SKALE-1795 Add flag to run SGXWallet on http

DKGCrypto.cpp

@@ -295,22 +295,22 @@ bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const
 
   //std::cerr << "BEFORE create_bls_key IN ENCLAVE " << std::endl;
   create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
-
   //std::cerr << "AFTER create_bls_key IN ENCLAVE er msg is  " << errMsg1 << std::endl;
   if ( err_status != 0){
      std::cerr << "ERROR IN ENCLAVE" << std::endl;
-     throw RPCException(ERROR_IN_ENCLAVE, "Something failed in enclave");
-     return false;
+     throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
   }
   else {
     char *hexBLSKey = (char *) calloc(2 * BUF_LEN, 1);
-    std::cerr << "BEFORE carray2Hex" << std::endl;
+    //std::cerr << "BEFORE carray2Hex" << std::endl;
       //std::cerr << "enc_bls_len " << enc_bls_len << std::endl;
     carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey);
-    std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
+   // std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
     writeDataToDB(BLSKeyName, hexBLSKey);
-    std::cerr << "hexBLSKey length is " << strlen(hexBLSKey) << std::endl;
-    std::cerr << "bls key " << BLSKeyName << " is " << hexBLSKey << std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "hexBLSKey length is " << strlen(hexBLSKey) << std::endl;
+      std::cerr << "bls key " << BLSKeyName << " is " << hexBLSKey << std::endl;
+    }
     free(hexBLSKey);
     return true;
   }
@@ -331,13 +331,21 @@ std::vector<std::string> GetBLSPubKey(const char * encryptedKeyHex){
 //      std::cerr << encr_key[i] << " ";
 
     char pub_key[320];
-    std::cerr << "dec_key_len is " << dec_key_len << std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "dec_key_len is " << dec_key_len << std::endl;
+    }
     get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
-    std::cerr << "errMsg1 is " << errMsg1 << std::endl;
+    if ( err_status != 0){
+      throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
+    }
     std::vector<std::string> pub_key_vect = SplitString(pub_key, ':');
-    std::cerr << "pub key is" << std::endl;
-    for ( int i = 0; i < 4; i++)
-      std::cerr << pub_key_vect.at(i) << std::endl;
+
+    if (DEBUG_PRINT) {
+      std::cerr << "errMsg1 is " << errMsg1 << std::endl;
+      std::cerr << "pub key is" << std::endl;
+      for (int i = 0; i < 4; i++)
+        std::cerr << pub_key_vect.at(i) << std::endl;
+    }
     return pub_key_vect;
 }
 
@@ -348,7 +356,9 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
 
   std::string DH_key_name = polyName + "_" + std::to_string(ind) + ":";
   std::shared_ptr<std::string> hexEncrKey_ptr = readFromDb(DH_key_name, "DKG_DH_KEY_");
-  std::cerr << "encr DH key is " << hexEncrKey_ptr << std::endl;
+  if (DEBUG_PRINT) {
+    std::cerr << "encr DH key is " << hexEncrKey_ptr << std::endl;
+  }
 
   char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
 
@@ -361,7 +371,9 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
   char DHKey[ECDSA_SKEY_LEN];
 
   decrypt_key(eid, &err_status, errMsg1, encrypted_DHkey, DH_enc_len, DHKey);
-
+  if (err_status != 0){
+    throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
+  }
 
   free(errMsg1);
   free(hexEncrKey);

SGXRegistrationServer.cpp

@@ -44,6 +44,7 @@
 #include "LevelDB.h"
 
 int DEBUG_PRINT = 0;
+int is_sgx_https = 1;
 
 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;

SGXWalletServer.cpp

@@ -78,59 +78,59 @@ void debug_print(){
   levelDb->visitKeys(&v, 100000000);
 }
 
-//int init_server(bool check_certs) {
-//  std::string rootCAPath = "cert/rootCA.pem";
-//  std::string keyCAPath = "cert/rootCA.key";
-//
-//  if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
-//    std::cerr << "YOU DO NOT HAVE ROOT CA CERTIFICATE" << std::endl;
-//    std::cerr << "ROOT CA CERTIFICATE IS GOING TO BE CREATED" << std::endl;
-//
-//    std::string genRootCACert = "cd cert && ./create_CA";
-//
-//    if (system(genRootCACert.c_str()) == 0){
-//      std::cerr << "ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
-//    }
-//    else{
-//      std::cerr << "ROOT CA CERTIFICATE GENERATION FAILED" << std::endl;
-//      exit(-1);
-//    }
-//  }
-//
-//  std::string certPath = "cert/SGXServerCert.crt";
-//  std::string keyPath = "cert/SGXServerCert.key";
-//
-//  if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
-//    std::cerr << "YOU DO NOT HAVE SERVER CERTIFICATE " << std::endl;
-//    std::cerr << "SERVER CERTIFICATE IS GOING TO BE CREATED" << std::endl;
-//
-//    std::string genCert = "cd cert && ./create_server_cert";
-//
-//    if (system(genCert.c_str()) == 0){
-//       std::cerr << "SERVER CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
-//    }
-//    else{
-//      std::cerr << "SERVER CERTIFICATE GENERATION FAILED" << std::endl;
-//      exit(-1);
-//    }
-//  }
-//
-//  hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
-//  s = new SGXWalletServer(*hs,
-//                      JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
-//
-//  if (!s->StartListening()) {
-//    cerr << "SGX Server could not start listening" << endl;
-//    exit(-1);
-//  }
-//  else{
-//    cerr << "SGX Server started on port " << BASE_PORT << endl;
-//  }
-//  return 0;
-//}
-
-
-int init_server(bool check_certs) { //without ssl
+int init_https_server(bool check_certs) {
+  std::string rootCAPath = "cert/rootCA.pem";
+  std::string keyCAPath = "cert/rootCA.key";
+
+  if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
+    std::cerr << "YOU DO NOT HAVE ROOT CA CERTIFICATE" << std::endl;
+    std::cerr << "ROOT CA CERTIFICATE IS GOING TO BE CREATED" << std::endl;
+
+    std::string genRootCACert = "cd cert && ./create_CA";
+
+    if (system(genRootCACert.c_str()) == 0){
+      std::cerr << "ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+    }
+    else{
+      std::cerr << "ROOT CA CERTIFICATE GENERATION FAILED" << std::endl;
+      exit(-1);
+    }
+  }
+
+  std::string certPath = "cert/SGXServerCert.crt";
+  std::string keyPath = "cert/SGXServerCert.key";
+
+  if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
+    std::cerr << "YOU DO NOT HAVE SERVER CERTIFICATE " << std::endl;
+    std::cerr << "SERVER CERTIFICATE IS GOING TO BE CREATED" << std::endl;
+
+    std::string genCert = "cd cert && ./create_server_cert";
+
+    if (system(genCert.c_str()) == 0){
+       std::cerr << "SERVER CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+    }
+    else{
+      std::cerr << "SERVER CERTIFICATE GENERATION FAILED" << std::endl;
+      exit(-1);
+    }
+  }
+
+  hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
+  s = new SGXWalletServer(*hs,
+                      JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
+
+  if (!s->StartListening()) {
+    cerr << "SGX Server could not start listening" << endl;
+    exit(-1);
+  }
+  else{
+    cerr << "SGX Server started on port " << BASE_PORT << endl;
+  }
+  return 0;
+}
+
+
+int init_http_server() { //without ssl
 
   hs = new HttpServer(BASE_PORT + 3);
   s = new SGXWalletServer(*hs,
@@ -193,6 +193,17 @@ Json::Value blsSignMessageHashImpl(const std::string &keyShareName, const std::s
       if ( !checkName(keyShareName, "BLS_KEY")){
         throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
       }
+      std::string cutHash = messageHash;
+      if (cutHash[0] == '0' && (cutHash[1] == 'x'||cutHash[1] == 'X')){
+        cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
+      }
+      while (cutHash[0] == '0'){
+        cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
+      }
+
+      if ( !checkHex(cutHash)){
+        throw RPCException(INVALID_HEX, "Invalid hash");
+      }
 
       value = readFromDb(keyShareName);
     } catch (RPCException _e) {
@@ -623,8 +634,10 @@ Json::Value GetBLSPublicKeyShareImpl(const std::string & BLSKeyName){
         throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
       }
       std::shared_ptr<std::string> encryptedKeyHex_ptr = readFromDb(BLSKeyName);
-      std::cerr << "encr_bls_key_share is " << *encryptedKeyHex_ptr << std::endl;
-      std::cerr << "length is " << encryptedKeyHex_ptr->length()<< std::endl;
+      if (DEBUG_PRINT) {
+        std::cerr << "encr_bls_key_share is " << *encryptedKeyHex_ptr << std::endl;
+        std::cerr << "length is " << encryptedKeyHex_ptr->length() << std::endl;
+      }
       std::vector<std::string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
       for ( uint8_t i = 0; i < 4; i++) {
         result["BLSPublicKeyShare"][i] = public_key_vect.at(i);

SGXWalletServer.h

@@ -31,7 +31,8 @@
 #endif
 
 
-EXTERNC int init_server(bool check_certs );
+EXTERNC int init_https_server(bool check_certs );
+EXTERNC int init_http_server();
 
 
 

ServerInit.cpp

@@ -123,9 +123,14 @@ void init_all(bool check_cert, bool sign_automatically) {
 
     sgxServerInited = 1;
 
-    init_server(check_cert);
-   // init_registration_server(sign_automatically);
-    //init_csrmanager_server();
+    if (is_sgx_https) {
+      init_https_server(check_cert);
+      init_registration_server(sign_automatically);
+      init_csrmanager_server();
+    }
+    else {
+      init_http_server();
+    }
     init_enclave();
     std::cerr << "enclave inited" << std::endl;
     init_daemon();

secure_enclave/DKGUtils.cpp

@@ -345,17 +345,18 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
 
 }
 
-void calc_bls_public_key(char* skey_hex, char* pub_key){
+int calc_bls_public_key(char* skey_hex, char* pub_key){
   libff::init_alt_bn128_params();
 
   mpz_t skey;
   mpz_init(skey);
-  mpz_set_str(skey, skey_hex, 16);
+  if (mpz_set_str(skey, skey_hex, 16) == -1){
+    return 1;
+  }
 
   char skey_dec[mpz_sizeinbase (skey, 10) + 2];
   char * skey_str = mpz_get_str(skey_dec, 10, skey);
 
-
   libff::alt_bn128_Fr bls_skey(skey_dec);
 
   libff::alt_bn128_G2 public_key = bls_skey * libff::alt_bn128_G2::one();
@@ -364,6 +365,10 @@ void calc_bls_public_key(char* skey_hex, char* pub_key){
   std::string result = ConvertG2ToString(public_key);
 
   strncpy(pub_key, result.c_str(), result.length());
+
+  mpz_clear(skey);
+
+  return 0;
 }
 
 

secure_enclave/DKGUtils.h

@@ -45,7 +45,7 @@ EXTERNC int calc_public_shares(const char* decrypted_koefs, char * public_shares
 
 EXTERNC int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int ind);
 
-EXTERNC void calc_bls_public_key(char* skey, char* pub_key);
+EXTERNC int calc_bls_public_key(char* skey, char* pub_key);
 
 EXTERNC void calc_secret_shareG2_old(const char* public_shares, char * s_shareG2,
                                  unsigned _t, unsigned ind);

secure_enclave/secure_enclave.c

@@ -432,6 +432,7 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
             (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
 
     if (status != SGX_SUCCESS) {
+        *err_status = status;
         snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
         return;
     }
@@ -797,6 +798,7 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
     if (common_key == NULL){
       *err_status = 1;
       snprintf(err_string, BUF_LEN ,"invalid common_key");
+      mpz_clear(sum);
       return;
     }
 
@@ -809,7 +811,7 @@ void create_bls_key(int *err_status, char* err_string, const char* s_shares,
     if (decr_sshare == NULL){
         *err_status = 1;
         snprintf(err_string, BUF_LEN ,"invalid common_key");
-        mpz_clear(decr_secret_share);
+        mpz_clear(sum);
         return;
     }
     //decr_sshare[64] = 0;
@@ -885,7 +887,11 @@ void get_bls_pub_key(int *err_status, char* err_string, uint8_t* encrypted_key,
     return;
   }
 
-  calc_bls_public_key(skey_hex, bls_pub_key);
+  if (calc_bls_public_key(skey_hex, bls_pub_key) != 0){
+    *err_status = -1;
+    snprintf(err_string, BUF_LEN,"could not calculate bls public key");
+    return;
+  }
 }
 
 

sgxwallet.c

@@ -62,13 +62,14 @@ int main(int argc, char *argv[]) {
     exit(1);
   }
 
-  while ((opt = getopt(argc, argv, "cshd")) != -1) {
+  while ((opt = getopt(argc, argv, "cshd0")) != -1) {
     switch (opt) {
     case 'h':
       if (strlen(argv[1]) == 2 ) {
         fprintf(stderr, "-c  client certificate will not be checked\n");
         fprintf(stderr, "-s  client certificate will be signed automatically\n");
         printf(stderr, "-d  turn on debug output\n");
+          printf(stderr, "-0  SGXWalletServer will be launched on http (not https)\n");
         exit(0);
       } else {
         fprintf(stderr, "unknown flag %s\n", argv[1]);
@@ -83,6 +84,9 @@ int main(int argc, char *argv[]) {
     case 'd':
       DEBUG_PRINT = 1;
       break;
+    case '0':
+      is_sgx_https = 0;
+     break;
     case '?': // fprintf(stderr, "unknown flag\n");
       exit(1);
     default:

sgxwallet_common.h

@@ -34,6 +34,7 @@
 #include <stdbool.h>
 
 extern int DEBUG_PRINT;
+extern int is_sgx_https;
 
 #define BUF_LEN 1024
 

testw.cpp

@@ -80,6 +80,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include <thread>
 
+
+
 std::string stringFromFr(libff::alt_bn128_Fr& el) {
 
     mpz_t t;
@@ -743,6 +745,7 @@ std::string ConvertDecToHex(std::string dec, int numBytes = 32){
 
 
 TEST_CASE("BLS_DKG test", "[bls_dkg]") {
+  is_sgx_https = 0;
   std::cerr<< "test started" << std::endl;
   init_all(false, false);
   cerr << "Server inited" << endl;
@@ -866,6 +869,7 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
 
 TEST_CASE("API test", "[api_test]") {
    //DEBUG_PRINT = 1;
+    is_sgx_https = 0;
   //std::cerr << __GNUC__ << std::endl;
     cerr << "API test started" << endl;
     init_all(false, false);
@@ -971,6 +975,7 @@ TEST_CASE("API test", "[api_test]") {
 }
 
 TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
+  is_sgx_https = 0;
   init_all( false, false );
   HttpClient client("http://localhost:1029");
   StubClient c(client, JSONRPC_CLIENT_V2);
@@ -1044,6 +1049,7 @@ void SendRPCRequest(){
  }
 
 TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
+  is_sgx_https = 0;
   init_all( false, false );
 
   std::vector<std::thread> threads;
@@ -1061,6 +1067,7 @@ TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
 
 TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
   //DEBUG_PRINT = 1;
+  is_sgx_https = 0;
 
   cerr << "ecdsa_api_test started" << endl;
   init_all(false, false);
@@ -1104,6 +1111,7 @@ TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
 
 TEST_CASE("dkg API test", "[dkg_api_test]") {
  //  DEBUG_PRINT = 1;
+  is_sgx_https = 0;
 
   cerr << "dkg_api_test started" << endl;
   init_all(false, false);