Unverified Commit 725a9722 authored by kladko's avatar kladko

SKALE-3067-cleanup-sgx

parent 88c53da9
......@@ -58,9 +58,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define SAFE_FREE(__X__) if (!__X__) {free(__X__); __X__ = NULL;}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
......@@ -84,21 +81,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*errStatus = -1; \
goto clean;}
#define CHECK_STATUS(__STATUS__, __ERRMESSAGE__) if (__STATUS__ != SGX_SUCCESS) { \
#define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
}
};
#define CHECK_STATUS2(__STATUS__, __ERRMESSAGE__, __PARAM__) if (__STATUS__ != SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__, __PARAM__); \
#define CHECK_STATUS2(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__, status); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
}
};
void *(*gmp_realloc_func)(void *, size_t, size_t);
......@@ -171,7 +167,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return (void *) nptr;
}
void get_global_random(unsigned char *_randBuff, uint64_t _size) {
char errString[BUF_LEN];
......@@ -184,7 +179,6 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
CHECK_STATE(_size <= 32)
CHECK_STATE(_randBuff);
sgx_sha_state_handle_t shaStateHandle;
CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
......@@ -199,15 +193,12 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex);
CHECK_STATE(encrypted_SEK);
CHECK_STATE(SEK_hex);
SAFE_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);;
......@@ -222,7 +213,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
CHECK_STATUS(status, "seal SEK failed");
CHECK_STATUS("seal SEK failed");
*enc_len = sealedLen;
......@@ -232,7 +223,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
}
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_SEK);
SAFE_CHAR_BUF(aes_key_hex, BUF_LEN);
......@@ -240,21 +231,20 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
CHECK_STATUS2(status, "sgx unseal SEK failed with status %d", status );
CHECK_STATUS2("sgx unseal SEK failed with status %d");
uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
SET_SUCCESS
clean:
;
}
void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_SEK);
......@@ -267,26 +257,19 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("seal SEK failed with status %d")
*enc_len = sealedLen;
SET_SUCCESS
clean:
;
}
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encryptedPrivateKey);
......@@ -302,7 +285,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
point Pkey = point_init();
get_global_random(rand_char, 32);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
......@@ -338,28 +320,16 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
skey_str[ECDSA_SKEY_LEN - 1] = 0;
snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
int stat = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat;
LOG_ERROR(errString);
goto clean;
}
int status = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
CHECK_STATUS("ecdsa private key encryption failed");
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key decr failed with status %d", stat);
*errStatus = stat;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("ecdsa private key decr failed with status %d");
SET_SUCCESS
clean:
mpz_clear(seed);
mpz_clear(skey);
......@@ -377,31 +347,19 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
point Pkey = point_init();
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
if (status != 0) {
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("AES_decrypt failed with status %d");
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(errString, skey, 1024);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key");
LOG_ERROR(errString);
*errStatus = -10;
goto clean;
}
status = mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE);
CHECK_STATUS("mpz_set_str failed for private key");
signature_extract_public_key(Pkey, privateKeyMpz, curve);
......@@ -435,9 +393,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
SET_SUCCESS
clean:
mpz_clear(privateKeyMpz);
point_clear(Pkey);
point_clear(Pkey_test);
......@@ -466,12 +422,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != 0) {
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
LOG_ERROR(status);
goto clean;
}
CHECK_STATUS2("aes decrypt failed with status %d");
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
......@@ -523,8 +474,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*sig_v = sign->v;
*errStatus = 0;
SET_SUCCESS
clean:
mpz_clear(privateKeyMpz);
......@@ -544,26 +494,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR;
int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
if (stat != 0) {
*errStatus = stat;
snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
LOG_ERROR(errString);
goto clean;
}
int status = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
CHECK_STATUS2("AES encrypt failed with status %d");
*enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
if (stat != 0) {
*errStatus = stat;
snprintf(errString, BUF_LEN, "trustedDecryptKey failed with status %d", stat);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("trustedDecryptKey failed with status %d");
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
......@@ -581,8 +522,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
goto clean;
}
*errStatus = 0;
SET_SUCCESS
clean:
;
}
......@@ -591,7 +531,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encryptedPrivateKey);
......@@ -619,19 +558,15 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
}
SET_SUCCESS
clean:
;
}
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
INIT_ERROR_STATE
CHECK_STATE(encryptedPrivateKey);
CHECK_STATE(_hashX);
......@@ -642,12 +577,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
if (status != 0) {
*errStatus = status;
strncpy(errString, "AES decrypt failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS("AES decrypt failed")
enclave_sign(key, _hashX, _hashY, sig);
......@@ -661,37 +591,26 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
}
SET_SUCCESS
clean:
;
}
void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_dkg_secret);
SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH);
int status = gen_dkg_poly(dkg_secret, _t);
if (gen_dkg_poly(dkg_secret, _t) != 0) {
*errStatus = -1;
strncpy(errString, "gen_dkg_poly failed", BUF_LEN);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS("gen_dkg_poly failed")
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
CHECK_STATUS("SGX AES encrypt DKG poly failed");
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
......@@ -699,12 +618,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
CHECK_STATUS("aes decrypt dkg poly failed");
if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(errString, BUF_LEN,
......@@ -715,7 +630,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
}
SET_SUCCESS
clean:
;
}
......@@ -724,23 +638,16 @@ void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint32_t enc_len,
uint8_t *decrypted_dkg_secret) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
LOG_DEBUG(__FUNCTION__);
CHECK_STATE(encrypted_dkg_secret);
CHECK_STATE(decrypted_dkg_secret);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
3072);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d")
SET_SUCCESS
......@@ -750,25 +657,19 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(encrypted_poly);
memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
*errStatus = 0;
CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d")
SET_SUCCESS
clean:
;
}
......@@ -778,12 +679,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
uint8_t ind) {
LOG_DEBUG(__FUNCTION__);
INIT_ERROR_STATE
uint32_t enc_len;
int status;
INIT_ERROR_STATE
CHECK_STATE(encrypted_skey);
CHECK_STATE(result_str);
CHECK_STATE(s_shareG2);
......@@ -797,24 +697,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (status != 0) {
snprintf(errString, BUF_LEN, "trustedGenerateEcdsaKeyAES failed");
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d",
status);
LOG_ERROR(errString);
*errStatus = status;
goto clean;
}
CHECK_STATUS2("AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d");
*dec_len = enc_len;
......@@ -823,19 +712,12 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
if (calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind) != 0) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "calc secret share failed");
LOG_ERROR(errString);
goto clean;
}
status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
CHECK_STATUS("calc secret share failed")
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "invalid decr secret share");
LOG_ERROR(errString);
goto clean;
}
status = calc_secret_shareG2(s_share, s_shareG2);
CHECK_STATUS("invalid decr secret share");
SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
xor_encrypt(common_key, s_share, cypher);
......@@ -853,7 +735,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -866,19 +748,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
DKG_MAX_SEALED_LEN);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d");
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
LOG_ERROR(errString);
goto clean;
}
status = calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0;
CHECK_STATUS("t does not match polynomial in db");
SET_SUCCESS
......@@ -888,7 +761,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
......@@ -903,12 +776,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status;
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
......@@ -922,28 +790,24 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decr secret share");
LOG_ERROR(errString);
goto clean;
}
status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind);
SET_SUCCESS
clean:
mpz_clear(s);
}
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__);
*errString = 0;
*errStatus = UNKNOWN_ERROR;
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(s_shares);
CHECK_STATE(encryptedPrivateKey);
......@@ -964,12 +828,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("aes decrypt failed with status %d");
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -1024,12 +883,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
*enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
......@@ -1054,21 +908,14 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
LOG_ERROR(errString);
goto clean;
}
CHECK_STATUS2("AES decrypt failed %d");
skey_hex[ECDSA_SKEY_LEN - 1] = 0;
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "could not calculate bls public key");
LOG_ERROR(errString);
goto clean;
}
status = calc_bls_public_key(skey_hex, bls_pub_key);
CHECK_STATUS("could not calculate bls public key");
SET_SUCCESS
clean:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment