Skip to content

S
sgxwallet
Unverified Commit 683b595e authored by kladko's avatar kladko
Browse files
Options

SKALE-1880-fix-ecdsa

parent 206bcd6d
Show whitespace changes
Inline Side-by-side
Showing with 85 additions and 65 deletions
.gitignore
View file @ 683b595e
# Created by .ignore support plugin (hsz.mobi) /.idea/
.idea/ /cmake-build-debug/
cmake-build-debug/ /build/
build/ /sgx_data/
sgx_data/ /jsonrpc/
jsonrpc/ /gmp-build/
gmp-build/ /tgmp-build/
tgmp-build/ /install-sh
install-sh /config.log
config.log /config.status
config.status /Makefile.in
Makefile.in /Makefile
Makefile /secure_enclave_u.h
secure_enclave_u.h /secure_enclave_u.c
secure_enclave_u.c /secure_enclave.edl
secure_enclave.edl /am--include-marker
am--include-marker /*.o
*.o /*.m4
aclocal.m4 /missing
missing /compile
compile /depcomp
depcomp /ltmain.sh
ltmain.sh /secure_enclave.signed.so
secure_enclave.signed.so /sgxgmpmath
sgxgmpmath /sgxgmppi
sgxgmppi /.deps
.deps /CMakeCache.txt
CMakeCache.txt /cmake_install.cmake
cmake_install.cmake /sgxd.cbp
sgxd.cbp /sgx-gmp/
sgx-gmp/ /sgx-sdk-build/
sgx-sdk-build/ /secure_enclave/Makefile
secure_enclave/Makefile /secure_enclave/secure_enclave.signed.so
secure_enclave/secure_enclave.signed.so /secure_enclave/secure_enclave.so
secure_enclave/secure_enclave.so /secure_enclave/secure_enclave_t.c
secure_enclave/secure_enclave_t.c /secure_enclave/secure_enclave_t.h
secure_enclave/secure_enclave_t.h /sgxd
sgxd /cert/SGXServerCertificate*
cert/SGXServerCertificate* /autom4te.cache
autom4te.cache /sgxwallet
sgxwallet /testw
testw /configure
configure /secure_enclave/.deps
secure_enclave/.deps /test-driver
test-driver
/intel-sgx-ssl/ /intel-sgx-ssl/
m4 /m4
.testw.py.swp /.testw.py.swp
/cert_util
ECDSACrypto.cpp
View file @ 683b595e
...@@ -158,9 +158,24 @@ vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i ...@@ -158,9 +158,24 @@ vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i
spdlog::debug("encrypted len: {}", dec_len); spdlog::debug("encrypted len: {}", dec_len);
if (!encryptKeys) if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base); signature_s, &signature_v, base);
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hashHex, 16) == -1) {
spdlog::error("invalid message hash {}", hashHex);
goto clean;
}
clean:
mpz_clear(msgMpz);
}
else else
status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r, status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base); signature_s, &signature_v, base);
......
VERSION
View file @ 683b595e
1.50 1.50.1
\ No newline at end of file \ No newline at end of file
secure_enclave/secure_enclave.c
View file @ 683b595e
...@@ -300,7 +300,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -300,7 +300,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
mpz_t privateKeyMpz; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz); mpz_init(privateKeyMpz);
mpz_t msgMpz; mpz_t msgMpz;
mpz_init(msgMpz);
signature sign = signature_init(); signature sign = signature_init();
...@@ -311,29 +312,38 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -311,29 +312,38 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
if (!hash) { if (!hash) {
*errStatus = -1; *errStatus = 1;
LOG_WARN("NULL message hash"); char* msg = "NULL message hash";
snprintf(errString, BUF_LEN, "NULL message hash"); LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean; goto clean;
} }
if (!hash) { if (strnlen(hash, 64 ) > 64) {
*errStatus = -1; *errStatus = 2;
char* msg = "NULL message hash"; char* msg = "Hash too long";
LOG_ERROR(msg); LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg); snprintf(errString, BUF_LEN, msg);
goto clean; goto clean;
} }
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
LOG_WARN(errString);
goto clean;
}
if (!encryptedPrivateKey) { if (!encryptedPrivateKey) {
*errStatus = -1; *errStatus = 3;
snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key"); snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
LOG_ERROR(errString); LOG_ERROR(errString);
goto clean; goto clean;
} }
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);
...@@ -354,12 +364,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -354,12 +364,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
} }
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
LOG_WARN(errString);
goto clean;
}
signature_sign(sign, msgMpz, privateKeyMpz, curve); signature_sign(sign, msgMpz, privateKeyMpz, curve);
...@@ -368,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -368,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
if (!signature_verify(msgMpz, sign, publicKey, curve)) { if (!signature_verify(msgMpz, sign, publicKey, curve)) {
*errStatus = -2; *errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified"); snprintf(errString, BUF_LEN, "ECDSA sig not verified");
LOG_WARN(errString); LOG_WARN(errString);
goto clean; goto clean;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment