Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
sgxwallet
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
董子豪
sgxwallet
Commits
725a9722
Unverified
Commit
725a9722
authored
Aug 14, 2020
by
kladko
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
SKALE-3067-cleanup-sgx
parent
88c53da9
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
71 additions
and
224 deletions
+71
-224
secure_enclave.c
secure_enclave/secure_enclave.c
+71
-224
No files found.
secure_enclave/secure_enclave.c
View file @
725a9722
...
...
@@ -58,9 +58,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define SAFE_FREE(__X__) if (!__X__) {free(__X__); __X__ = NULL;}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
...
...
@@ -84,21 +81,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*errStatus = -1; \
goto clean;}
#define CHECK_STATUS(__
STATUS__, __ERRMESSAGE__) if (__STATUS__
!= SGX_SUCCESS) { \
#define CHECK_STATUS(__
ERRMESSAGE__) if (status
!= SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
}
}
;
#define CHECK_STATUS2(__
STATUS__, __ERRMESSAGE__, __PARAM__) if (__STATUS__
!= SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__,
__PARAM__
); \
#define CHECK_STATUS2(__
ERRMESSAGE__) if (status
!= SGX_SUCCESS) { \
snprintf(errString, BUF_LEN, __ERRMESSAGE__,
status
); \
LOG_ERROR(errString); \
*errStatus = status; \
goto clean; \
}
};
void
*
(
*
gmp_realloc_func
)(
void
*
,
size_t
,
size_t
);
...
...
@@ -171,7 +167,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return
(
void
*
)
nptr
;
}
void
get_global_random
(
unsigned
char
*
_randBuff
,
uint64_t
_size
)
{
char
errString
[
BUF_LEN
];
...
...
@@ -184,7 +179,6 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
CHECK_STATE
(
_size
<=
32
)
CHECK_STATE
(
_randBuff
);
sgx_sha_state_handle_t
shaStateHandle
;
CHECK_STATE
(
sgx_sha256_init
(
&
shaStateHandle
)
==
SGX_SUCCESS
);
...
...
@@ -199,15 +193,12 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
void
trustedGenerateSEK
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_SEK
,
uint32_t
*
enc_len
,
char
*
SEK_hex
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_SEK
);
CHECK_STATE
(
SEK_hex
);
CHECK_STATE
(
encrypted_SEK
);
CHECK_STATE
(
SEK_hex
);
SAFE_CHAR_BUF
(
SEK_raw
,
SGX_AESGCM_KEY_SIZE
);;
...
...
@@ -222,7 +213,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
sgx_status_t
status
=
sgx_seal_data
(
0
,
NULL
,
hex_aes_key_length
+
1
,
(
uint8_t
*
)
SEK_hex
,
sealedLen
,
(
sgx_sealed_data_t
*
)
encrypted_SEK
);
CHECK_STATUS
(
status
,
"seal SEK failed"
);
CHECK_STATUS
(
"seal SEK failed"
);
*
enc_len
=
sealedLen
;
...
...
@@ -232,7 +223,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
}
void
trustedSetSEK
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_SEK
,
uint64_t
encr_len
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_SEK
);
SAFE_CHAR_BUF
(
aes_key_hex
,
BUF_LEN
);
...
...
@@ -240,21 +231,20 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
sgx_status_t
status
=
sgx_unseal_data
(
(
const
sgx_sealed_data_t
*
)
encrypted_SEK
,
NULL
,
0
,
aes_key_hex
,
&
encr_len
);
CHECK_STATUS2
(
status
,
"sgx unseal SEK failed with status %d"
,
status
);
CHECK_STATUS2
(
"sgx unseal SEK failed with status %d"
);
uint64_t
len
;
hex2carray
(
aes_key_hex
,
&
len
,
(
uint8_t
*
)
AES_key
);
SET_SUCCESS
clean:
;
}
void
trustedSetSEK_backup
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_SEK
,
uint32_t
*
enc_len
,
const
char
*
SEK_hex
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_SEK
);
...
...
@@ -267,26 +257,19 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
sgx_status_t
status
=
sgx_seal_data
(
0
,
NULL
,
strlen
(
SEK_hex
)
+
1
,
(
uint8_t
*
)
SEK_hex
,
sealedLen
,
(
sgx_sealed_data_t
*
)
encrypted_SEK
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"seal SEK failed with status %d"
,
status
);
*
errStatus
=
status
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"seal SEK failed with status %d"
)
*
enc_len
=
sealedLen
;
SET_SUCCESS
clean:
;
}
void
trustedGenerateEcdsaKeyAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encryptedPrivateKey
,
uint32_t
*
enc_len
,
char
*
pub_key_x
,
char
*
pub_key_y
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encryptedPrivateKey
);
...
...
@@ -302,7 +285,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
point
Pkey
=
point_init
();
get_global_random
(
rand_char
,
32
);
mpz_import
(
seed
,
32
,
1
,
sizeof
(
rand_char
[
0
]),
0
,
0
,
rand_char
);
...
...
@@ -338,28 +320,16 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
skey_str
[
ECDSA_SKEY_LEN
-
1
]
=
0
;
snprintf
(
errString
,
BUF_LEN
,
"skey len is %d
\n
"
,
strlen
(
skey_str
));
int
stat
=
AES_encrypt
(
skey_str
,
encryptedPrivateKey
,
BUF_LEN
);
if
(
stat
!=
0
)
{
snprintf
(
errString
,
BUF_LEN
,
"ecdsa private key encryption failed"
);
*
errStatus
=
stat
;
LOG_ERROR
(
errString
);
goto
clean
;
}
int
status
=
AES_encrypt
(
skey_str
,
encryptedPrivateKey
,
BUF_LEN
);
CHECK_STATUS
(
"ecdsa private key encryption failed"
);
*
enc_len
=
strlen
(
skey_str
)
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
;
stat
=
AES_decrypt
(
encryptedPrivateKey
,
*
enc_len
,
skey_str
,
ECDSA_SKEY_LEN
);
stat
us
=
AES_decrypt
(
encryptedPrivateKey
,
*
enc_len
,
skey_str
,
ECDSA_SKEY_LEN
);
if
(
stat
!=
0
)
{
snprintf
(
errString
,
BUF_LEN
,
"ecdsa private key decr failed with status %d"
,
stat
);
*
errStatus
=
stat
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"ecdsa private key decr failed with status %d"
);
SET_SUCCESS
clean:
mpz_clear
(
seed
);
mpz_clear
(
skey
);
...
...
@@ -377,31 +347,19 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
SAFE_CHAR_BUF
(
skey
,
ECDSA_SKEY_LEN
);
mpz_t
privateKeyMpz
;
mpz_init
(
privateKeyMpz
);
point
Pkey
=
point_init
();
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
enc_len
,
skey
,
ECDSA_SKEY_LEN
);
skey
[
enc_len
-
SGX_AESGCM_MAC_SIZE
-
SGX_AESGCM_IV_SIZE
]
=
'\0'
;
if
(
status
!=
0
)
{
snprintf
(
errString
,
BUF_LEN
,
"AES_decrypt failed with status %d"
,
status
);
*
errStatus
=
status
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"AES_decrypt failed with status %d"
);
skey
[
enc_len
-
SGX_AESGCM_MAC_SIZE
-
SGX_AESGCM_IV_SIZE
]
=
'\0'
;
strncpy
(
errString
,
skey
,
1024
);
if
(
mpz_set_str
(
privateKeyMpz
,
skey
,
ECDSA_SKEY_BASE
)
==
-
1
)
{
snprintf
(
errString
,
BUF_LEN
,
"wrong string to init private key"
);
LOG_ERROR
(
errString
);
*
errStatus
=
-
10
;
goto
clean
;
}
status
=
mpz_set_str
(
privateKeyMpz
,
skey
,
ECDSA_SKEY_BASE
);
CHECK_STATUS
(
"mpz_set_str failed for private key"
);
signature_extract_public_key
(
Pkey
,
privateKeyMpz
,
curve
);
...
...
@@ -435,9 +393,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
strncpy
(
pub_key_y
+
n_zeroes
,
arr_y
,
1024
-
n_zeroes
);
SET_SUCCESS
clean:
mpz_clear
(
privateKeyMpz
);
point_clear
(
Pkey
);
point_clear
(
Pkey_test
);
...
...
@@ -466,12 +422,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
enc_len
,
skey
,
ECDSA_SKEY_LEN
);
if
(
status
!=
0
)
{
*
errStatus
=
status
;
snprintf
(
errString
,
BUF_LEN
,
"aes decrypt failed with status %d"
,
status
);
LOG_ERROR
(
status
);
goto
clean
;
}
CHECK_STATUS2
(
"aes decrypt failed with status %d"
);
skey
[
enc_len
-
SGX_AESGCM_MAC_SIZE
-
SGX_AESGCM_IV_SIZE
]
=
'\0'
;
...
...
@@ -523,8 +474,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*
sig_v
=
sign
->
v
;
*
errStatus
=
0
;
SET_SUCCESS
clean:
mpz_clear
(
privateKeyMpz
);
...
...
@@ -544,26 +494,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*
errStatus
=
UNKNOWN_ERROR
;
int
stat
=
AES_encrypt
(
key
,
encryptedPrivateKey
,
BUF_LEN
);
if
(
stat
!=
0
)
{
*
errStatus
=
stat
;
snprintf
(
errString
,
BUF_LEN
,
"AES encrypt failed with status %d"
,
stat
);
LOG_ERROR
(
errString
);
goto
clean
;
}
int
status
=
AES_encrypt
(
key
,
encryptedPrivateKey
,
BUF_LEN
);
CHECK_STATUS2
(
"AES encrypt failed with status %d"
);
*
enc_len
=
strlen
(
key
)
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
;
SAFE_CHAR_BUF
(
decryptedKey
,
BUF_LEN
);
stat
=
AES_decrypt
(
encryptedPrivateKey
,
*
enc_len
,
decryptedKey
,
BUF_LEN
);
stat
us
=
AES_decrypt
(
encryptedPrivateKey
,
*
enc_len
,
decryptedKey
,
BUF_LEN
);
if
(
stat
!=
0
)
{
*
errStatus
=
stat
;
snprintf
(
errString
,
BUF_LEN
,
"trustedDecryptKey failed with status %d"
,
stat
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"trustedDecryptKey failed with status %d"
);
uint64_t
decryptedKeyLen
=
strnlen
(
decryptedKey
,
MAX_KEY_LENGTH
);
...
...
@@ -581,8 +522,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
goto
clean
;
}
*
errStatus
=
0
;
SET_SUCCESS
clean:
;
}
...
...
@@ -591,7 +531,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
uint32_t
enc_len
,
char
*
key
)
{
LOG_DEBUG
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encryptedPrivateKey
);
...
...
@@ -619,19 +558,15 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
}
SET_SUCCESS
clean:
;
}
void
trustedBlsSignMessageAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encryptedPrivateKey
,
uint32_t
enc_len
,
char
*
_hashX
,
char
*
_hashY
,
char
*
signature
)
{
LOG_DEBUG
(
__FUNCTION__
);
*
errString
=
0
;
*
errStatus
=
UNKNOWN_ERROR
;
INIT_ERROR_STATE
CHECK_STATE
(
encryptedPrivateKey
);
CHECK_STATE
(
_hashX
);
...
...
@@ -642,12 +577,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
enc_len
,
key
,
BUF_LEN
);
if
(
status
!=
0
)
{
*
errStatus
=
status
;
strncpy
(
errString
,
"AES decrypt failed"
,
BUF_LEN
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS
(
"AES decrypt failed"
)
enclave_sign
(
key
,
_hashX
,
_hashY
,
sig
);
...
...
@@ -661,37 +591,26 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
}
SET_SUCCESS
clean:
;
}
void
trustedGenDkgSecretAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_dkg_secret
,
uint32_t
*
enc_len
,
size_t
_t
)
{
LOG_DEBUG
(
__FUNCTION__
);
LOG_INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_dkg_secret
);
SAFE_CHAR_BUF
(
dkg_secret
,
DKG_BUFER_LENGTH
);
int
status
=
gen_dkg_poly
(
dkg_secret
,
_t
);
if
(
gen_dkg_poly
(
dkg_secret
,
_t
)
!=
0
)
{
*
errStatus
=
-
1
;
strncpy
(
errString
,
"gen_dkg_poly failed"
,
BUF_LEN
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS
(
"gen_dkg_poly failed"
)
int
status
=
AES_encrypt
(
dkg_secret
,
encrypted_dkg_secret
,
3
*
BUF_LEN
);
status
=
AES_encrypt
(
dkg_secret
,
encrypted_dkg_secret
,
3
*
BUF_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"SGX AES encrypt DKG poly failed"
);
LOG_ERROR
(
errString
);
*
errStatus
=
status
;
goto
clean
;
}
CHECK_STATUS
(
"SGX AES encrypt DKG poly failed"
);
*
enc_len
=
strlen
(
dkg_secret
)
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
;
...
...
@@ -699,12 +618,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
status
=
AES_decrypt
(
encrypted_dkg_secret
,
*
enc_len
,
decr_dkg_secret
,
DKG_BUFER_LENGTH
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"aes decrypt dkg poly failed"
);
LOG_ERROR
(
errString
);
*
errStatus
=
status
;
goto
clean
;
}
CHECK_STATUS
(
"aes decrypt dkg poly failed"
);
if
(
strcmp
(
dkg_secret
,
decr_dkg_secret
)
!=
0
)
{
snprintf
(
errString
,
BUF_LEN
,
...
...
@@ -715,7 +630,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
}
SET_SUCCESS
clean:
;
}
...
...
@@ -724,23 +638,16 @@ void
trustedDecryptDkgSecretAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_dkg_secret
,
uint32_t
enc_len
,
uint8_t
*
decrypted_dkg_secret
)
{
LOG_INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
LOG_DEBUG
(
__FUNCTION__
);
CHECK_STATE
(
encrypted_dkg_secret
);
CHECK_STATE
(
decrypted_dkg_secret
);
int
status
=
AES_decrypt
(
encrypted_dkg_secret
,
enc_len
,
(
char
*
)
decrypted_dkg_secret
,
3072
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"aes decrypt data - encrypted_dkg_secret failed with status %d"
,
status
);
LOG_ERROR
(
errString
);
*
errStatus
=
status
;
goto
clean
;
}
CHECK_STATUS2
(
"aes decrypt data - encrypted_dkg_secret failed with status %d"
)
SET_SUCCESS
...
...
@@ -750,25 +657,19 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
void
trustedSetEncryptedDkgPolyAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_poly
,
uint32_t
enc_len
)
{
LOG_DEBUG
(
__FUNCTION__
);
LOG_INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_poly
);
memset
(
getThreadLocalDecryptedDkgPoly
(),
0
,
DKG_BUFER_LENGTH
);
int
status
=
AES_decrypt
(
encrypted_poly
,
enc_len
,
(
char
*
)
getThreadLocalDecryptedDkgPoly
(),
DKG_BUFER_LENGTH
);
if
(
status
!=
SGX_SUCCESS
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"sgx_unseal_data - encrypted_poly failed with status %d"
,
status
);
LOG_ERROR
(
errString
);
goto
clean
;
}
*
errStatus
=
0
;
CHECK_STATUS2
(
"sgx_unseal_data - encrypted_poly failed with status %d"
)
SET_SUCCESS
clean:
;
}
...
...
@@ -778,12 +679,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
uint8_t
ind
)
{
LOG_DEBUG
(
__FUNCTION__
);
INIT_ERROR_STATE
uint32_t
enc_len
;
int
status
;
INIT_ERROR_STATE
CHECK_STATE
(
encrypted_skey
);
CHECK_STATE
(
result_str
);
CHECK_STATE
(
s_shareG2
);
...
...
@@ -797,24 +697,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
trustedGenerateEcdsaKeyAES
(
&
status
,
errString
,
encrypted_skey
,
&
enc_len
,
pub_key_x
,
pub_key_y
);
if
(
status
!=
0
)
{
snprintf
(
errString
,
BUF_LEN
,
"trustedGenerateEcdsaKeyAES failed"
);
*
errStatus
=
status
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS
(
"trustedGenerateEcdsaKeyAES failed"
);
status
=
AES_decrypt
(
encrypted_skey
,
enc_len
,
skey
,
ECDSA_SKEY_LEN
);
skey
[
ECDSA_SKEY_LEN
-
1
]
=
0
;
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d"
,
status
);
LOG_ERROR
(
errString
);
*
errStatus
=
status
;
goto
clean
;
}
CHECK_STATUS2
(
"AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d"
);
*
dec_len
=
enc_len
;
...
...
@@ -823,19 +712,12 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
SAFE_CHAR_BUF
(
s_share
,
ECDSA_SKEY_LEN
);
if
(
calc_secret_share
(
getThreadLocalDecryptedDkgPoly
(),
s_share
,
_t
,
_n
,
ind
)
!=
0
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"calc secret share failed"
);
LOG_ERROR
(
errString
);
goto
clean
;
}
status
=
calc_secret_share
(
getThreadLocalDecryptedDkgPoly
(),
s_share
,
_t
,
_n
,
ind
);
CHECK_STATUS
(
"calc secret share failed"
)
if
(
calc_secret_shareG2
(
s_share
,
s_shareG2
)
!=
0
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"invalid decr secret share"
);
LOG_ERROR
(
errString
);
goto
clean
;
}
status
=
calc_secret_shareG2
(
s_share
,
s_shareG2
);
CHECK_STATUS
(
"invalid decr secret share"
);
SAFE_CHAR_BUF
(
cypher
,
ECDSA_SKEY_LEN
);
xor_encrypt
(
common_key
,
s_share
,
cypher
);
...
...
@@ -853,7 +735,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
void
trustedGetPublicSharesAES
(
int
*
errStatus
,
char
*
errString
,
uint8_t
*
encrypted_dkg_secret
,
uint32_t
enc_len
,
char
*
public_shares
,
unsigned
_t
,
unsigned
_n
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
...
...
@@ -866,19 +748,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
int
status
=
AES_decrypt
(
encrypted_dkg_secret
,
enc_len
,
decrypted_dkg_secret
,
DKG_MAX_SEALED_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"aes decrypt data - encrypted_dkg_secret failed with status %d"
,
status
);
*
errStatus
=
status
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"aes decrypt data - encrypted_dkg_secret failed with status %d"
);
if
(
calc_public_shares
(
decrypted_dkg_secret
,
public_shares
,
_t
)
!=
0
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"t does not match polynomial in db"
);
LOG_ERROR
(
errString
);
goto
clean
;
}
status
=
calc_public_shares
(
decrypted_dkg_secret
,
public_shares
,
_t
)
!=
0
;
CHECK_STATUS
(
"t does not match polynomial in db"
);
SET_SUCCESS
...
...
@@ -888,7 +761,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
void
trustedDkgVerifyAES
(
int
*
errStatus
,
char
*
errString
,
const
char
*
public_shares
,
const
char
*
s_share
,
uint8_t
*
encryptedPrivateKey
,
uint64_t
enc_len
,
unsigned
_t
,
int
_ind
,
int
*
result
)
{
LOG_
DEBUG
(
__FUNCTION__
);
LOG_
INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
...
...
@@ -903,12 +776,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
enc_len
,
skey
,
ECDSA_SKEY_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
snprintf
(
errString
,
BUF_LEN
,
"AES_decrypt failed (in trustedDkgVerifyAES) with status %d"
,
status
);
*
errStatus
=
status
;
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"AES_decrypt failed (in trustedDkgVerifyAES) with status %d"
);
SAFE_CHAR_BUF
(
encr_sshare
,
ECDSA_SKEY_LEN
);
...
...
@@ -922,28 +790,24 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
xor_decrypt
(
common_key
,
encr_sshare
,
decr_sshare
);
if
(
mpz_set_str
(
s
,
decr_sshare
,
16
)
==
-
1
)
{
*
errStatus
=
1
;
snprintf
(
errString
,
BUF_LEN
,
"invalid decr secret share"
);
LOG_ERROR
(
errString
);
goto
clean
;
}
status
=
mpz_set_str
(
s
,
decr_sshare
,
16
);
CHECK_STATUS
(
"invalid decr secret share"
);
*
result
=
Verification
(
public_shares
,
s
,
_t
,
_ind
);
SET_SUCCESS
clean:
mpz_clear
(
s
);
}
void
trustedCreateBlsKeyAES
(
int
*
errStatus
,
char
*
errString
,
const
char
*
s_shares
,
uint8_t
*
encryptedPrivateKey
,
uint64_t
key_len
,
uint8_t
*
encr_bls_key
,
uint32_t
*
enc_bls_key_len
)
{
LOG_DEBUG
(
__FUNCTION__
);
*
errString
=
0
;
*
errStatus
=
UNKNOWN_ERROR
;
LOG_INFO
(
__FUNCTION__
);
INIT_ERROR_STATE
CHECK_STATE
(
s_shares
);
CHECK_STATE
(
encryptedPrivateKey
);
...
...
@@ -964,12 +828,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
key_len
,
skey
,
ECDSA_SKEY_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
*
errStatus
=
status
;
snprintf
(
errString
,
BUF_LEN
,
"aes decrypt failed with status %d"
,
status
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"aes decrypt failed with status %d"
);
skey
[
ECDSA_SKEY_LEN
-
1
]
=
0
;
...
...
@@ -1024,12 +883,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
status
=
AES_encrypt
(
key_share
,
encr_bls_key
,
BUF_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"aes encrypt bls private key failed with status %d "
,
status
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"aes encrypt bls private key failed with status %d "
);
*
enc_bls_key_len
=
strlen
(
key_share
)
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
;
...
...
@@ -1054,21 +908,14 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
SAFE_CHAR_BUF
(
skey_hex
,
ECDSA_SKEY_LEN
);
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
key_len
,
skey_hex
,
ECDSA_SKEY_LEN
);
if
(
status
!=
SGX_SUCCESS
)
{
*
errStatus
=
1
;
snprintf
(
errString
,
BUF_LEN
,
"aes_decrypt failed with status %d"
,
status
);
LOG_ERROR
(
errString
);
goto
clean
;
}
CHECK_STATUS2
(
"AES decrypt failed %d"
);
skey_hex
[
ECDSA_SKEY_LEN
-
1
]
=
0
;
if
(
calc_bls_public_key
(
skey_hex
,
bls_pub_key
)
!=
0
)
{
*
errStatus
=
-
1
;
snprintf
(
errString
,
BUF_LEN
,
"could not calculate bls public key"
);
LOG_ERROR
(
errString
);
goto
clean
;
}
status
=
calc_bls_public_key
(
skey_hex
,
bls_pub_key
);
CHECK_STATUS
(
"could not calculate bls public key"
);
SET_SUCCESS
clean:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment