SKALE-1880-fix-ecdsa

683b595e · kladko · 206bcd6d · 683b595e · 683b595e · 683b595e
Unverified Commit 683b595e authored May 20, 2020 by kladko
Show whitespace changes
Inline Side-by-side

Showing with 85 additions and 65 deletions

.gitignore .gitignore +47 -47

ECDSACrypto.cpp ECDSACrypto.cpp +16 -1

VERSION VERSION +1 -1

secure_enclave.c secure_enclave/secure_enclave.c +21 -16

No files found.
--- a/.gitignore
+++ b/.gitignore
-# Created by .ignore support plugin (hsz.mobi)
-.idea/
-cmake-build-debug/
-build/
-sgx_data/
-jsonrpc/
-gmp-build/
-tgmp-build/
-install-sh
-config.log
-config.status
-Makefile.in
-Makefile
-secure_enclave_u.h
-secure_enclave_u.c
-secure_enclave.edl
-am--include-marker
-*.o
-aclocal.m4
-missing
-compile
-depcomp
-ltmain.sh
-secure_enclave.signed.so
-sgxgmpmath
-sgxgmppi
-.deps
-CMakeCache.txt
-cmake_install.cmake
-sgxd.cbp
-sgx-gmp/
-sgx-sdk-build/
-secure_enclave/Makefile
-secure_enclave/secure_enclave.signed.so
-secure_enclave/secure_enclave.so
-secure_enclave/secure_enclave_t.c
-secure_enclave/secure_enclave_t.h
-sgxd
-cert/SGXServerCertificate*
-autom4te.cache
-sgxwallet
-testw
-configure
-secure_enclave/.deps
-test-driver
+/.idea/
+/cmake-build-debug/
+/build/
+/sgx_data/
+/jsonrpc/
+/gmp-build/
+/tgmp-build/
+/install-sh
+/config.log
+/config.status
+/Makefile.in
+/Makefile
+/secure_enclave_u.h
+/secure_enclave_u.c
+/secure_enclave.edl
+/am--include-marker
+/*.o
+/*.m4
+/missing
+/compile
+/depcomp
+/ltmain.sh
+/secure_enclave.signed.so
+/sgxgmpmath
+/sgxgmppi
+/.deps
+/CMakeCache.txt
+/cmake_install.cmake
+/sgxd.cbp
+/sgx-gmp/
+/sgx-sdk-build/
+/secure_enclave/Makefile
+/secure_enclave/secure_enclave.signed.so
+/secure_enclave/secure_enclave.so
+/secure_enclave/secure_enclave_t.c
+/secure_enclave/secure_enclave_t.h
+/sgxd
+/cert/SGXServerCertificate*
+/autom4te.cache
+/sgxwallet
+/testw
+/configure
+/secure_enclave/.deps
+/test-driver
 /intel-sgx-ssl/
-m4
-.testw.py.swp
+/m4
+/.testw.py.swp
+/cert_util
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -158,9 +158,24 @@ vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i
    spdlog::debug("encrypted len: {}", dec_len);


-    if (!encryptKeys)
+    if (!encryptKeys) {
        status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r,
                             signature_s, &signature_v, base);
+        mpz_t msgMpz;
+        mpz_init(msgMpz);
+        if (mpz_set_str(msgMpz, hashHex, 16) == -1) {
+            spdlog::error("invalid message hash {}", hashHex);
+            goto clean;
+        }
+
+
+        clean:
+
+        mpz_clear(msgMpz);
+
+
+
+    }
    else
        status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r,
                                signature_s, &signature_v, base);

--- a/VERSION
+++ b/VERSION
-1.50
\ No newline at end of file
+1.50.1
\ No newline at end of file
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -300,7 +300,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    mpz_t privateKeyMpz;
    mpz_init(privateKeyMpz);
    mpz_t msgMpz;
-    mpz_init(msgMpz);
+
+

    signature sign = signature_init();

@@ -311,29 +312,38 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate


    if (!hash) {
-        *errStatus = -1;
-        LOG_WARN("NULL message hash");
-        snprintf(errString, BUF_LEN, "NULL message hash");
+        *errStatus = 1;
+        char* msg = "NULL message hash";
+        LOG_ERROR(msg);
+        snprintf(errString, BUF_LEN, msg);
        goto clean;
    }

-    if (!hash) {
-        *errStatus = -1;
-        char* msg = "NULL message hash";
+    if (strnlen(hash, 64 ) > 64) {
+        *errStatus = 2;
+        char* msg = "Hash too long";
        LOG_ERROR(msg);
        snprintf(errString, BUF_LEN, msg);
        goto clean;
    }

+    mpz_init(msgMpz);
+
+    if (mpz_set_str(msgMpz, hash, 16) == -1) {
+        *errStatus = 1;
+        snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
+        LOG_WARN(errString);
+        goto clean;
+    }
+
    if (!encryptedPrivateKey) {
-        *errStatus = -1;
+        *errStatus = 3;
        snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
        LOG_ERROR(errString);
        goto clean;
    }
    

-
    sgx_status_t status = sgx_unseal_data(
            (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);

@@ -354,12 +364,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    }


-    if (mpz_set_str(msgMpz, hash, 16) == -1) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
-        LOG_WARN(errString);
-        goto clean;
-    }
+

    signature_sign(sign, msgMpz, privateKeyMpz, curve);

@@ -368,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate


    if (!signature_verify(msgMpz, sign, publicKey, curve)) {
-        *errStatus = -2;
+        *errStatus = 2;
        snprintf(errString, BUF_LEN, "ECDSA sig not verified");
        LOG_WARN(errString);
        goto clean;