Skip to content

S
sgxwallet
Unverified Commit 66bfa4de authored by Oleh Nikolaiev's avatar Oleh Nikolaiev
Browse files
Options

SKALE-3504 add methods with hash

parent 3f490811
Hide whitespace changes
Inline Side-by-side
Showing with 441 additions and 6 deletions
DKGCrypto.cpp
View file @ 66bfa4de
......@@ -282,6 +282,68 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
return result;
}
string getSecretSharesV2(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n) {
CHECK_STATE(_encryptedPolyHex);
vector<char> hexEncrKey(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
vector <uint8_t> encrDKGPoly(BUF_LEN, 0);
int errStatus = 0;
uint64_t encLen = 0;
if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
sgx_status_t status = SGX_SUCCESS;
READ_LOCK(sgxInitMutex);
string result;
for (int i = 0; i < _n; i++) {
vector <uint8_t> encryptedSkey(BUF_LEN, 0);
uint64_t decLen;
vector<char> currentShare(193, 0);
vector<char> sShareG2(320, 0);
string pub_keyB = _publicKeys.at(i);
vector<char> pubKeyB(129, 0);
strncpy(pubKeyB.data(), pub_keyB.c_str(), 128);
pubKeyB.at(128) = 0;
spdlog::debug("pubKeyB is {}", pub_keyB);
sgx_status_t status = SGX_SUCCESS;
status = trustedGetEncryptedSecretShareV2(eid, &errStatus,
errMsg.data(),
encrDKGPoly.data(), encLen,
encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
i + 1);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
result += string(currentShare.data());
hexEncrKey = carray2Hex(encryptedSkey.data(), decLen);
string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":";
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
}
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
SGXWalletServer::writeDataToDB(encryptedSecretShareName, result);
return result;
}
bool
verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
......@@ -318,6 +380,42 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
return result;
}
bool
verifySharesV2(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
CHECK_STATE(publicShares);
CHECK_STATE(encr_sshare);
CHECK_STATE(encryptedKeyHex);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint64_t decKeyLen = 0;
int result = 0;
SAFE_UINT8_BUF(encr_key, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
SAFE_CHAR_BUF(pshares, 8193);
strncpy(pshares, publicShares, strlen(publicShares));
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedDkgVerifyV2(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
ind, &result);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (result == 2) {
throw SGXException(INVALID_HEX, "Invalid public shares");
}
return result;
}
bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
CHECK_STATE(s_shares);
......
DKGCrypto.h
View file @ 66bfa4de
......@@ -41,8 +41,12 @@ vector<string> splitString(const char* coeffs, const char symbol);
string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
string getSecretSharesV2(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
bool verifySharesV2(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
string decryptDHKey(const string& polyName, int ind);
bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
......
SGXWalletServer.cpp
View file @ 66bfa4de
......@@ -737,6 +737,76 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) {
RETURN_SUCCESS(result)
}
Json::Value SGXWalletServer::getSecretShareV2Impl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["secretShare"] = "";
try {
if (_pubKeys.size() != (uint64_t) _n) {
throw SGXException(INVALID_DKG_PARAMS, "invalid number of public keys");
}
if (!checkName(_polyName, "POLY")) {
throw SGXException(INVALID_POLY_NAME, "Invalid polynomial name");
}
if (!check_n_t(_t, _n)) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
shared_ptr <string> encrPoly = readFromDb(_polyName);
vector <string> pubKeysStrs;
for (int i = 0; i < _n; i++) {
if (!checkHex(_pubKeys[i].asString(), 64)) {
throw SGXException(INVALID_HEX, "Invalid public key");
}
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string secret_share_name = "encryptedSecretShare:" + _polyName;
shared_ptr <string> encryptedSecretShare = checkDataFromDb(secret_share_name);
if (encryptedSecretShare != nullptr) {
result["secretShare"] = *encryptedSecretShare.get();
} else {
string s = getSecretSharesV2(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
}
Json::Value SGXWalletServer::dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName,
const string &_secretShare, int _t, int _n, int _index) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["result"] = false;
try {
if (!checkECDSAKeyName(_ethKeyName)) {
throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
}
if (!check_n_t(_t, _n) || _index >= _n || _index < 0) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
if (!checkHex(_secretShare, SECRET_SHARE_NUM_BYTES)) {
throw SGXException(INVALID_HEX, "Invalid Secret share");
}
if (_publicShares.length() != (uint64_t) 256 * _t) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid length of public shares");
}
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
if (verifySharesV2(_publicShares.c_str(), _secretShare.c_str(), encryptedKeyHex_ptr->c_str(), _t, _n, _index)) {
result["result"] = true;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
}
Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
return generateDKGPolyImpl(_polyName, _t);
}
......@@ -820,6 +890,17 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) {
return deleteBlsKeyImpl(name);
}
Json::Value SGXWalletServer::getSecretShareV2(const string &_polyName, const Json::Value &_publicKeys, int t, int n) {
return getSecretShareV2Impl(_polyName, _publicKeys, t, n);
}
Json::Value
SGXWalletServer::dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare,
int t,
int n, int index) {
return dkgVerificationV2Impl(_publicShares, ethKeyName, SecretShare, t, n, index);
}
shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
auto dataStr = checkDataFromDb(prefix + name);
......
SGXWalletServer.hpp
View file @ 66bfa4de
......@@ -91,6 +91,10 @@ public:
virtual Json::Value deleteBlsKey( const std::string& name );
virtual Json::Value getSecretShareV2(const string &_polyName, const Json::Value &_publicKeys, int t, int n);
virtual Json::Value dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare, int t, int n, int index);
static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
......@@ -143,6 +147,10 @@ public:
static Json::Value deleteBlsKeyImpl(const std::string& name);
static Json::Value getSecretShareV2Impl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n);
static Json::Value dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName, const string &_secretShare, int _t, int _n, int _index);
static void printDB();
static int initHttpServer();
......
secure_enclave/DHDkg.c
View file @ 66bfa4de
......@@ -209,6 +209,44 @@ int xor_encrypt(char *key, char *message, char *cypher) {
return ret;
}
int xor_encrypt_v2(char *key, char *message, char *cypher) {
int ret = -1;
if (!cypher) {
LOG_ERROR("xor_encrypt: null cypher");
return ret;
}
if (!key) {
LOG_ERROR("xor_encrypt: null key");
return ret;
}
if (!message) {
LOG_ERROR("xor_encrypt: null message");
return ret;
}
SAFE_CHAR_BUF(cypher_bin, 33);
uint64_t msg_length;
uint8_t msg_bin[33];
if (!hex2carray(message, &msg_length, msg_bin)) {
return ret;
}
for (int i = 0; i < 32; i++) {
cypher_bin[i] = msg_bin[i] ^ (uint8_t)key[i];
}
carray2Hex((unsigned char*) cypher_bin, 32, cypher);
ret = 0;
return ret;
}
int xor_decrypt(char *key, char *cypher, char *message) {
int ret = -1;
......@@ -254,3 +292,46 @@ int xor_decrypt(char *key, char *cypher, char *message) {
return ret;
}
int xor_decrypt_v2(char *key, char *cypher, char *message) {
int ret = -1;
if (!cypher) {
LOG_ERROR("xor_encrypt: null cypher");
return ret;
}
if (!key) {
LOG_ERROR("xor_encrypt: null key");
return ret;
}
if (!message) {
LOG_ERROR("xor_encrypt: null message");
return ret;
}
SAFE_CHAR_BUF(msg_bin,33);
uint64_t cypher_length;
SAFE_CHAR_BUF(cypher_bin, 33);
if (!hex2carray(cypher, &cypher_length, (uint8_t *) cypher_bin)) {
return ret;
}
for (int i = 0; i < 32; i++) {
msg_bin[i] = cypher_bin[i] ^ (uint8_t)key[i];
}
carray2Hex((unsigned char*) msg_bin, 32, message);
ret = 0;
return ret;
}
int hash_key(char* key, char* hashed_key) {
return sgx_sha256_msg((uint8_t*)key, ECDSA_SKEY_LEN, (uint8_t*)hashed_key);
}
secure_enclave/DHDkg.h
View file @ 66bfa4de
......@@ -30,6 +30,12 @@ int session_key_recover(const char *skey_str, const char* sshare, char* common_k
int xor_encrypt(char* key, char* message, char* cypher);
int xor_encrypt_v2(char* key, char* message, char* cypher);
int xor_decrypt(char* key, char* cypher, char* message);
int xor_decrypt_v2(char* key, char* cypher, char* message);
int hash_key(char* key, char* hashed_key);
#endif //SGXD_DRIVE_KEY_DKG_H
secure_enclave/secure_enclave.c
View file @ 66bfa4de
......@@ -924,6 +924,86 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString,
LOG_INFO("SGX call completed");
}
void trustedGetEncryptedSecretShareV2(int *errStatus, char *errString,
uint8_t *_encrypted_poly, uint64_t _enc_len,
uint8_t *encrypted_skey, uint64_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
uint64_t enc_len;
int status;
CHECK_STATE(encrypted_skey);
CHECK_STATE(result_str);
CHECK_STATE(s_shareG2);
CHECK_STATE(pub_keyB);
LOG_DEBUG(__FUNCTION__);
trustedSetEncryptedDkgPoly(&status, errString, _encrypted_poly, _enc_len);
CHECK_STATUS2("trustedSetEncryptedDkgPoly failed with status %d ");
SAFE_CHAR_BUF(skey, BUF_LEN);
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);
SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
CHECK_STATUS("trustedGenerateEcdsaKey failed");
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable);
skey[ECDSA_SKEY_LEN - 1] = 0;
CHECK_STATUS2("AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d");
*dec_len = enc_len;
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = gen_session_key(skey, pub_keyB, common_key);
CHECK_STATUS("gen_session_key failed")
SAFE_CHAR_BUF(s_share, BUF_LEN);
status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
CHECK_STATUS("calc secret share failed")
status = calc_secret_shareG2(s_share, s_shareG2);
CHECK_STATUS("invalid decr secret share");
SAFE_CHAR_BUF(derived_key, BUF_LEN);
status = hash_key(common_key, derived_key);
CHECK_STATUS("hash key failed")
derived_key[ECDSA_BIN_LEN - 1] = 0;
SAFE_CHAR_BUF(cypher, BUF_LEN);
status = xor_encrypt_v2(derived_key, s_share, cypher);
CHECK_STATUS("xor_encrypt failed")
strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
SET_SUCCESS
clean:
;
LOG_INFO(__FUNCTION__ );
LOG_INFO("SGX call completed");
}
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
......@@ -990,12 +1070,68 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
status=xor_decrypt(common_key, encr_sshare, decr_sshare);
status = xor_decrypt(common_key, encr_sshare, decr_sshare);
CHECK_STATUS("xor_decrypt failed")
status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind);
SET_SUCCESS
clean:
mpz_clear(s);
LOG_INFO(__FUNCTION__ );
LOG_INFO("SGX call completed");
}
void trustedDkgVerifyV2(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(public_shares);
CHECK_STATE(s_share);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey,BUF_LEN);
mpz_t s;
mpz_init(s);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
SAFE_CHAR_BUF(encr_sshare, BUF_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = session_key_recover(skey, s_share, common_key);
CHECK_STATUS("session_key_recover failed");
SAFE_CHAR_BUF(derived_key, BUF_LEN);
status = hash_key(common_key, derived_key);
CHECK_STATUS("hash key failed")
derived_key[ECDSA_BIN_LEN - 1] = 0;
SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
status = xor_decrypt_v2(derived_key, encr_sshare, decr_sshare);
CHECK_STATUS("xor_decrypt failed")
status = mpz_set_str(s, decr_sshare, 16);
status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind);
......
secure_enclave/secure_enclave.edl
View file @ 66bfa4de
......@@ -88,10 +88,6 @@ enclave {
[out, count = 3072] uint8_t* decrypted_dkg_secret
);
public void trustedGetEncryptedSecretShare(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
......@@ -106,6 +102,20 @@ enclave {
uint8_t _n,
uint8_t ind);
public void trustedGetEncryptedSecretShareV2(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint64_t enc_len,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[out] uint64_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, string] char* pub_keyB,
uint8_t _t,
uint8_t _n,
uint8_t ind);
public void trustedGetPublicShares(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
......@@ -126,6 +136,17 @@ enclave {
int _ind,
[out] int* result);
public void trustedDkgVerifyV2(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, string] const char* public_shares,
[in, string] const char* s_share,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len,
unsigned _t,
int _ind,
[out] int* result);
public void trustedCreateBlsKey(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment