Skip to content

S
sgxwallet
Unverified Commit 7509141e authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #125 from skalenetwork/SKALE-2879-improve-sgxwallet-performance 

Skale 2879 improve sgxwallet performance
parents 3d595711 83c2e7f1
Hide whitespace changes
Inline Side-by-side
Showing with 151 additions and 124 deletions
secure_enclave/secure_enclave.c
View file @ 7509141e
...@@ -70,10 +70,10 @@ void *reallocate_function(void *, size_t, size_t); ...@@ -70,10 +70,10 @@ void *reallocate_function(void *, size_t, size_t);
void free_function(void *, size_t); void free_function(void *, size_t);
unsigned char* globalRandom; unsigned char *globalRandom;
void trustedEnclaveInit(uint32_t _logLevel) { void trustedEnclaveInit(uint32_t _logLevel) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
globalLogLevel_ = _logLevel; globalLogLevel_ = _logLevel;
...@@ -84,7 +84,7 @@ void trustedEnclaveInit(uint32_t _logLevel) { ...@@ -84,7 +84,7 @@ void trustedEnclaveInit(uint32_t _logLevel) {
mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func); mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
globalRandom = (unsigned char *) calloc(32,1); globalRandom = (unsigned char *) calloc(32, 1);
sgx_read_rand(globalRandom, 32); sgx_read_rand(globalRandom, 32);
...@@ -129,7 +129,7 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) { ...@@ -129,7 +129,7 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
return (void *) nptr; return (void *) nptr;
} }
void get_global_random(unsigned char* _randBuff, uint64_t _size) { void get_global_random(unsigned char *_randBuff, uint64_t _size) {
assert(_size <= 32); assert(_size <= 32);
sgx_sha_state_handle_t shaStateHandle; sgx_sha_state_handle_t shaStateHandle;
assert(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS); assert(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
...@@ -150,8 +150,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} ...@@ -150,8 +150,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *errString, void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
...@@ -219,8 +219,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -219,8 +219,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
} }
void trustedGetPublicEcdsaKey(int *errStatus, char *errString, void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
...@@ -296,13 +296,13 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -296,13 +296,13 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
} }
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len, void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char* arrR = NULL; char *arrR = NULL;
char* arrS = NULL; char *arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1); char *privateKey = calloc(ECDSA_SKEY_LEN, 1);
signature sign = signature_init(); signature sign = signature_init();
...@@ -312,15 +312,15 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -312,15 +312,15 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
if (!hash) { if (!hash) {
*errStatus = 1; *errStatus = 1;
char* msg = "NULL message hash"; char *msg = "NULL message hash";
LOG_ERROR(msg); LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg); snprintf(errString, BUF_LEN, msg);
goto clean; goto clean;
} }
if (strnlen(hash, 64 ) > 64) { if (strnlen(hash, 64) > 64) {
*errStatus = 2; *errStatus = 2;
char* msg = "Hash too long"; char *msg = "Hash too long";
LOG_ERROR(msg); LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg); snprintf(errString, BUF_LEN, msg);
goto clean; goto clean;
...@@ -343,16 +343,16 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -343,16 +343,16 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
} }
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *)privateKey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) privateKey, &dec_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, snprintf(errString, BUF_LEN,
"sgx_unseal_data failed for encryptedPrivateKey:status %d", status); "sgx_unseal_data failed for encryptedPrivateKey:status %d", status);
LOG_ERROR(errString); LOG_ERROR(errString);
goto clean; goto clean;
} }
mpz_t privateKeyMpz; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz); mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
...@@ -373,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -373,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1); arrR = calloc(mpz_sizeinbase(sign->r, base) + 2, 1);
mpz_get_str(arrR, base, sign->r); mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024); strncpy(sigR, arrR, 1024);
arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
...@@ -387,12 +387,12 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -387,12 +387,12 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
mpz_clear(msgMpz); mpz_clear(msgMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
point_clear(publicKey); point_clear(publicKey);
signature_free(sign); signature_free(sign);
if (privateKey) { if (privateKey) {
free(privateKey); free(privateKey);
} }
if (arrR) { if (arrR) {
free(arrR); free(arrR);
...@@ -406,8 +406,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -406,8 +406,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
} }
void trustedEncryptKey(int *errStatus, char *errString, const char *key, void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
...@@ -415,11 +415,11 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key, ...@@ -415,11 +415,11 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG; *errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; return;
} }
memset(encryptedPrivateKey, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
...@@ -461,8 +461,8 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key, ...@@ -461,8 +461,8 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
} }
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint32_t decLen; uint32_t decLen;
...@@ -496,9 +496,9 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -496,9 +496,9 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
} }
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char key[BUF_LEN]; char key[BUF_LEN];
char *sig = (char *) calloc(BUF_LEN, 1); char *sig = (char *) calloc(BUF_LEN, 1);
...@@ -525,7 +525,7 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -525,7 +525,7 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
} }
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH]; char dkg_secret[DKG_BUFER_LENGTH];
...@@ -550,9 +550,10 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg ...@@ -550,9 +550,10 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
*enc_len = sealedLen; *enc_len = sealedLen;
} }
void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, void
trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
...@@ -568,9 +569,9 @@ void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted ...@@ -568,9 +569,9 @@ void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted
} }
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares, char *secret_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
...@@ -588,13 +589,14 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_ ...@@ -588,13 +589,14 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_
} }
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *)decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret,
&decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
free(decrypted_dkg_secret); free(decrypted_dkg_secret);
...@@ -626,8 +628,9 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp ...@@ -626,8 +628,9 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
} }
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
LOG_DEBUG (__FUNCTION__); uint8_t ind) {
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
char pub_key_x[BUF_LEN]; char pub_key_x[BUF_LEN];
...@@ -656,7 +659,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en ...@@ -656,7 +659,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
char *common_key[ECDSA_SKEY_LEN]; char *common_key[ECDSA_SKEY_LEN];
gen_session_key(skey, pub_keyB, common_key); gen_session_key(skey, pub_keyB, common_key);
char *s_share[ECDSA_SKEY_LEN]; ; char *s_share[ECDSA_SKEY_LEN];;
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1; *errStatus = -1;
...@@ -685,9 +688,9 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en ...@@ -685,9 +688,9 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
} }
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len, uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) { char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len; uint32_t decr_len;
...@@ -702,7 +705,7 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte ...@@ -702,7 +705,7 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
...@@ -750,8 +753,9 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares ...@@ -750,8 +753,9 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
} }
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
LOG_DEBUG (__FUNCTION__); uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
...@@ -842,8 +846,9 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -842,8 +846,9 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
mpz_clear(q); mpz_clear(q);
} }
void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
LOG_DEBUG (__FUNCTION__); char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; char skey_hex[ECDSA_SKEY_LEN];
...@@ -865,8 +870,8 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -865,8 +870,8 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
} }
void trustedGenerateSEK(int *errStatus, char *errString, void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE]; uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE); sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
...@@ -880,7 +885,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -880,7 +885,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
AES_key[i] = SEK_raw[i]; AES_key[i] = SEK_raw[i];
} }
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *)SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed"); snprintf(errString, BUF_LEN, "seal SEK failed");
...@@ -892,7 +897,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -892,7 +897,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
} }
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2]; uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2); memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2);
...@@ -910,15 +915,15 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint ...@@ -910,15 +915,15 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
} }
void trustedSetSEK_backup(int *errStatus, char *errString, void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
uint64_t len; uint64_t len;
hex2carray(SEK_hex, &len, (uint8_t *) AES_key); hex2carray(SEK_hex, &len, (uint8_t *) AES_key);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1); uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1);
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *)SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *) SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
...@@ -930,8 +935,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -930,8 +935,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
} }
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
...@@ -998,7 +1003,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -998,7 +1003,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str); stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) { if (stat != 0) {
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
*errStatus = stat; *errStatus = stat;
...@@ -1016,8 +1024,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1016,8 +1024,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
} }
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
...@@ -1106,12 +1114,19 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1106,12 +1114,19 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
point_clear(Pkey_test); point_clear(Pkey_test);
} }
static uint64_t sigCounter = 0;
static domain_parameters ecdsaCurve = NULL;
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
if (!ecdsaCurve) {
ecdsaCurve = domain_parameters_init();
domain_parameters_load_curve(ecdsaCurve, secp256k1);
}
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -1120,9 +1135,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1120,9 +1135,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
domain_parameters_clear(curve);
return; return;
} }
...@@ -1135,10 +1147,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1135,10 +1147,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid secret key");
LOG_ERROR(skey); LOG_ERROR(skey);
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return; return;
} }
...@@ -1150,30 +1159,36 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1150,30 +1159,36 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
domain_parameters_clear(curve);
return; return;
} }
signature sign = signature_init(); signature sign = signature_init();
signature_sign(sign, msgMpz, privateKeyMpz, curve); signature_sign(sign, msgMpz, privateKeyMpz, ecdsaCurve);
point Pkey = point_init(); sigCounter++;
signature_extract_public_key(Pkey, privateKeyMpz, curve); if (sigCounter % 1000 == 0) {
if (!signature_verify(msgMpz, sign, Pkey, curve)) { point Pkey = point_init();
*errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! ");
mpz_clear(privateKeyMpz); signature_extract_public_key(Pkey, privateKeyMpz, ecdsaCurve);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
return; if (!signature_verify(msgMpz, sign, Pkey, ecdsaCurve)) {
*errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! ");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(ecdsaCurve);
signature_free(sign);
point_clear(Pkey);
return;
}
point_clear(Pkey);
} }
char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
...@@ -1192,14 +1207,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1192,14 +1207,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign); signature_free(sign);
point_clear(Pkey);
} }
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
...@@ -1245,7 +1258,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -1245,7 +1258,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
} }
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
*errStatus = -9; *errStatus = -9;
...@@ -1272,9 +1285,9 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -1272,9 +1285,9 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
} }
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char key[BUF_LEN]; char key[BUF_LEN];
memset(key, 0, BUF_LEN); memset(key, 0, BUF_LEN);
...@@ -1301,7 +1314,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -1301,7 +1314,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
void void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH]; char dkg_secret[DKG_BUFER_LENGTH];
memset(dkg_secret, 0, DKG_BUFER_LENGTH); memset(dkg_secret, 0, DKG_BUFER_LENGTH);
...@@ -1342,11 +1355,12 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s ...@@ -1342,11 +1355,12 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
} }
void void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len) { uint8_t *decrypted_dkg_secret,
LOG_DEBUG (__FUNCTION__); uint32_t *dec_len) {
LOG_DEBUG(__FUNCTION__);
int status = AES_decrypt(encrypted_dkg_secret, *dec_len, (char *)decrypted_dkg_secret); int status = AES_decrypt(encrypted_dkg_secret, *dec_len, (char *) decrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
...@@ -1356,10 +1370,10 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d ...@@ -1356,10 +1370,10 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
} }
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) { void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, *enc_len, (char *)decryptedDkgPoly); int status = AES_decrypt(encrypted_poly, *enc_len, (char *) decryptedDkgPoly);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
...@@ -1369,7 +1383,8 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc ...@@ -1369,7 +1383,8 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
} }
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) {
LOG_DEBUG(__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -1390,7 +1405,8 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -1390,7 +1405,8 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d",
status);
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -1431,9 +1447,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -1431,9 +1447,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
} }
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN); memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN);
...@@ -1458,8 +1474,8 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt ...@@ -1458,8 +1474,8 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
} }
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN); memset(skey, 0, ECDSA_SKEY_LEN);
...@@ -1511,8 +1527,9 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha ...@@ -1511,8 +1527,9 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
} }
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
LOG_DEBUG (__FUNCTION__); uint32_t *enc_bls_key_len) {
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, key_len, skey); int status = AES_decrypt(encryptedPrivateKey, key_len, skey);
...@@ -1623,8 +1640,9 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1623,8 +1640,9 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
} }
void void
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
LOG_DEBUG (__FUNCTION__); char *bls_pub_key) {
LOG_DEBUG(__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; char skey_hex[ECDSA_SKEY_LEN];
......
testw.cpp
View file @ 7509141e
...@@ -71,7 +71,7 @@ public: ...@@ -71,7 +71,7 @@ public:
TestFixture() { TestFixture() {
TestUtils::resetDB(); TestUtils::resetDB();
setOptions(false, false, false, true); setOptions(false, false, false, true);
initAll(0, false, true); initAll(2, false, true);
} }
~TestFixture() { ~TestFixture() {
...@@ -111,9 +111,15 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig ...@@ -111,9 +111,15 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
vector<char> signatureS(BUF_LEN, 0); vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0; uint8_t signatureV = 0;
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, (unsigned char *) hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
(unsigned char *) hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
} }
...@@ -138,10 +144,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes ...@@ -138,10 +144,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes
vector<char> signatureS(BUF_LEN, 0); vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0; uint8_t signatureV = 0;
status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
(unsigned char *) hex.data(), for (int i=0; i < 50; i++) {
signatureR.data(), status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
signatureS.data(), &signatureV, 16); (unsigned char *) hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
}
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment