Skip to content

S
sgxwallet
Unverified Commit 6d82dafc authored by kladkogex's avatar kladkogex
Browse files
Options

Fixed problem

parent f51ca696
Hide whitespace changes
Inline Side-by-side
Showing with 240 additions and 255 deletions
secure_enclave/BLSUtils.cpp
View file @ 6d82dafc
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
// //
#define GMP_WITH_SGX #define GMP_WITH_SGX
#include <string.h> #include <string.h>
#include <cstdint> #include <cstdint>
#include "../sgxwallet_common.h" #include "../sgxwallet_common.h"
...@@ -15,135 +14,117 @@ ...@@ -15,135 +14,117 @@
std::string *stringFromKey(libff::alt_bn128_Fr *_key) { std::string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
_key->as_bigint().to_mpz(t); _key->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2]; char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t); char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t); mpz_clear(t);
return new std::string(tmp); return new std::string(tmp);
} }
std::string *stringFromFq(libff::alt_bn128_Fq *_fq) { std::string *stringFromFq(libff::alt_bn128_Fq*_fq) {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
_fq->as_bigint().to_mpz(t); _fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2]; char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t); char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t); mpz_clear(t);
return new std::string(tmp); return new std::string(tmp);
} }
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) { std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
_g1->to_affine_coordinates(); _g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X); auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y); auto sY = stringFromFq(&_g1->Y);
auto sG1 = new std::string(*sX + ":" + *sY); auto sG1 = new std::string(*sX + ":" + *sY);
delete (sX); delete(sX);
delete (sY); delete(sY);
return sG1; return sG1;
} }
libff::alt_bn128_Fr *keyFromString(const char *_keyString) {
return new libff::alt_bn128_Fr(_keyString);
}
void check_key(int *err_status, char *err_string, const char *_keyString) {
*err_status = UNKNOWN_ERROR;
uint64_t keyLen = strnlen(_keyString, MAX_KEY_LENGTH);
// check that key is zero terminated string libff::alt_bn128_Fr *keyFromString(const char* _keyString) {
if (keyLen == MAX_KEY_LENGTH) { return new libff::alt_bn128_Fr(_keyString);
*err_status = PLAINTEXT_KEY_TOO_LONG; }
snprintf(err_string, MAX_ERR_LEN, "Plaintext key too long");
return;
}
bool check_key(const char *_keyString) {
libff::init_alt_bn128_params();
if (_keyString == nullptr)
return false;
if (_keyString == nullptr) { std::string ks(_keyString);
*err_status = NULL_KEY;
snprintf(err_string, BUF_LEN, "Null key string");
return;
}
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) { // std::string keyString =
if (_keyString[i] != 0) { // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
*err_status = UNPADDED_KEY;
snprintf(err_string, BUF_LEN, "Unpadded key passed to wrap");
return;
}
}
auto key = keyFromString(ks.c_str());
std::string ks(_keyString); auto s1 = stringFromKey(key);
// std::string keyString = if (s1->compare(ks) != 0)
// "4160780231445160889237664391382223604184857153814275770598791864649971919844"; return false;
auto key = keyFromString(ks.c_str()); if (s1->size() < 10)
return false;
auto s1 = stringFromKey(key); if (s1->size() >= 100)
return false;
if (s1->compare(ks) != 0) { return true;
*err_status = INCORRECT_STRING_CONVERSION; }
snprintf(err_string, BUF_LEN, "Incorrect string conversion");
return;
}
*err_status = 0;
}
bool sign(const char *_keyString, const char* _hashXString, const char* _hashYString,
char sig[BUF_LEN]) {
bool sign(const char *_keyString, const char *_hashXString, const char *_hashYString, auto key = keyFromString(_keyString);
char sig[BUF_LEN]) {
auto key = keyFromString(_keyString); libff::alt_bn128_Fq hashX(_hashXString);
libff::alt_bn128_Fq hashY(_hashYString);
libff::alt_bn128_Fq hashZ = 1;
libff::alt_bn128_Fq hashX(_hashXString);
libff::alt_bn128_Fq hashY(_hashYString);
libff::alt_bn128_Fq hashZ = 1;
libff::alt_bn128_G1 hash(hashX, hashY, hashZ);
libff::alt_bn128_G1 hash(hashX, hashY, hashZ);
libff::alt_bn128_G1 sign = key->as_bigint() * hash; // sign
libff::alt_bn128_G1 sign = key->as_bigint() * hash; // sign sign.to_affine_coordinates();
sign.to_affine_coordinates(); auto r = stringFromG1(&sign);
auto r = stringFromG1(&sign); memset(sig, 0, BUF_LEN);
memset(sig, 0, BUF_LEN); strncpy(sig, r->c_str(), BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN); delete r;
delete r; return true;
return true;
} }
......
secure_enclave/BLSUtils.h
View file @ 6d82dafc
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
#define EXTERNC #define EXTERNC
#endif #endif
EXTERNC void check_key(int *err_status, char *err_string, const char* _keyString); EXTERNC bool check_key(const char* _keyString);
EXTERNC bool sign(const char *_keyString, const char* _hashXString, const char* _hashYString, EXTERNC bool sign(const char *_keyString, const char* _hashXString, const char* _hashYString,
char* _sig); char* _sig);
......
secure_enclave/secure_enclave.c
View file @ 6d82dafc
...@@ -50,62 +50,57 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -50,62 +50,57 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "../sgxwallet_common.h" #include "../sgxwallet_common.h"
void *(*gmp_realloc_func)(void *, size_t, size_t); void *(*gmp_realloc_func)(void *, size_t, size_t);
void *(*oc_realloc_func)(void *, size_t, size_t); void *(*oc_realloc_func)(void *, size_t, size_t);
void (*gmp_free_func)(void *, size_t); void (*gmp_free_func)(void *, size_t);
void (*oc_free_func)(void *, size_t); void (*oc_free_func)(void *, size_t);
void *reallocate_function(void *, size_t, size_t); void *reallocate_function(void *, size_t, size_t);
void free_function(void *, size_t); void free_function(void *, size_t);
void tgmp_init() { void tgmp_init() {
oc_realloc_func = &reallocate_function; oc_realloc_func = &reallocate_function;
oc_free_func = &free_function; oc_free_func = &free_function;
mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func); mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func);
mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func); mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
} }
void free_function(void *ptr, size_t sz) { void free_function(void *ptr, size_t sz) {
if (sgx_is_within_enclave(ptr, sz)) if (sgx_is_within_enclave(ptr, sz))
gmp_free_func(ptr, sz); gmp_free_func(ptr, sz);
else { else {
sgx_status_t status; sgx_status_t status;
status = oc_free(ptr, sz); status = oc_free(ptr, sz);
if (status != SGX_SUCCESS) if (status != SGX_SUCCESS)
abort(); abort();
} }
} }
void *reallocate_function(void *ptr, size_t osize, size_t nsize) { void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
uint64_t nptr; uint64_t nptr;
sgx_status_t status; sgx_status_t status;
if (sgx_is_within_enclave(ptr, osize)) { if (sgx_is_within_enclave(ptr, osize)) {
return gmp_realloc_func(ptr, osize, nsize); return gmp_realloc_func(ptr, osize, nsize);
} }
status = oc_realloc(&nptr, ptr, osize, nsize); status = oc_realloc(&nptr, ptr, osize, nsize);
if (status != SGX_SUCCESS) if (status != SGX_SUCCESS)
abort(); abort();
/* /*
* If the entire range of allocated memory is not outside the enclave * If the entire range of allocated memory is not outside the enclave
* then something truly terrible has happened. In theory, we could * then something truly terrible has happened. In theory, we could
* free() and try again, but would you trust the OS at this point? * free() and try again, but would you trust the OS at this point?
*/ */
if (!sgx_is_outside_enclave((void *) ptr, nsize)) if (!sgx_is_outside_enclave((void *)ptr, nsize))
abort(); abort();
return (void *) nptr; return (void *)nptr;
} }
void e_mpz_add(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} void e_mpz_add(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
...@@ -118,208 +113,233 @@ void e_mpf_div(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} ...@@ -118,208 +113,233 @@ void e_mpf_div(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void generate_ecdsa_key(int *err_status, char *err_string, void generate_ecdsa_key(int *err_status, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len) { uint8_t *encrypted_key, uint32_t *enc_len) {
} }
void encrypt_key(int *err_status, char *err_string, char *key, void encrypt_key(int *err_status, char *err_string, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) { uint8_t *encrypted_key, uint32_t *enc_len) {
*err_status = UNKNOWN_ERROR; *err_status = -1;
check_key(err_status, err_string, key); uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (*err_status != 0) { // check that key is zero terminated string
snprintf(err_string + strlen(err_string), BUF_LEN, ":check_key failed");
return; if (keyLen == MAX_KEY_LENGTH) {
} snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
return;
}
uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH); *err_status = -2;
if (sealedLen > BUF_LEN) { // check that key is padded with 0s
snprintf(err_string, BUF_LEN, "sealedLen > BUF_LEN");
return; for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (key[i] != 0) {
snprintf(err_string, BUF_LEN,"Unpadded key");
return;
} }
}
sgx_status_t status; *err_status = -3;
sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, (sgx_sealed_data_t *) encrypted_key); if (!check_key(key)) {
snprintf(err_string, BUF_LEN,"check_key failed");
return;
}
if (status != SGX_SUCCESS) { uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status);
err_status = SGX_SEAL_DATA_FAILED;
return;
}
*enc_len = sealedLen; *err_status = -4;
char decryptedKey[BUF_LEN]; if (sealedLen > BUF_LEN) {
snprintf(err_string, BUF_LEN,"sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return;
}
*err_status = -5;
decrypt_key(err_status, err_string, encrypted_key, sealedLen, decryptedKey); memset(encrypted_key, 0, BUF_LEN);
if (*err_status != 0) { if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t*) key, sealedLen, (sgx_sealed_data_t*) encrypted_key) !=
snprintf(err_string + strlen(err_string), BUF_LEN, ":decrypt_key failed"); SGX_SUCCESS) {
return; snprintf(err_string, BUF_LEN,"SGX seal data failed");
} return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); *enc_len = sealedLen;
if (decryptedKeyLen == MAX_KEY_LENGTH) {
*err_status = STRING_NOT_NULL_TERMINATED;
snprintf(err_string, MAX_ERR_LEN, "Key2 is not null terminated");
return;
}
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { char key2[BUF_LEN];
*err_status = ENCRYPTION_DECRYPTION_MISMATCH;
snprintf(err_string, MAX_ERR_LEN, "Decrypted key does not match original");
return;
}
*err_status = 0; memset(key2, 0, BUF_LEN);
}
void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key, decrypt_key(err_status, err_string, encrypted_key, sealedLen, key2);
uint32_t enc_len, char *key) {
uint32_t decLen; if (*err_status != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN , ":decrypt_key failed");
return;
}
*err_status = -9;
memset(key, 0, BUF_LEN);
sgx_status_t status = sgx_unseal_data( uint64_t key2Len = strnlen(key2, MAX_KEY_LENGTH);
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) { if (key2Len == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(err_string, MAX_ERR_LEN,"Key2 is not null terminated");
return; return;
} }
if (decLen != MAX_KEY_LENGTH) { *err_status = -8;
snprintf(err_string, BUF_LEN, "decLen != MAX_KEY_LENGTH");
return; if (strncmp(key, key2, MAX_KEY_LENGTH) != 0)
} return;
*err_status = -10; *err_status = 0;
}
void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char* key) {
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH); uint32_t decLen;
*err_status = -9;
if (keyLen == MAX_KEY_LENGTH) { sgx_status_t status = sgx_unseal_data(
snprintf(err_string, BUF_LEN, "Key is not null terminated"); (const sgx_sealed_data_t *)encrypted_key, NULL, 0, (uint8_t*) key, &decLen);
return;
}
// check that key is padded with 0s if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"sgx_unseal_data failed with status %d", status);
return;
}
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (key[i] != 0) {
snprintf(err_string, BUF_LEN, "Unpadded key");
return;
}
}
*err_status = 0; if (decLen != MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "decLen != MAX_KEY_LENGTH");
return; return;
}
} *err_status = -10;
void bls_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key, uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
char key[BUF_LEN]; if (keyLen == MAX_KEY_LENGTH) {
char sig[BUF_LEN]; snprintf(err_string, BUF_LEN, "Key is not null terminated");
return;
}
decrypt_key(err_status, err_string, encrypted_key, enc_len, key); // check that key is padded with 0s
if (err_status != 0) { for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
return; if (key[i] != 0) {
snprintf(err_string, BUF_LEN,"Unpadded key");
return;
} }
}
*err_status = 0;
return;
sign(key, _hashX, _hashY, sig); }
strncpy(signature, sig, BUF_LEN);
}
void bls_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char *_hashX,
char* _hashY, char *signature) {
void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, uint8_t *message, char *signature) {
*err_status = -1;
char key[BUF_LEN];
char sig[BUF_LEN];
char key[BUF_LEN]; decrypt_key(err_status, err_string, encrypted_key, enc_len, key);
decrypt_key(err_status, err_string, encrypted_key, enc_len, key); if (err_status != 0) {
return;
}
if (err_status != 0) { sign(key, _hashX, _hashY, sig );
return;
}
strncpy(signature, sig, BUF_LEN);
//strncpy(signature, ecdsaSig, MAX_SIG_LEN); }
void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, uint8_t *message, char *signature) {
*err_status = -1;
char key[BUF_LEN];
decrypt_key(err_status, err_string, encrypted_key, enc_len, key);
unsigned char entropy_buf[ADD_ENTROPY_SIZE] = {0}; if (err_status != 0) {
return;
}
RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
RAND_seed(entropy_buf, sizeof(entropy_buf));
// Initialize SGXSSL crypto
OPENSSL_init_crypto(0, NULL);
RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE); //strncpy(signature, ecdsaSig, MAX_SIG_LEN);
RAND_seed(entropy_buf, sizeof(entropy_buf));
EC_KEY *ec = NULL;
int eccgroup;
eccgroup = OBJ_txt2nid("secp384r1");
ec = EC_KEY_new_by_curve_name(eccgroup);
if (ec == NULL) {
return;
}
EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
int ret = EC_KEY_generate_key(ec);
if (!ret) {
return;
}
EVP_PKEY *ec_pkey = EVP_PKEY_new(); unsigned char entropy_buf[ADD_ENTROPY_SIZE] = {0};
if (ec_pkey == NULL) {
return; RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
} RAND_seed(entropy_buf, sizeof(entropy_buf));
EVP_PKEY_assign_EC_KEY(ec_pkey, ec);
// DONE // Initialize SGXSSL crypto
OPENSSL_init_crypto(0, NULL);
char buffer[100];
unsigned char sig;
unsigned int siglen;
int i;
for (i = 0; i < 1000; i++) {
// Add context
EVP_MD_CTX *context = EVP_MD_CTX_new();
// Init, update, final
EVP_SignInit_ex(context, EVP_sha1(), NULL);
EVP_SignUpdate(context, &buffer, 100);
EVP_SignFinal(context, &sig, &siglen, ec_pkey);
}
*err_status = 0; RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
RAND_seed(entropy_buf, sizeof(entropy_buf));
EC_KEY * ec = NULL;
int eccgroup;
eccgroup = OBJ_txt2nid("secp384r1");
ec = EC_KEY_new_by_curve_name(eccgroup);
if (ec == NULL) {
return;
}
EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
int ret = EC_KEY_generate_key(ec);
if (!ret) {
return;
}
EVP_PKEY *ec_pkey = EVP_PKEY_new();
if (ec_pkey == NULL) {
return;
}
EVP_PKEY_assign_EC_KEY(ec_pkey, ec);
// DONE
char buffer[100];
unsigned char sig;
unsigned int siglen;
int i;
for (i = 0; i < 1000; i++) {
// Add context
EVP_MD_CTX* context = EVP_MD_CTX_new();
// Init, update, final
EVP_SignInit_ex(context, EVP_sha1(), NULL);
EVP_SignUpdate(context, &buffer, 100);
EVP_SignFinal(context, &sig, &siglen, ec_pkey);
}
*err_status = 0;
} }
sgxwallet_common.h
View file @ 6d82dafc
...@@ -27,21 +27,5 @@ ...@@ -27,21 +27,5 @@
#define ADD_ENTROPY_SIZE 32 #define ADD_ENTROPY_SIZE 32
#define UNKNOWN_ERROR -1
#define PLAINTEXT_KEY_TOO_LONG -2
#define UNPADDED_KEY -3
#define NULL_KEY -4
#define INCORRECT_STRING_CONVERSION -5
#define SEALED_LEN_TOO_LARGE -6
#define SGX_SEAL_DATA_FAILED -7
#define STRING_NOT_NULL_TERMINATED -8
#define ENCRYPTION_DECRYPTION_MISMATCH -9
#endif //SGXWALLET_SGXWALLET_COMMON_H #endif //SGXWALLET_SGXWALLET_COMMON_H
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment