Skip to content

S
sgxwallet
Unverified Commit 54824dc0 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev
Browse files
Options

SKALE-2002 replace sgx seal/unseal with aes encryption/decryption

parent 9c21e3b9
Hide whitespace changes
Inline Side-by-side
Showing with 26 additions and 97 deletions
BLSCrypto.cpp
View file @ 54824dc0
......@@ -290,11 +290,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex,
char *_sig) {
if (!encryptKeys) {
return sign(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
} else {
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
......
DKGCrypto.cpp
View file @ 54824dc0
......@@ -83,10 +83,8 @@ string gen_dkg_poly(int _t) {
uint32_t enc_len = 0;
if (!encryptKeys)
status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
else
status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
if (errStatus != 0) {
throw SGXException(-666, errMsg.data());
}
......@@ -95,9 +93,7 @@ string gen_dkg_poly(int _t) {
spdlog::debug("in DKGCrypto encr len is {}", enc_len);
uint64_t length = DKG_MAX_SEALED_LEN;
if (encryptKeys) {
length = enc_len;
}
length = enc_len;
vector<char> hexEncrPoly(2 * length + 1, 0);
CHECK_STATE(encrypted_dkg_secret.size() >= length);
......@@ -127,26 +123,16 @@ vector<vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int n
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex));
spdlog::debug("enc len {}", encLen);
status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen,
pubShares.data(), t, n);
uint32_t len = 0;
if (!encryptKeys)
status = trustedGetPublicShares(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), len, pubShares.data(), t,
n);
else {
status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen,
pubShares.data(), t, n);
}
if (errStatus != 0) {
throw SGXException(-666, errMsg1.data());
}
spdlog::debug("err msg is {}", errMsg1.data());
spdlog::debug("public_shares:");
......@@ -179,11 +165,7 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
if (!encryptKeys)
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data());
else
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), &encLen);
status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), &encLen);
if (status != SGX_SUCCESS || errStatus != 0) {
throw SGXException(-666, errMsg1.data());
......@@ -206,13 +188,9 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol
spdlog::debug("pubKeyB is {}", pub_keyB);
if (!encryptKeys)
trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
else
trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
if (errStatus != 0) {
throw SGXException(-666, errMsg1.data());
}
......@@ -261,11 +239,7 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
memset(pshares, 0, 8193);
strncpy(pshares, publicShares, strlen(publicShares));
if (!encryptKeys)
trustedDkgVerify(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result);
else
trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result);
trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result);
if (result == 2) {
throw SGXException(INVALID_HEX, "Invalid public shares");
......@@ -296,11 +270,7 @@ bool CreateBLSShare(const string &blsKeyName, const char *s_shares, const char *
uint32_t enc_bls_len = 0;
if (!encryptKeys)
trustedCreateBlsKey(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len);
else
trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len);
trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len);
if (errStatus != 0) {
......@@ -336,10 +306,8 @@ vector<string> GetBLSPubKey(const char *encryptedKeyHex) {
char pubKey[320];
spdlog::debug("decKeyLen is {}", decKeyLen);
if (!encryptKeys)
trustedGetBlsPubKey(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey);
else
trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey);
trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey);
if (errStatus != 0) {
spdlog::error(string(errMsg1) + " . Status is {}", errStatus);
throw SGXException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
......@@ -377,10 +345,8 @@ string decryptDHKey(const string &polyName, int ind) {
char DHKey[ECDSA_SKEY_LEN];
if (!encryptKeys)
trustedDecryptKey(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
else
trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
if (errStatus != 0) {
throw SGXException(/*ERROR_IN_ENCLAVE*/ errStatus, "decrypt key failed in enclave");
}
......
ECDSACrypto.cpp
View file @ 54824dc0
......@@ -67,17 +67,9 @@ vector <string> genECDSAKey() {
uint32_t enc_len = 0;
// status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encr_pr_key.data(), &enc_len,
// pub_key_x.data(), pub_key_y.data());
if (!encryptKeys)
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(),
&enc_len, pub_key_x.data(), pub_key_y.data());
else
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
if (status != SGX_SUCCESS || errStatus != 0) {
spdlog::error("RPCException thrown with status {}", status);
......@@ -119,15 +111,9 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
// status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data());
else
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (errStatus != 0) {
throw SGXException(-666, errMsg.data());
}
......@@ -205,24 +191,11 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
pubKeyStr = getECDSAPubKey(encryptedKeyHex);
// status = trustedEcdsaSignAES(eid, &errStatus,
// errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
// signatureR.data(),
// signatureS.data(), &signatureV, base);
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
} else
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (errStatus != 0) {
exception = make_shared<SGXException>(666, errMsg.data());
goto clean;
......
secure_enclave/secure_enclave.c
View file @ 54824dc0
......@@ -1103,7 +1103,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
return;
}
//skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0';
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t privateKeyMpz;
......@@ -1111,6 +1111,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key");
LOG_ERROR(skey);
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
......
testw.cpp
View file @ 54824dc0
......@@ -421,16 +421,11 @@ TEST_CASE_METHOD("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
for (int i = 0; i <= 20; i++) {
try {
Json::Value genKey = c.generateECDSAKey();
REQUIRE(genKey["status"].asInt() == 0);
......@@ -442,13 +437,11 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
REQUIRE(sig["status"].asInt() == 0);
Json::Value getPubKey = c.getPublicECDSAKey(genKey["keyName"].asString());
REQUIRE(getPubKey["status"].asInt() == 0);
} catch (JsonRpcException &e) {
cerr << e.what() << endl;
throw;
}
}
}
TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment