Skip to content

S
sgxwallet
Unverified Commit 61998ed5 authored by svetaro's avatar svetaro
Browse files
Options

SKALE-1795 Add flag to run SGXWallet on http

parent c7b12196
Hide whitespace changes
Inline Side-by-side
Showing with 136 additions and 80 deletions
DKGCrypto.cpp
View file @ 61998ed5
......@@ -295,22 +295,22 @@ bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const
//std::cerr << "BEFORE create_bls_key IN ENCLAVE " << std::endl;
create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
//std::cerr << "AFTER create_bls_key IN ENCLAVE er msg is " << errMsg1 << std::endl;
if ( err_status != 0){
std::cerr << "ERROR IN ENCLAVE" << std::endl;
throw RPCException(ERROR_IN_ENCLAVE, "Something failed in enclave");
return false;
throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
}
else {
char *hexBLSKey = (char *) calloc(2 * BUF_LEN, 1);
std::cerr << "BEFORE carray2Hex" << std::endl;
//std::cerr << "BEFORE carray2Hex" << std::endl;
//std::cerr << "enc_bls_len " << enc_bls_len << std::endl;
carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey);
std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
// std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
writeDataToDB(BLSKeyName, hexBLSKey);
std::cerr << "hexBLSKey length is " << strlen(hexBLSKey) << std::endl;
std::cerr << "bls key " << BLSKeyName << " is " << hexBLSKey << std::endl;
if (DEBUG_PRINT) {
std::cerr << "hexBLSKey length is " << strlen(hexBLSKey) << std::endl;
std::cerr << "bls key " << BLSKeyName << " is " << hexBLSKey << std::endl;
}
free(hexBLSKey);
return true;
}
......@@ -331,13 +331,21 @@ std::vector<std::string> GetBLSPubKey(const char * encryptedKeyHex){
// std::cerr << encr_key[i] << " ";
char pub_key[320];
std::cerr << "dec_key_len is " << dec_key_len << std::endl;
if (DEBUG_PRINT) {
std::cerr << "dec_key_len is " << dec_key_len << std::endl;
}
get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
std::cerr << "errMsg1 is " << errMsg1 << std::endl;
if ( err_status != 0){
throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
}
std::vector<std::string> pub_key_vect = SplitString(pub_key, ':');
std::cerr << "pub key is" << std::endl;
for ( int i = 0; i < 4; i++)
std::cerr << pub_key_vect.at(i) << std::endl;
if (DEBUG_PRINT) {
std::cerr << "errMsg1 is " << errMsg1 << std::endl;
std::cerr << "pub key is" << std::endl;
for (int i = 0; i < 4; i++)
std::cerr << pub_key_vect.at(i) << std::endl;
}
return pub_key_vect;
}
......@@ -348,7 +356,9 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
std::string DH_key_name = polyName + "_" + std::to_string(ind) + ":";
std::shared_ptr<std::string> hexEncrKey_ptr = readFromDb(DH_key_name, "DKG_DH_KEY_");
std::cerr << "encr DH key is " << hexEncrKey_ptr << std::endl;
if (DEBUG_PRINT) {
std::cerr << "encr DH key is " << hexEncrKey_ptr << std::endl;
}
char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
......@@ -361,7 +371,9 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
char DHKey[ECDSA_SKEY_LEN];
decrypt_key(eid, &err_status, errMsg1, encrypted_DHkey, DH_enc_len, DHKey);
if (err_status != 0){
throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
}
free(errMsg1);
free(hexEncrKey);
......
SGXRegistrationServer.cpp
View file @ 61998ed5
......@@ -44,6 +44,7 @@
#include "LevelDB.h"
int DEBUG_PRINT = 0;
int is_sgx_https = 1;
SGXRegistrationServer *regs = nullptr;
HttpServer *hs2 = nullptr;
......
SGXWalletServer.cpp
View file @ 61998ed5
......@@ -78,59 +78,59 @@ void debug_print(){
levelDb->visitKeys(&v, 100000000);
}
//int init_server(bool check_certs) {
// std::string rootCAPath = "cert/rootCA.pem";
// std::string keyCAPath = "cert/rootCA.key";
//
// if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
// std::cerr << "YOU DO NOT HAVE ROOT CA CERTIFICATE" << std::endl;
// std::cerr << "ROOT CA CERTIFICATE IS GOING TO BE CREATED" << std::endl;
//
// std::string genRootCACert = "cd cert && ./create_CA";
//
// if (system(genRootCACert.c_str()) == 0){
// std::cerr << "ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
// }
// else{
// std::cerr << "ROOT CA CERTIFICATE GENERATION FAILED" << std::endl;
// exit(-1);
// }
// }
//
// std::string certPath = "cert/SGXServerCert.crt";
// std::string keyPath = "cert/SGXServerCert.key";
//
// if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
// std::cerr << "YOU DO NOT HAVE SERVER CERTIFICATE " << std::endl;
// std::cerr << "SERVER CERTIFICATE IS GOING TO BE CREATED" << std::endl;
//
// std::string genCert = "cd cert && ./create_server_cert";
//
// if (system(genCert.c_str()) == 0){
// std::cerr << "SERVER CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
// }
// else{
// std::cerr << "SERVER CERTIFICATE GENERATION FAILED" << std::endl;
// exit(-1);
// }
// }
//
// hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
// s = new SGXWalletServer(*hs,
// JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
//
// if (!s->StartListening()) {
// cerr << "SGX Server could not start listening" << endl;
// exit(-1);
// }
// else{
// cerr << "SGX Server started on port " << BASE_PORT << endl;
// }
// return 0;
//}
int init_server(bool check_certs) { //without ssl
int init_https_server(bool check_certs) {
std::string rootCAPath = "cert/rootCA.pem";
std::string keyCAPath = "cert/rootCA.key";
if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
std::cerr << "YOU DO NOT HAVE ROOT CA CERTIFICATE" << std::endl;
std::cerr << "ROOT CA CERTIFICATE IS GOING TO BE CREATED" << std::endl;
std::string genRootCACert = "cd cert && ./create_CA";
if (system(genRootCACert.c_str()) == 0){
std::cerr << "ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
}
else{
std::cerr << "ROOT CA CERTIFICATE GENERATION FAILED" << std::endl;
exit(-1);
}
}
std::string certPath = "cert/SGXServerCert.crt";
std::string keyPath = "cert/SGXServerCert.key";
if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
std::cerr << "YOU DO NOT HAVE SERVER CERTIFICATE " << std::endl;
std::cerr << "SERVER CERTIFICATE IS GOING TO BE CREATED" << std::endl;
std::string genCert = "cd cert && ./create_server_cert";
if (system(genCert.c_str()) == 0){
std::cerr << "SERVER CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
}
else{
std::cerr << "SERVER CERTIFICATE GENERATION FAILED" << std::endl;
exit(-1);
}
}
hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
s = new SGXWalletServer(*hs,
JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
if (!s->StartListening()) {
cerr << "SGX Server could not start listening" << endl;
exit(-1);
}
else{
cerr << "SGX Server started on port " << BASE_PORT << endl;
}
return 0;
}
int init_http_server() { //without ssl
hs = new HttpServer(BASE_PORT + 3);
s = new SGXWalletServer(*hs,
......@@ -193,6 +193,17 @@ Json::Value blsSignMessageHashImpl(const std::string &keyShareName, const std::s
if ( !checkName(keyShareName, "BLS_KEY")){
throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
}
std::string cutHash = messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x'||cutHash[1] == 'X')){
cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
}
while (cutHash[0] == '0'){
cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
}
if ( !checkHex(cutHash)){
throw RPCException(INVALID_HEX, "Invalid hash");
}
value = readFromDb(keyShareName);
} catch (RPCException _e) {
......@@ -623,8 +634,10 @@ Json::Value GetBLSPublicKeyShareImpl(const std::string & BLSKeyName){
throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
}
std::shared_ptr<std::string> encryptedKeyHex_ptr = readFromDb(BLSKeyName);
std::cerr << "encr_bls_key_share is " << *encryptedKeyHex_ptr << std::endl;
std::cerr << "length is " << encryptedKeyHex_ptr->length()<< std::endl;
if (DEBUG_PRINT) {
std::cerr << "encr_bls_key_share is " << *encryptedKeyHex_ptr << std::endl;
std::cerr << "length is " << encryptedKeyHex_ptr->length() << std::endl;
}
std::vector<std::string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
for ( uint8_t i = 0; i < 4; i++) {
result["BLSPublicKeyShare"][i] = public_key_vect.at(i);
......
SGXWalletServer.h
View file @ 61998ed5
......@@ -31,7 +31,8 @@
#endif
EXTERNC int init_server(bool check_certs );
EXTERNC int init_https_server(bool check_certs );
EXTERNC int init_http_server();
......
ServerInit.cpp
View file @ 61998ed5
......@@ -123,9 +123,14 @@ void init_all(bool check_cert, bool sign_automatically) {
sgxServerInited = 1;
init_server(check_cert);
// init_registration_server(sign_automatically);
//init_csrmanager_server();
if (is_sgx_https) {
init_https_server(check_cert);
init_registration_server(sign_automatically);
init_csrmanager_server();
}
else {
init_http_server();
}
init_enclave();
std::cerr << "enclave inited" << std::endl;
init_daemon();
......
