SKALE-2003 Add setting encrypted backup key from db

ECDSACrypto.cpp

@@ -53,11 +53,12 @@ std::vector<std::string> gen_ecdsa_key(){
 
   if ( !is_aes)
      status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
-  else status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
+  else
+     status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
 
-  if ( err_status != 0 ){
-    std::cerr << "RPCException thrown" << std::endl;
-    throw RPCException(-666, errMsg) ;
+  if ( status != SGX_SUCCESS || err_status != 0 ){
+    std::cerr << "RPCException thrown with status" << status << std::endl;
+    throw RPCException(status, errMsg) ;
   }
   std::vector<std::string> keys(3);
   if (DEBUG_PRINT) {

Makefile.am

@@ -92,7 +92,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
 ## Use the variables, not the actual library names to ensure these
 ## targets work on simulation builds.
 
-sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
+sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
    -LlibBLS/build/libff/libff \
    -l:libbls.a -l:libleveldb.a \
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \

SEKManager.cpp

@@ -27,11 +27,19 @@
 #include "LevelDB.h"
 
 #include <iostream>
+#include <algorithm>
 
 #include "sgxwallet_common.h"
 #include "common.h"
 #include "sgxwallet.h"
 
+bool case_insensitive_match(string s1, string s2) {
+  //convert s1 and s2 into lower case strings
+  transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
+  transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
+  return s1.compare(s2);
+}
+
 void generate_SEK(){
 
   vector<char> errMsg(1024,0);
@@ -39,28 +47,41 @@ void generate_SEK(){
   vector<uint8_t> encr_SEK(1024, 0);
   uint32_t enc_len = 0;
 
-  status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
-  if ( err_status != 0 ){
-    cerr << "RPCException thrown" << endl;
-    throw RPCException(-666, errMsg.data()) ;
+  //vector<char> SEK(65, 0);
+  char SEK[65];
+  memset(SEK, 0, 65);
+
+  status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
+  if (status != SGX_SUCCESS ||  err_status != 0  ){
+    throw RPCException(status, errMsg.data()) ;
   }
 
   vector<char> hexEncrKey(2*enc_len + 1, 0);
 
   carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
 
-  cerr << "key is " << errMsg.data() << endl;
+  cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
+  cout << "key is " << SEK << endl;
+
+  std::string confirm_str = "I confirm";
+  std::string buffer;
+  do{
+    std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)" << std::endl;
+    std::getline(std::cin, buffer);
+  } while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
 
+  system("reset");
   LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
 
 }
 
-void setSEK(std::shared_ptr<std::string> hex_encr_SEK){
+void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
   vector<char> errMsg(1024,0);
   int err_status = 0;
   //vector<uint8_t> encr_SEK(1024, 0);
 
-  uint8_t encr_SEK [BUF_LEN];
+  uint8_t encr_SEK[BUF_LEN];
+  memset(encr_SEK, 0, BUF_LEN);
 
   uint64_t len;
 
@@ -68,10 +89,17 @@ void setSEK(std::shared_ptr<std::string> hex_encr_SEK){
     throw RPCException(INVALID_HEX, "Invalid encrypted SEK Hex");
   }
 
-  status = set_SEK(eid, &err_status, errMsg.data(), encr_SEK );
-  if ( err_status != 0 ){
+//  std::cerr << "encr hex key is " << *hex_encr_SEK << std::endl;
+  std::cerr << "len is " << len << std::endl;
+
+  status = set_SEK(eid, &err_status, errMsg.data(), encr_SEK, len );
+  if ( status != SGX_SUCCESS || err_status != 0 ){
     cerr << "RPCException thrown" << endl;
-    throw RPCException(-666, errMsg.data()) ;
+    throw RPCException(status, errMsg.data()) ;
   }
 
+  std::cerr << "status is " << status << std::endl;
+  std::cerr << " aes key is " << errMsg.data() << std::endl;
+//  for ( uint32_t i = 0; i < 1024; i++)
+//     printf("%d ", errMsg[i]);
 }

SEKManager.h

@@ -29,6 +29,6 @@
 
 void generate_SEK();
 
-void setSEK(std::shared_ptr<std::string> hex_encr_SEK);
+void set_SEK(std::shared_ptr<std::string> hex_encr_SEK);
 
 #endif //SGXD_SEKMANAGER_H

ServerInit.cpp

@@ -79,8 +79,8 @@ void init_daemon() {
       generate_SEK();
     }
     else{
-      spdlog::info("SEK was created");
-      setSEK(encr_SEK_ptr);
+      std::cerr << "going to set SEK from db" << std::endl;
+      set_SEK(encr_SEK_ptr);
     }
 }
 
@@ -141,9 +141,10 @@ void init_all(bool check_cert, bool sign_automatically) {
     //spdlog::set_pattern("%c");
     if (sgxServerInited == 1)
         return;
-
+    init_enclave();
     init_daemon();
 
+
     sgxServerInited = 1;
 
     if (is_sgx_https) {
@@ -154,7 +155,7 @@ void init_all(bool check_cert, bool sign_automatically) {
     else {
       init_http_server();
     }
-    init_enclave();
+
     //std::cerr << "enclave inited" << std::endl;
 
 }

secure_enclave/secure_enclave.c

@@ -907,44 +907,52 @@ void get_bls_pub_key(int *err_status, char* err_string, uint8_t* encrypted_key,
 }
 
 void generate_SEK(int *err_status, char *err_string,
-                        uint8_t *encrypted_SEK, uint32_t *enc_len){
+                        uint8_t *encrypted_SEK, uint32_t *enc_len, char* SEK_hex){
   uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
   //unsigned char* rand_char = (unsigned char*)malloc(16);
-  sgx_read_rand( SEK_raw, SGX_AESGCM_KEY_SIZE);
+  sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
+
   uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
   uint8_t SEK[hex_aes_key_length];
-  carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK);
-
+  carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex);
 
   uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1);
-  memcpy(err_string, SEK, BUF_LEN);
 
-  for ( uint8_t i = 0; i < SGX_AESGCM_KEY_SIZE; i++){
+  for ( uint8_t i = 0; i < 16; i++){
     AES_key[i] = SEK_raw[i];
   }
 
-  sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
+  sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
   if( status !=  SGX_SUCCESS) {
     snprintf(err_string, BUF_LEN, "seal SEK failed");
     *err_status = status;
     return;
   }
 
+  //strncpy(SEK_hex, SEK, hex_aes_key_length);
+
   *enc_len = sealedLen;
   //free(rand_char);
 }
 
-void set_SEK(int *err_status, char *err_string, uint8_t *encrypted_SEK){
+void set_SEK(int *err_status, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len){
+
+  //memset(AES_key, 0, SGX_AESGCM_KEY_SIZE);
 
-  uint32_t len;
+  uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
+  memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2);
 
   sgx_status_t status = sgx_unseal_data(
-      (const sgx_sealed_data_t *)encrypted_SEK, NULL, 0, (uint8_t *)AES_key, &len);
+      (const sgx_sealed_data_t *)encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
   if (status != SGX_SUCCESS) {
-    *err_status = 1;
+    *err_status = status;
     snprintf(err_string, BUF_LEN,"sgx unseal SEK failed with status %d", status);
     return;
   }
+
+  uint64_t len;
+  hex2carray(aes_key_hex, &len, (uint8_t* )AES_key);
+
 }
 
 void generate_ecdsa_key_aes(int *err_status, char *err_string,

secure_enclave/secure_enclave.edl

@@ -169,12 +169,14 @@ enclave {
                                 [user_check] int *err_status,
                                 [out, count = 1024] char *err_string,
                                 [out, count = 1024] uint8_t *encrypted_SEK,
-                                [user_check] uint32_t *enc_len);
+                                [user_check] uint32_t *enc_len,
+                                [out, count = 65] char* hex_SEK);
 
                 public void set_SEK(
                                 [user_check] int *err_status,
                                 [out, count = 1024] char *err_string,
-                                [in, count = 1024] uint8_t *encrypted_SEK);
+                                [in, count = 1024] uint8_t *encrypted_SEK,
+                                uint64_t encr_len);
 
                 public void generate_ecdsa_key_aes (
                                 [user_check] int *err_status,

testw.cpp

@@ -113,6 +113,7 @@ int updated;
 #define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1"
 
 void reset_db() {
+    //std::string db_name = SGXDATA_FOLDER + WALLETDB_NAME;
     REQUIRE(system("rm -rf " WALLETDB_NAME) == 0);
 }
 
@@ -1207,6 +1208,8 @@ TEST_CASE("AES_DKG test", "[aes_dkg]") {
   DEBUG_PRINT = 1;
   is_aes = 1;
 
+  reset_db();
+
   std::cerr << "test started" << std::endl;
   init_all(false, false);
   cerr << "Server inited" << endl;
@@ -1214,9 +1217,7 @@ TEST_CASE("AES_DKG test", "[aes_dkg]") {
   StubClient c(client, JSONRPC_CLIENT_V2);
   cerr << "Client inited" << endl;
 
-  reset_db();
-
-  int n = 16, t = 16;
+  int n = 2, t = 2;
   Json::Value EthKeys[n];
   Json::Value VerifVects[n];
   Json::Value pubEthKeys;
@@ -1230,6 +1231,7 @@ TEST_CASE("AES_DKG test", "[aes_dkg]") {
   int dkg_id = rand_gen();
   for ( uint8_t i = 0; i < n; i++){
     EthKeys[i] = c.generateECDSAKey();
+    std::cerr << "after gen key" << std::endl;
     string polyName = "POLY:SCHAIN_ID:" + to_string(schain_id) + ":NODE_ID:" + to_string(i) + ":DKG_ID:" + to_string(dkg_id);
     REQUIRE(EthKeys[i]["status"] == 0);
     cout << c.generateDKGPoly(polyName, t);
@@ -1275,9 +1277,6 @@ TEST_CASE("AES_DKG test", "[aes_dkg]") {
       // }
     }
 
-  std::cerr << "before exit " << std::endl;
-  exit(0);
-  std::cerr << "after exit " << std::endl;
 
   Json::Value complaintResponse = c.complaintResponse(poly_names[1], 0);
   cout << complaintResponse << endl;