[mpz_sizeinbase (skey, 10) + 2];
   char* s  = mpz_get_str(skey_str, 10, skey);
-  snprintf(err_string, BUF_LEN, "skey is %s\n", skey_str);
+ // snprintf(err_string, BUF_LEN, "skey is %s\n", skey_str);
 
   uint32_t sealedLen = sgx_calc_sealed_data_size(0, 39);
 
@@ -175,7 +183,6 @@ void generate_ecdsa_key(int *err_status, char *err_string,
   *enc_len = sealedLen;
 
   mpz_clear(skey);
-  gmp_randclear(state);
   domain_parameters_clear(curve);
   point_clear(Pkey);
 }
@@ -378,7 +385,7 @@ void ecdsa_sign1(int *err_status, char *err_string, uint8_t *encrypted_key,
   domain_parameters curve = domain_parameters_init();
   domain_parameters_load_curve(curve, secp256k1);
 
-  char skey[2*SGX_ECP256_KEY_SIZE];
+  char skey[SGX_ECP256_KEY_SIZE];
 
   sgx_status_t status = sgx_unseal_data(
       (const sgx_sealed_data_t *)encrypted_key, NULL, 0, skey, &dec_len);
@@ -438,7 +445,7 @@ void ecdsa_sign1(int *err_status, char *err_string, uint8_t *encrypted_key,
 
   int r_gr_n = mpz_cmp(sign->r, curve->n);
 
-  if (mpz_sgn(rem) > 0 && r_gr_n < 0){
+  if (mpz_sgn(rem) && r_gr_n < 0){
     sig_v[3] = 'c';
   }
   else if (mpz_sgn(rem) > 0 && r_gr_n > 0){
@@ -448,7 +455,6 @@ void ecdsa_sign1(int *err_status, char *err_string, uint8_t *encrypted_key,
     sig_v[3] = 'd';
   }
 
-
   mpz_clear(skey_mpz);
   mpz_clear(msg_mpz);
   mpz_clear(rem);

secure_enclave/signature.c

@@ -86,18 +86,22 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
 	mpz_t t3;mpz_init(t3);
 	mpz_t s;mpz_init(s);
 
+        unsigned char* rand_char = (unsigned char*)malloc(32);
+        sgx_read_rand( rand_char, 32);
+
 	gmp_randstate_t r_state;
 
 	signature_sign_start:
 
 	//Set k
-	gmp_randinit_default(r_state);
-	//random_seeding(r_state);
-    unsigned long seed;
-    gmp_randseed_ui(r_state, seed);
-	mpz_sub_ui(t1, curve->n, 2);
-	mpz_urandomm(k , r_state , t1);
-	gmp_randclear(r_state);
+        sgx_read_rand( rand_char, 32);
+        mpz_t seed;
+        mpz_init(seed);
+        mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
+        free(rand_char);
+
+        mpz_mod(k, seed, curve->p);
+        mpz_clear(seed);
 
 	//Calculate x
 	point_multiplication(Q, k, curve->G, curve);

testw.cpp

@@ -379,7 +379,7 @@ TEST_CASE("ECDSA keygen and signature test", "[ecdsa_test]") {
   //printf("before %p\n", pub_key_x);
 
   status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
-  //printf("\nerrMsg %s\n", errMsg );
+  printf("\nerrMsg %s\n", errMsg );
   REQUIRE(status == SGX_SUCCESS);
 
   printf("\npub_key_x %s: \n", pub_key_x);
@@ -389,8 +389,8 @@ TEST_CASE("ECDSA keygen and signature test", "[ecdsa_test]") {
     printf("%u ", encr_pr_key[i]);
 
   char* hex = "38433e5ce087dcc1be82fcc834eae83c256b3db87d34f84440d0b708daa0c6f7";
-  char* signature_r = (char*)malloc(1024);
-  char* signature_s = (char*)malloc(1024);
+  char* signature_r = (char *)calloc(1024, 1);
+  char* signature_s = (char *)calloc(1024, 1);
   char* signature_v = (char*)calloc(4,1);