secure_enclave/DKGUtils.cpp
View file @ 61998ed5
......@@ -345,17 +345,18 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
}
void calc_bls_public_key(char* skey_hex, char* pub_key){
int calc_bls_public_key(char* skey_hex, char* pub_key){
libff::init_alt_bn128_params();
mpz_t skey;
mpz_init(skey);
mpz_set_str(skey, skey_hex, 16);
if (mpz_set_str(skey, skey_hex, 16) == -1){
return 1;
}
char skey_dec[mpz_sizeinbase (skey, 10) + 2];
char * skey_str = mpz_get_str(skey_dec, 10, skey);
libff::alt_bn128_Fr bls_skey(skey_dec);
libff::alt_bn128_G2 public_key = bls_skey * libff::alt_bn128_G2::one();
......@@ -364,6 +365,10 @@ void calc_bls_public_key(char* skey_hex, char* pub_key){
std::string result = ConvertG2ToString(public_key);
strncpy(pub_key, result.c_str(), result.length());
mpz_clear(skey);
return 0;
}
......
secure_enclave/DKGUtils.h
View file @ 61998ed5
......@@ -45,7 +45,7 @@ EXTERNC int calc_public_shares(const char* decrypted_koefs, char * public_shares
EXTERNC int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int ind);
EXTERNC void calc_bls_public_key(char* skey, char* pub_key);
EXTERNC int calc_bls_public_key(char* skey, char* pub_key);
EXTERNC void calc_secret_shareG2_old(const char* public_shares, char * s_shareG2,
unsigned _t, unsigned ind);
......
secure_enclave/secure_enclave.c
View file @ 61998ed5
......@@ -432,6 +432,7 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) {
*err_status = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return;
}
......@@ -797,6 +798,7 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
if (common_key == NULL){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
mpz_clear(sum);
return;
}
......@@ -809,7 +811,7 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
if (decr_sshare == NULL){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
mpz_clear(decr_secret_share);
mpz_clear(sum);
return;
}
//decr_sshare[64] = 0;
......@@ -885,7 +887,11 @@ void get_bls_pub_key(int *err_status, char* err_string, uint8_t* encrypted_key,
return;
}
calc_bls_public_key(skey_hex, bls_pub_key);
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0){
*err_status = -1;
snprintf(err_string, BUF_LEN,"could not calculate bls public key");
return;
}
}
......
sgxwallet.c
View file @ 61998ed5
......@@ -62,13 +62,14 @@ int main(int argc, char *argv[]) {
exit(1);
}
while ((opt = getopt(argc, argv, "cshd")) != -1) {
while ((opt = getopt(argc, argv, "cshd0")) != -1) {
switch (opt) {
case 'h':
if (strlen(argv[1]) == 2 ) {
fprintf(stderr, "-c client certificate will not be checked\n");
fprintf(stderr, "-s client certificate will be signed automatically\n");
printf(stderr, "-d turn on debug output\n");
printf(stderr, "-0 SGXWalletServer will be launched on http (not https)\n");
exit(0);
} else {
fprintf(stderr, "unknown flag %s\n", argv[1]);
......@@ -83,6 +84,9 @@ int main(int argc, char *argv[]) {
case 'd':
DEBUG_PRINT = 1;
break;
case '0':
is_sgx_https = 0;
break;
case '?': // fprintf(stderr, "unknown flag\n");
exit(1);
default:
......
sgxwallet_common.h
View file @ 61998ed5
......@@ -34,6 +34,7 @@
#include <stdbool.h>
extern int DEBUG_PRINT;
extern int is_sgx_https;
#define BUF_LEN 1024
......
testw.cpp
View file @ 61998ed5
......@@ -80,6 +80,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <thread>
std::string stringFromFr(libff::alt_bn128_Fr& el) {
mpz_t t;
......@@ -743,6 +745,7 @@ std::string ConvertDecToHex(std::string dec, int numBytes = 32){
TEST_CASE("BLS_DKG test", "[bls_dkg]") {
is_sgx_https = 0;
std::cerr<< "test started" << std::endl;
init_all(false, false);
cerr << "Server inited" << endl;
......@@ -866,6 +869,7 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
TEST_CASE("API test", "[api_test]") {
//DEBUG_PRINT = 1;
is_sgx_https = 0;
//std::cerr << __GNUC__ << std::endl;
cerr << "API test started" << endl;
init_all(false, false);
......@@ -971,6 +975,7 @@ TEST_CASE("API test", "[api_test]") {
}
TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
is_sgx_https = 0;
init_all( false, false );
HttpClient client("http://localhost:1029");
StubClient c(client, JSONRPC_CLIENT_V2);
......@@ -1044,6 +1049,7 @@ void SendRPCRequest(){
}
TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
is_sgx_https = 0;
init_all( false, false );
std::vector<std::thread> threads;
......@@ -1061,6 +1067,7 @@ TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
//DEBUG_PRINT = 1;
is_sgx_https = 0;
cerr << "ecdsa_api_test started" << endl;
init_all(false, false);
......@@ -1104,6 +1111,7 @@ TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
TEST_CASE("dkg API test", "[dkg_api_test]") {
// DEBUG_PRINT = 1;
is_sgx_https = 0;
cerr << "dkg_api_test started" << endl;
init_all(false, false);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment