Unverified Commit 5683ee17 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub

Merge pull request #142 from skalenetwork/SKALE-3067-cleanup3

Skale 3067 cleanup3
parents 6f35e65a e37986d6
...@@ -67,6 +67,7 @@ vector <string> genECDSAKey() { ...@@ -67,6 +67,7 @@ vector <string> genECDSAKey() {
vector <string> keys(3); vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0); vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
keys.at(0) = hexEncrKey.data(); keys.at(0) = hexEncrKey.data();
keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
......
Subproject commit f980b79f086b27b187bb696de1d7b99a0988859b Subproject commit 8dc9f547c612010ea0b6257d86bcbd4ff7149565
Subproject commit 6c863ecc15eb5580e469f6b7f59817fdd08da1d1 Subproject commit 78ea56c3b5251e9d840ef65705bb2c5f8f193662
Subproject commit b0a445ba09e96e1d0507487e5c496485a9cf3742 Subproject commit 95eaa6f6693cd86c35e10a22b4f8e483373c987c
...@@ -63,6 +63,16 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { ...@@ -63,6 +63,16 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt");
return -2;
}
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"); LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
......
...@@ -23,12 +23,16 @@ ...@@ -23,12 +23,16 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef USER_SPACE #ifdef USER_SPACE
#include <gmp.h> #include <gmp.h>
#else #else
#include <../tgmp-build/include/sgx_tgmp.h> #include <../tgmp-build/include/sgx_tgmp.h>
#endif #endif
#include "EnclaveConstants.h"
#include "DomainParameters.h" #include "DomainParameters.h"
#include "Curves.h" #include "Curves.h"
#include "Point.h" #include "Point.h"
...@@ -38,144 +42,227 @@ ...@@ -38,144 +42,227 @@
#include "EnclaveCommon.h" #include "EnclaveCommon.h"
#include <string.h> #include <string.h>
void gen_session_key(char *skey_str, char* pb_keyB, char* common_key) { int gen_session_key(char *skey_str, char *pb_keyB, char *common_key) {
char* pb_keyB_x = (char*)calloc(65, 1);
int ret = -1;
LOG_INFO(__FUNCTION__);
SAFE_CHAR_BUF(pb_keyB_x, 65);SAFE_CHAR_BUF(pb_keyB_y, 65);
mpz_t skey;
mpz_init(skey);
point pub_keyB = point_init();
point session_key = point_init();
if (!common_key) {
LOG_ERROR("gen_session_key: Null common_key");
goto clean;
}
common_key[0] = 0;
if (!skey_str) {
LOG_ERROR("gen_session_key: Null skey_str");
goto clean;
}
if (!pb_keyB) {
LOG_ERROR("gen_session_key: Null skey_str");
goto clean;
}
strncpy(pb_keyB_x, pb_keyB, 64); strncpy(pb_keyB_x, pb_keyB, 64);
pb_keyB_x[64] = 0; pb_keyB_x[64] = 0;
char* pb_keyB_y = (char*)calloc(65,1);
strncpy(pb_keyB_y, pb_keyB + 64, 64); strncpy(pb_keyB_y, pb_keyB + 64, 64);
pb_keyB_y[64] = 0; pb_keyB_y[64] = 0;
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
mpz_t skey;
mpz_init(skey);
mpz_set_str(skey, skey_str, 16); mpz_set_str(skey, skey_str, 16);
point pub_keyB = point_init();
point_set_hex(pub_keyB, pb_keyB_x, pb_keyB_y); point_set_hex(pub_keyB, pb_keyB_x, pb_keyB_y);
point session_key = point_init();
point_multiplication(session_key, skey, pub_keyB, curve); point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2]; SAFE_CHAR_BUF(arr_x, BUF_LEN);
mpz_get_str(arr_x, 16, session_key->x); mpz_get_str(arr_x, 16, session_key->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){ for (int i = 0; i < n_zeroes; i++) {
common_key[i] = '0'; common_key[i] = '0';
} }
strncpy(common_key + n_zeroes, arr_x, strlen(arr_x)); strncpy(common_key + n_zeroes, arr_x, strlen(arr_x));
common_key[64] = 0; common_key[64] = 0;
ret = 0;
clean:
mpz_clear(skey); mpz_clear(skey);
point_clear(pub_keyB); point_clear(pub_keyB);
point_clear(session_key); point_clear(session_key);
domain_parameters_clear(curve);
free(pb_keyB_x); return ret;
free(pb_keyB_y);
} }
void session_key_recover(const char *skey_str, const char* sshare, char* common_key) { int session_key_recover(const char *skey_str, const char *sshare, char *common_key) {
char* pb_keyB_x = (char*)calloc(65, 1);
int ret = -1;
if (!common_key) {
LOG_ERROR("session_key_recover: Null common_key");
goto clean;
}
common_key[0] = 0;
if (!skey_str) {
LOG_ERROR("session_key_recover: Null skey_str");
goto clean;
}
if (!sshare) {
LOG_ERROR("session_key_recover: Null sshare");
goto clean;
}
SAFE_CHAR_BUF(pb_keyB_x, 65);
strncpy(pb_keyB_x, sshare + 64, 64); strncpy(pb_keyB_x, sshare + 64, 64);
pb_keyB_x[64] = 0; pb_keyB_x[64] = 0;
char* pb_keyB_y = (char*)calloc(65, 1); SAFE_CHAR_BUF(pb_keyB_y, 65);
strncpy(pb_keyB_y, sshare + 128, 64); strncpy(pb_keyB_y, sshare + 128, 64);
pb_keyB_y[64] = 0; pb_keyB_y[64] = 0;
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
if (mpz_set_str(skey, skey_str, 16) == -1) { point pub_keyB = point_init();
common_key = NULL; point session_key = point_init();
mpz_clear(skey);
domain_parameters_clear(curve);
free(pb_keyB_x);
free(pb_keyB_y);
return; if (mpz_set_str(skey, skey_str, 16) == -1) {
goto clean;
} }
point pub_keyB = point_init();
point_set_hex(pub_keyB, pb_keyB_x, pb_keyB_y); point_set_hex(pub_keyB, pb_keyB_x, pb_keyB_y);
point session_key = point_init();
point_multiplication(session_key, skey, pub_keyB, curve); point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2]; SAFE_CHAR_BUF(arr_x, BUF_LEN);
mpz_get_str(arr_x, 16, session_key->x); mpz_get_str(arr_x, 16, session_key->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){ for (int i = 0; i < n_zeroes; i++) {
common_key[i] = '0'; common_key[i] = '0';
} }
strncpy(common_key + n_zeroes, arr_x, strlen(arr_x)); strncpy(common_key + n_zeroes, arr_x, strlen(arr_x));
ret = 0;
clean:
mpz_clear(skey); mpz_clear(skey);
point_clear(pub_keyB); point_clear(pub_keyB);
point_clear(session_key); point_clear(session_key);
domain_parameters_clear(curve);
free(pb_keyB_x); return ret;
free(pb_keyB_y);
} }
void xor_encrypt(char* key, char* message, char* cypher) { int xor_encrypt(char *key, char *message, char *cypher) {
uint8_t cypher_bin[33];
uint8_t* key_bin = (uint8_t*)calloc(33,1); int ret = -1;
uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){
cypher = NULL;
free(key_bin);
return;
}
uint64_t msg_length; if (!cypher) {
uint8_t msg_bin[33]; LOG_ERROR("xor_encrypt: null cypher");
if (!hex2carray(message, &msg_length, msg_bin)){ goto clean;
cypher = NULL; }
free(key_bin);
return;
}
for (int i = 0; i < 32; i++){ if (!key) {
cypher_bin[i] = msg_bin[i] ^ key_bin[i]; LOG_ERROR("xor_encrypt: null key");
} goto clean;
}
carray2Hex(cypher_bin, 32, cypher); if (!message) {
LOG_ERROR("xor_encrypt: null message");
goto clean;
}
free(key_bin); SAFE_CHAR_BUF(cypher_bin, 33);
} SAFE_CHAR_BUF(key_bin, 33);
uint64_t key_length;
void xor_decrypt(char* key, char* cypher, char* message) { if (!hex2carray(key, &key_length, key_bin)) {
goto clean;
}
uint64_t msg_length;
uint8_t msg_bin[33]; uint8_t msg_bin[33];
if (!hex2carray(message, &msg_length, msg_bin)) {
goto clean;
}
for (int i = 0; i < 32; i++) {
cypher_bin[i] = msg_bin[i] ^ key_bin[i];
}
carray2Hex(cypher_bin, 32, cypher);
ret = 0;
clean:
;
return ret;
}
int xor_decrypt(char *key, char *cypher, char *message) {
int ret = -1;
if (!cypher) {
LOG_ERROR("xor_encrypt: null cypher");
goto clean;
}
if (!key) {
LOG_ERROR("xor_encrypt: null key");
goto clean;
}
if (!message) {
LOG_ERROR("xor_encrypt: null message");
goto clean;
}
SAFE_CHAR_BUF(msg_bin,33);
SAFE_CHAR_BUF(key_bin,33)
uint8_t* key_bin = (uint8_t*)calloc(33,1);
uint64_t key_length; uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){ if (!hex2carray(key, &key_length, key_bin)) {
message = NULL; goto clean;
free(key_bin);
return;
} }
uint64_t cypher_length; uint64_t cypher_length;
uint8_t cypher_bin[33];
if (!hex2carray(cypher, &cypher_length, cypher_bin)){ SAFE_CHAR_BUF(cypher_bin, 33);
message = NULL; if (!hex2carray(cypher, &cypher_length, cypher_bin)) {
free(key_bin); goto clean;
return;
} }
for (int i = 0; i < 32; i++){ for (int i = 0; i < 32; i++) {
msg_bin[i] = cypher_bin[i] ^ key_bin[i]; msg_bin[i] = cypher_bin[i] ^ key_bin[i];
} }
carray2Hex(msg_bin, 32, message); carray2Hex(msg_bin, 32, message);
free(key_bin); ret = 0;
clean:
;
return ret;
} }
...@@ -24,12 +24,12 @@ ...@@ -24,12 +24,12 @@
#ifndef SGXD_DRIVE_KEY_DKG_H #ifndef SGXD_DRIVE_KEY_DKG_H
#define SGXD_DRIVE_KEY_DKG_H #define SGXD_DRIVE_KEY_DKG_H
void gen_session_key(char* skey, char* pub_keyB, char* common_key); int gen_session_key(char* skey, char* pub_keyB, char* common_key);
void session_key_recover(const char *skey_str, const char* sshare, char* common_key); int session_key_recover(const char *skey_str, const char* sshare, char* common_key);
void xor_encrypt(char* key, char* message, char* cypher); int xor_encrypt(char* key, char* message, char* cypher);
void xor_decrypt(char* key, char* cypher, char* message); int xor_decrypt(char* key, char* cypher, char* message);
#endif //SGXD_DRIVE_KEY_DKG_H #endif //SGXD_DRIVE_KEY_DKG_H
...@@ -47,58 +47,79 @@ using namespace std; ...@@ -47,58 +47,79 @@ using namespace std;
string stringFromFr(const libff::alt_bn128_Fr &_el) { string stringFromFr(const libff::alt_bn128_Fr &_el) {
string ret = "";
mpz_t t;
mpz_init(t);
try { try {
mpz_t t;
mpz_init(t);
_el.as_bigint().to_mpz(t); _el.as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2]; SAFE_CHAR_BUF(arr, BUF_LEN);
char *tmp = mpz_get_str(arr, 10, t); char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return string(tmp);
ret = string(tmp);
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return ""; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return ""; goto clean;
} }
clean:
mpz_clear(t);
return ret;
} }
template<class T> template<class T>
string ConvertToString(const T &field_elem, int base = 10) { string ConvertToString(const T &field_elem, int base = 10) {
string ret;
mpz_t t;
mpz_init(t);
try { try {
mpz_t t;
mpz_init(t);
field_elem.as_bigint().to_mpz(t); field_elem.as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, base) + 2]; SAFE_CHAR_BUF(arr, BUF_LEN);
char *tmp = mpz_get_str(arr, base, t); char *tmp = mpz_get_str(arr, base, t);
mpz_clear(t);
string output = tmp;
return output; ret = string(tmp);
goto clean;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return ""; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return ""; goto clean;
} }
clean:
mpz_clear(t);
return ret;
} }
string ConvertG2ToString(const libff::alt_bn128_G2 &elem, int base = 10, const string &delim = ":") { string ConvertG2ToString(const libff::alt_bn128_G2 &elem, int base = 10, const string &delim = ":") {
string result = "";
try { try {
string result;
result += ConvertToString(elem.X.c0); result += ConvertToString(elem.X.c0);
result += delim; result += delim;
result += ConvertToString(elem.X.c1); result += ConvertToString(elem.X.c1);
...@@ -107,23 +128,28 @@ string ConvertG2ToString(const libff::alt_bn128_G2 &elem, int base = 10, const s ...@@ -107,23 +128,28 @@ string ConvertG2ToString(const libff::alt_bn128_G2 &elem, int base = 10, const s
result += delim; result += delim;
result += ConvertToString(elem.Y.c1); result += ConvertToString(elem.Y.c1);
return result; goto clean;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return nullptr; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return nullptr; goto clean;
} }
clean:
return result;
} }
vector <libff::alt_bn128_Fr> SplitStringToFr(const char *coeffs, const char symbol) { vector <libff::alt_bn128_Fr> SplitStringToFr(const char *coeffs, const char symbol) {
vector <libff::alt_bn128_Fr> tokens; vector <libff::alt_bn128_Fr> result;
string str(coeffs);
string delim;
try { try {
string str(coeffs);
string delim;
delim.push_back(symbol); delim.push_back(symbol);
size_t prev = 0, pos = 0; size_t prev = 0, pos = 0;
...@@ -133,25 +159,31 @@ vector <libff::alt_bn128_Fr> SplitStringToFr(const char *coeffs, const char symb ...@@ -133,25 +159,31 @@ vector <libff::alt_bn128_Fr> SplitStringToFr(const char *coeffs, const char symb
string token = str.substr(prev, pos - prev); string token = str.substr(prev, pos - prev);
if (!token.empty()) { if (!token.empty()) {
libff::alt_bn128_Fr coeff(token.c_str()); libff::alt_bn128_Fr coeff(token.c_str());
tokens.push_back(coeff); result.push_back(coeff);
} }
prev = pos + delim.length(); prev = pos + delim.length();
} while (pos < str.length() && prev < str.length()); } while (pos < str.length() && prev < str.length());
return tokens; goto clean;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return tokens; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return tokens; goto clean;
} }
clean:
return result;
} }
int gen_dkg_poly(char *secret, unsigned _t) { int gen_dkg_poly(char *secret, unsigned _t) {
int status = 1;
string result;
try { try {
string result;
for (size_t i = 0; i < _t; ++i) { for (size_t i = 0; i < _t; ++i) {
libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element(); libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element();
...@@ -164,42 +196,47 @@ int gen_dkg_poly(char *secret, unsigned _t) { ...@@ -164,42 +196,47 @@ int gen_dkg_poly(char *secret, unsigned _t) {
strncpy(secret, result.c_str(), result.length() + 1); strncpy(secret, result.c_str(), result.length() + 1);
if (strlen(secret) == 0) { if (strlen(secret) == 0) {
return 1; goto clean;
} }
return 0; status = 0;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return 1; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return 1; goto clean;
} }
clean:
return status;
} }
libff::alt_bn128_Fr PolynomialValue(const vector <libff::alt_bn128_Fr> &pol, libff::alt_bn128_Fr point, unsigned _t) { libff::alt_bn128_Fr PolynomialValue(const vector <libff::alt_bn128_Fr> &pol, libff::alt_bn128_Fr point, unsigned _t) {
libff::alt_bn128_Fr result = libff::alt_bn128_Fr::zero();
libff::alt_bn128_Fr value = libff::alt_bn128_Fr::zero();
try { try {
libff::alt_bn128_Fr pow = libff::alt_bn128_Fr::one(); libff::alt_bn128_Fr pow = libff::alt_bn128_Fr::one();
for (unsigned i = 0; i < pol.size(); ++i) { for (unsigned i = 0; i < pol.size(); ++i) {
value += pol[i] * pow; result += pol[i] * pow;
pow *= point; pow *= point;
} }
return value; goto clean;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return value; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return value; goto clean;
} }
clean:
return result;
} }
void calc_secret_shares(const char *decrypted_coeffs, void calc_secret_shares(const char *decrypted_coeffs,
...@@ -233,11 +270,13 @@ void calc_secret_shares(const char *decrypted_coeffs, ...@@ -233,11 +270,13 @@ void calc_secret_shares(const char *decrypted_coeffs,
int calc_secret_share(const char *decrypted_coeffs, char *s_share, int calc_secret_share(const char *decrypted_coeffs, char *s_share,
unsigned _t, unsigned _n, unsigned ind) { unsigned _t, unsigned _n, unsigned ind) {
int result = 1;
try { try {
char symbol = ':'; char symbol = ':';
vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol); vector <libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
if (poly.size() != _t) { if (poly.size() != _t) {
return 1; goto clean;
} }
libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t); libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
...@@ -246,15 +285,19 @@ int calc_secret_share(const char *decrypted_coeffs, char *s_share, ...@@ -246,15 +285,19 @@ int calc_secret_share(const char *decrypted_coeffs, char *s_share,
cur_share.insert(0, n_zeroes, '0'); cur_share.insert(0, n_zeroes, '0');
strncpy(s_share, cur_share.c_str(), cur_share.length() + 1); strncpy(s_share, cur_share.c_str(), cur_share.length() + 1);
return 0; result = 0;
goto clean;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return 1; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return 1; goto clean;
} }
clean:
return result;
} }
void calc_secret_shareG2_old(const char *decrypted_coeffs, char *s_shareG2, void calc_secret_shareG2_old(const char *decrypted_coeffs, char *s_shareG2,
...@@ -281,17 +324,20 @@ void calc_secret_shareG2_old(const char *decrypted_coeffs, char *s_shareG2, ...@@ -281,17 +324,20 @@ void calc_secret_shareG2_old(const char *decrypted_coeffs, char *s_shareG2,
int calc_secret_shareG2(const char *s_share, char *s_shareG2) { int calc_secret_shareG2(const char *s_share, char *s_shareG2) {
int result = 1;
mpz_t share;
mpz_init(share);
try { try {
mpz_t share;
mpz_init(share);
if (mpz_set_str(share, s_share, 16) == -1) { if (mpz_set_str(share, s_share, 16) == -1) {
mpz_clear(share); goto clean;
return 1;
} }
char arr[mpz_sizeinbase(share, 10) + 2]; SAFE_CHAR_BUF(arr, BUF_LEN);
char *share_str = mpz_get_str(arr, 10, share); char *share_str = mpz_get_str(arr, 10, share);
libff::alt_bn128_Fr secret_share(share_str); libff::alt_bn128_Fr secret_share(share_str);
...@@ -303,18 +349,22 @@ int calc_secret_shareG2(const char *s_share, char *s_shareG2) { ...@@ -303,18 +349,22 @@ int calc_secret_shareG2(const char *s_share, char *s_shareG2) {
string secret_shareG2_str = ConvertG2ToString(secret_shareG2); string secret_shareG2_str = ConvertG2ToString(secret_shareG2);
strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1); strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
result = 0;
mpz_clear(share); goto clean;
return 0;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return 1; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return 1; goto clean;
} }
clean:
mpz_clear(share);
return result;
} }
int calc_public_shares(const char *decrypted_coeffs, char *public_shares, int calc_public_shares(const char *decrypted_coeffs, char *public_shares,
......
...@@ -44,93 +44,117 @@ uint8_t *getThreadLocalDecryptedDkgPoly() { ...@@ -44,93 +44,117 @@ uint8_t *getThreadLocalDecryptedDkgPoly() {
string *stringFromKey(libff::alt_bn128_Fr *_key) { string *stringFromKey(libff::alt_bn128_Fr *_key) {
try { string *ret = nullptr;
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
_key->as_bigint().to_mpz(t); SAFE_CHAR_BUF(arr, BUF_LEN);
char arr[mpz_sizeinbase(t, 10) + 2]; try {
_key->as_bigint().to_mpz(t);
char *tmp = mpz_get_str(arr, 10, t); char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new string(tmp); if (!tmp) {
LOG_ERROR("stringFromKey: mpz_get_str failed");
goto clean;
}
ret = new string(tmp);
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return nullptr; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return nullptr; goto clean;
} }
clean:
mpz_clear(t);
return ret;
} }
string *stringFromFq(libff::alt_bn128_Fq *_fq) { string *stringFromFq(libff::alt_bn128_Fq *_fq) {
try {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t); string *ret = nullptr;
mpz_t t;
char arr[mpz_sizeinbase(t, 10) + 2]; mpz_init(t);SAFE_CHAR_BUF(arr, BUF_LEN);
try {
_fq->as_bigint().to_mpz(t);
char *tmp = mpz_get_str(arr, 10, t); char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t); ret = new string(tmp);
return new string(tmp);
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return nullptr; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return nullptr; goto clean;
} }
clean:
mpz_clear(t);
return ret;
} }
string *stringFromG1(libff::alt_bn128_G1 *_g1) { string *stringFromG1(libff::alt_bn128_G1 *_g1) {
string *sX = nullptr;
string *sY = nullptr;
string *ret = nullptr;
try { try {
_g1->to_affine_coordinates(); _g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X); auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sG1 = new string(*sX + ":" + *sY); if (!sX) {
goto clean;
}
delete (sX); auto sY = stringFromFq(&_g1->Y);
delete (sY);
if (!sY) {
goto clean;
}
return sG1; ret = new string(*sX + ":" + *sY);
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return nullptr; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return nullptr; goto clean;
} }
clean:
SAFE_FREE(sX);
SAFE_FREE(sY);
return ret;
} }
libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) { libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) {
try {
mpz_t skey;
mpz_init(skey);
mpz_set_str(skey, _keyStringHex, 16);
char skey_dec[mpz_sizeinbase(skey, 10) + 2]; mpz_t skey;
mpz_get_str(skey_dec, 10, skey); mpz_init(skey);SAFE_CHAR_BUF(skey_dec, BUF_LEN);
mpz_clear(skey); libff::alt_bn128_Fr *ret = nullptr;
return new libff::alt_bn128_Fr(skey_dec);
} catch (exception &e) { mpz_set_str(skey, _keyStringHex, 16);
LOG_ERROR(e.what()); mpz_get_str(skey_dec, 10, skey);
return nullptr;
} catch (...) { ret = new libff::alt_bn128_Fr(skey_dec);
LOG_ERROR("Unknown throwable");
return nullptr; goto clean;
}
clean:
mpz_clear(skey);
return ret;
} }
int inited = 0; int inited = 0;
...@@ -149,11 +173,39 @@ void enclave_init() { ...@@ -149,11 +173,39 @@ void enclave_init() {
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString, bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
char *sig) { char *sig) {
bool ret = false;
libff::alt_bn128_Fr* key = nullptr;
string * r = nullptr;
if (!_keyString) {
LOG_ERROR("Null key string");
goto clean;
}
if (!_hashXString) {
LOG_ERROR("Null hashX");
goto clean;
}
if (!_hashYString) {
LOG_ERROR("Null hashY");
goto clean;
}
if (!sig) {
LOG_ERROR("Null sig");
goto clean;
}
try { try {
auto key = keyFromString(_keyString); auto key = keyFromString(_keyString);
if (key == nullptr) { if (!key) {
throw invalid_argument("Null key"); LOG_ERROR("Null key");
goto clean;
} }
libff::alt_bn128_Fq hashX(_hashXString); libff::alt_bn128_Fq hashX(_hashXString);
...@@ -164,8 +216,6 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char * ...@@ -164,8 +216,6 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
libff::alt_bn128_G1 sign = key->as_bigint() * hash; libff::alt_bn128_G1 sign = key->as_bigint() * hash;
delete key;
sign.to_affine_coordinates(); sign.to_affine_coordinates();
auto r = stringFromG1(&sign); auto r = stringFromG1(&sign);
...@@ -174,21 +224,25 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char * ...@@ -174,21 +224,25 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
strncpy(sig, r->c_str(), BUF_LEN); strncpy(sig, r->c_str(), BUF_LEN);
delete r; ret = true;
return true;
} catch (exception &e) { } catch (exception &e) {
LOG_ERROR(e.what()); LOG_ERROR(e.what());
return false; goto clean;
} catch (...) { } catch (...) {
LOG_ERROR("Unknown throwable"); LOG_ERROR("Unknown throwable");
return false; goto clean;
} }
clean:
SAFE_DELETE(key);
SAFE_DELETE(r);
return ret;
} }
void carray2Hex(const unsigned char *d, int _len, char* _hexArray) { void carray2Hex(const unsigned char *d, int _len, char *_hexArray) {
char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7', char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
......
...@@ -64,5 +64,9 @@ extern unsigned char* globalRandom; ...@@ -64,5 +64,9 @@ extern unsigned char* globalRandom;
extern domain_parameters curve; extern domain_parameters curve;
#define SAFE_FREE(__X__) if (__X__) {free(__X__); __X__ = NULL;}
#define SAFE_DELETE(__X__) if (__X__) {delete(__X__); __X__ = NULL;}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#endif //SGXWALLET_ENCLAVECOMMON_H #endif //SGXWALLET_ENCLAVECOMMON_H
...@@ -56,12 +56,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -56,12 +56,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "EnclaveConstants.h" #include "EnclaveConstants.h"
#include "EnclaveCommon.h" #include "EnclaveCommon.h"
#define SAFE_FREE(__X__) if (!__X__) {free(__X__); __X__ = NULL;}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define STRINGIFY(x) #x #define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x) #define TOSTRING(x) STRINGIFY(x)
#define INIT_ERROR_STATE *errString = 0; *errStatus = UNKNOWN_ERROR;
#define SET_SUCCESS *errStatus = 0;
#define CHECK_STATE(_EXPRESSION_) \ #define CHECK_STATE(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \ if (!(_EXPRESSION_)) { \
LOG_ERROR("State check failed::");LOG_ERROR(#_EXPRESSION_); \ LOG_ERROR("State check failed::");LOG_ERROR(#_EXPRESSION_); \
...@@ -78,6 +79,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -78,6 +79,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*errStatus = -1; \ *errStatus = -1; \
goto clean;} goto clean;}
#define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
};
#define CHECK_STATUS2(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__, status); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
};
void *(*gmp_realloc_func)(void *, size_t, size_t); void *(*gmp_realloc_func)(void *, size_t, size_t);
...@@ -150,7 +165,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) { ...@@ -150,7 +165,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return (void *) nptr; return (void *) nptr;
} }
void get_global_random(unsigned char *_randBuff, uint64_t _size) { void get_global_random(unsigned char *_randBuff, uint64_t _size) {
char errString[BUF_LEN]; char errString[BUF_LEN];
...@@ -163,7 +177,6 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) { ...@@ -163,7 +177,6 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
CHECK_STATE(_size <= 32) CHECK_STATE(_size <= 32)
CHECK_STATE(_randBuff); CHECK_STATE(_randBuff);
sgx_sha_state_handle_t shaStateHandle; sgx_sha_state_handle_t shaStateHandle;
CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS); CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
...@@ -176,25 +189,14 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) { ...@@ -176,25 +189,14 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
} }
void trustedGenerateSEK(int *errStatus, char *errString, void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_SEK); CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex); CHECK_STATE(SEK_hex);
CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
SAFE_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);; SAFE_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);;
...@@ -209,12 +211,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -209,12 +211,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { CHECK_STATUS("seal SEK failed");
snprintf(errString, BUF_LEN, "seal SEK failed");
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
*enc_len = sealedLen; *enc_len = sealedLen;
...@@ -224,39 +221,29 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -224,39 +221,29 @@ void trustedGenerateSEK(int *errStatus, char *errString,
} }
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_SEK); CHECK_STATE(encrypted_SEK);
SAFE_CHAR_BUF(aes_key_hex, BUF_LEN); SAFE_CHAR_BUF(aes_key_hex, BUF_LEN);
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len); (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) {
*errStatus = status; CHECK_STATUS2("sgx unseal SEK failed with status %d");
snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
uint64_t len; uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
*errStatus = 0; hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
SET_SUCCESS
clean: clean:
; ;
} }
void trustedSetSEK_backup(int *errStatus, char *errString, void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_SEK); CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex); CHECK_STATE(SEK_hex);
...@@ -268,43 +255,40 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -268,43 +255,40 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *) SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); CHECK_STATUS2("seal SEK failed with status %d")
*errStatus = status;
LOG_ERROR(errString);
}
*enc_len = sealedLen; *enc_len = sealedLen;
*errStatus = 0; SET_SUCCESS
clean:
;
} }
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y); CHECK_STATE(pub_key_y);
SAFE_CHAR_BUF(rand_char, 32); SAFE_CHAR_BUF(rand_char, 32);
get_global_random(rand_char, 32);
mpz_t seed; mpz_t seed;
mpz_init(seed); mpz_init(seed);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
mpz_mod(skey, seed, curve->p);
mpz_clear(seed);
//Public key
point Pkey = point_init(); point Pkey = point_init();
get_global_random(rand_char, 32);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
mpz_mod(skey, seed, curve->p);
signature_extract_public_key(Pkey, skey, curve); signature_extract_public_key(Pkey, skey, curve);
int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;SAFE_CHAR_BUF(arr_x, BUF_LEN); int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;SAFE_CHAR_BUF(arr_x, BUF_LEN);
...@@ -334,29 +318,18 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -334,29 +318,18 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
skey_str[ECDSA_SKEY_LEN - 1] = 0; skey_str[ECDSA_SKEY_LEN - 1] = 0;
snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str)); snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
int stat = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN); int status = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
CHECK_STATUS("ecdsa private key encryption failed");
if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat;
LOG_ERROR(errString);
goto clean;
}
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN); status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
if (stat != 0) { CHECK_STATUS2("ecdsa private key decr failed with status %d");
snprintf(errString, BUF_LEN, "ecdsa private key decr failed with status %d", stat);
*errStatus = stat;
LOG_ERROR(errString);
goto clean;
}
*errStatus = 0;
SET_SUCCESS
clean: clean:
mpz_clear(seed);
mpz_clear(skey); mpz_clear(skey);
point_clear(Pkey); point_clear(Pkey);
} }
...@@ -364,43 +337,27 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -364,43 +337,27 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_x);
CHECK_STATE(pub_key_y); CHECK_STATE(pub_key_y);
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t privateKeyMpz; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz); mpz_init(privateKeyMpz);
//Public key
point Pkey = point_init(); point Pkey = point_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; CHECK_STATUS2("AES_decrypt failed with status %d");
if (status != 0) {
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(errString, skey, 1024); strncpy(errString, skey, 1024);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { status = mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE);
snprintf(errString, BUF_LEN, "wrong string to init private key");
LOG_ERROR(errString);
*errStatus = -10;
goto clean;
}
CHECK_STATUS("mpz_set_str failed for private key");
signature_extract_public_key(Pkey, privateKeyMpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
...@@ -433,8 +390,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -433,8 +390,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
*errStatus = 0; SET_SUCCESS
clean: clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
point_clear(Pkey); point_clear(Pkey);
...@@ -447,8 +403,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -447,8 +403,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0; INIT_ERROR_STATE
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(hash); CHECK_STATE(hash);
...@@ -465,12 +420,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -465,12 +420,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != 0) { CHECK_STATUS2("aes decrypt failed with status %d");
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
LOG_ERROR(status);
goto clean;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
...@@ -481,7 +431,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -481,7 +431,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
goto clean; goto clean;
} }
if (mpz_set_str(msgMpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "invalid message hash");
...@@ -523,8 +472,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -523,8 +472,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*sig_v = sign->v; *sig_v = sign->v;
*errStatus = 0; SET_SUCCESS
clean: clean:
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
...@@ -544,26 +492,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -544,26 +492,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN); int status = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
if (stat != 0) {
*errStatus = stat; CHECK_STATUS2("AES encrypt failed with status %d");
snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
LOG_ERROR(errString);
goto clean;
}
*enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
SAFE_CHAR_BUF(decryptedKey, BUF_LEN); SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
if (stat != 0) { CHECK_STATUS2("trustedDecryptKey failed with status %d");
*errStatus = stat;
snprintf(errString, BUF_LEN, "trustedDecryptKey failed with status %d", stat);
LOG_ERROR(errString);
goto clean;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
...@@ -581,8 +520,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -581,8 +520,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
goto clean; goto clean;
} }
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
} }
...@@ -591,9 +529,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -591,9 +529,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(key); CHECK_STATE(key);
...@@ -619,20 +555,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -619,20 +555,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
goto clean; goto clean;
} }
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
} }
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(_hashX); CHECK_STATE(_hashX);
...@@ -641,15 +573,9 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -641,15 +573,9 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN); SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN);
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
if (status != 0) { CHECK_STATUS("AES decrypt failed")
*errStatus = status;
strncpy(errString, "AES decrypt failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
}
enclave_sign(key, _hashX, _hashY, sig); enclave_sign(key, _hashX, _hashY, sig);
...@@ -662,39 +588,27 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -662,39 +588,27 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
goto clean; goto clean;
} }
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
} }
void void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(encrypted_dkg_secret);
SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH); SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH);
int status = gen_dkg_poly(dkg_secret, _t);
if (gen_dkg_poly(dkg_secret, _t) != 0) { CHECK_STATUS("gen_dkg_poly failed")
*errStatus = -1;
strncpy(errString, "gen_dkg_poly failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
}
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN); status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
if (status != SGX_SUCCESS) { CHECK_STATUS("SGX AES encrypt DKG poly failed");
snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
...@@ -702,12 +616,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s ...@@ -702,12 +616,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret, status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
DKG_BUFER_LENGTH); DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed"); CHECK_STATUS("aes decrypt dkg poly failed");
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
if (strcmp(dkg_secret, decr_dkg_secret) != 0) { if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(errString, BUF_LEN, snprintf(errString, BUF_LEN,
...@@ -717,8 +627,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s ...@@ -717,8 +627,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
goto clean; goto clean;
} }
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
} }
...@@ -727,11 +636,8 @@ void ...@@ -727,11 +636,8 @@ void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint32_t enc_len, uint32_t enc_len,
uint8_t *decrypted_dkg_secret) { uint8_t *decrypted_dkg_secret) {
LOG_INFO(__FUNCTION__);
*errString = 0; INIT_ERROR_STATE
*errStatus = UNKNOWN_ERROR;
LOG_DEBUG(__FUNCTION__);
CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(decrypted_dkg_secret); CHECK_STATE(decrypted_dkg_secret);
...@@ -739,14 +645,9 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d ...@@ -739,14 +645,9 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret, int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
3072); 3072);
if (status != SGX_SUCCESS) { CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d")
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
...@@ -754,26 +655,19 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d ...@@ -754,26 +655,19 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) { void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0;
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_poly); CHECK_STATE(encrypted_poly);
memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH); memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(), int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
DKG_BUFER_LENGTH); DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) { CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d")
*errStatus = -1;
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
*errStatus = 0;
SET_SUCCESS
clean: clean:
; ;
} }
...@@ -783,9 +677,10 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -783,9 +677,10 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
uint8_t ind) { uint8_t ind) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
*errString = 0; uint32_t enc_len;
*errStatus = UNKNOWN_ERROR; int status;
CHECK_STATE(encrypted_skey); CHECK_STATE(encrypted_skey);
CHECK_STATE(result_str); CHECK_STATE(result_str);
...@@ -798,61 +693,43 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -798,61 +693,43 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN); SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
uint32_t enc_len;
int status;
trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (status != 0) { CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
snprintf(errString, BUF_LEN, "trustedGenerateEcdsaKeyAES failed");
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN); status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) { CHECK_STATUS2("AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d");
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d",
status);
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
*dec_len = enc_len; *dec_len = enc_len;
SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
gen_session_key(skey, pub_keyB, common_key);
status = gen_session_key(skey, pub_keyB, common_key);
CHECK_STATUS("gen_session_key failed")
SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
if (calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind) != 0) { status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
*errStatus = -1; CHECK_STATUS("calc secret share failed")
snprintf(errString, BUF_LEN, "calc secret share failed");
LOG_ERROR(errString);
goto clean;
}
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1; status = calc_secret_shareG2(s_share, s_shareG2);
snprintf(errString, BUF_LEN, "invalid decr secret share"); CHECK_STATUS("invalid decr secret share");
LOG_ERROR(errString);
goto clean;
}
SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
xor_encrypt(common_key, s_share, cypher); status=xor_encrypt(common_key, s_share, cypher);
CHECK_STATUS("xor_encrypt failed")
strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
...@@ -861,10 +738,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -861,10 +738,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
*errString = 0; INIT_ERROR_STATE
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(public_shares); CHECK_STATE(public_shares);
...@@ -875,21 +751,12 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt ...@@ -875,21 +751,12 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret, int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
DKG_MAX_SEALED_LEN); DKG_MAX_SEALED_LEN);
if (status != SGX_SUCCESS) { CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d");
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { status = calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0;
*errStatus = -1; CHECK_STATUS("t does not match polynomial in db");
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
LOG_ERROR(errString);
goto clean;
}
*errStatus = 0; SET_SUCCESS
clean: clean:
; ;
...@@ -897,11 +764,9 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt ...@@ -897,11 +764,9 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG(__FUNCTION__); LOG_INFO(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
INIT_ERROR_STATE
CHECK_STATE(public_shares); CHECK_STATE(public_shares);
CHECK_STATE(s_share); CHECK_STATE(s_share);
...@@ -914,12 +779,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha ...@@ -914,12 +779,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) { CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
...@@ -927,34 +787,35 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha ...@@ -927,34 +787,35 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
session_key_recover(skey, s_share, common_key); status = session_key_recover(skey, s_share, common_key);
CHECK_STATUS("session_key_recover failed");
SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN);
xor_decrypt(common_key, encr_sshare, decr_sshare); status=xor_decrypt(common_key, encr_sshare, decr_sshare);
if (mpz_set_str(s, decr_sshare, 16) == -1) { CHECK_STATUS("xor_decrypt failed")
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decr secret share");
LOG_ERROR(errString);
goto clean;
}
*result = Verification(public_shares, s, _t, _ind);
*errStatus = 0; status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind);
SET_SUCCESS
clean: clean:
mpz_clear(s); mpz_clear(s);
} }
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
uint32_t *enc_bls_key_len) { uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__);
*errString = 0; LOG_INFO(__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
INIT_ERROR_STATE
CHECK_STATE(s_shares); CHECK_STATE(s_shares);
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
...@@ -975,12 +836,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -975,12 +836,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) { CHECK_STATUS2("aes decrypt failed with status %d");
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
...@@ -995,11 +851,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -995,11 +851,20 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
s_share[192] = 0; s_share[192] = 0;
SAFE_CHAR_BUF(common_key, 65); SAFE_CHAR_BUF(common_key, 65);
session_key_recover(skey, s_share, common_key);
status = session_key_recover(skey, s_share, common_key);
CHECK_STATUS("session_key_recover failed");
common_key[64] = 0; common_key[64] = 0;
SAFE_CHAR_BUF(decr_sshare, 65); SAFE_CHAR_BUF(decr_sshare, 65);
xor_decrypt(common_key, encr_sshare, decr_sshare);
status = xor_decrypt(common_key, encr_sshare, decr_sshare);
CHECK_STATUS("xor_decrypt failed");
decr_sshare[64] = 0; decr_sshare[64] = 0;
...@@ -1035,18 +900,13 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1035,18 +900,13 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
status = AES_encrypt(key_share, encr_bls_key, BUF_LEN); status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
if (status != SGX_SUCCESS) { CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
*errStatus = -1;
snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
LOG_ERROR(errString);
goto clean;
}
*enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
*errStatus = 0; SET_SUCCESS
clean: clean:
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
...@@ -1057,8 +917,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -1057,8 +917,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
char *bls_pub_key) { char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errString = 0; INIT_ERROR_STATE
*errStatus = UNKNOWN_ERROR;
CHECK_STATE(bls_pub_key); CHECK_STATE(bls_pub_key);
CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encryptedPrivateKey);
...@@ -1066,25 +925,16 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -1066,25 +925,16 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
*errStatus = 1; CHECK_STATUS2("AES decrypt failed %d");
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
skey_hex[ECDSA_SKEY_LEN - 1] = 0; skey_hex[ECDSA_SKEY_LEN - 1] = 0;
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { status = calc_bls_public_key(skey_hex, bls_pub_key);
LOG_ERROR(skey_hex);
*errStatus = -1;
snprintf(errString, BUF_LEN, "could not calculate bls public key");
LOG_ERROR(errString);
goto clean;
}
*errStatus = 0; CHECK_STATUS("could not calculate bls public key");
SET_SUCCESS
clean: clean:
; ;
} }
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment