Skip to content

S
sgxwallet
Unverified Commit 83236f41 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge branch 'develop' into SKALE-2187-fix-docker-compose

parents 0d79249e 76a09304
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 1094 additions and 219 deletions
.github/CODEOWNERS
View file @ 83236f41
* @svetaro @olehnikolaiev @kladkogex
*.md @cstrangedk
\ No newline at end of file
* @olehnikolaiev @kladkogex
*.md @cstrangedk
BLSCrypto.cpp
View file @ 83236f41
......@@ -27,6 +27,7 @@
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "bls.h"
#include <bls/BLSutils.h>
#include "leveldb/db.h"
......@@ -53,6 +54,22 @@
#include "spdlog/spdlog.h"
#include "common.h"
std::string *FqToString(libff::alt_bn128_Fq*_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
int char2int(char _input) {
if (_input >= '0' && _input <= '9')
return _input - '0';
......@@ -132,7 +149,6 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
}
bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
......@@ -172,9 +188,131 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
//cerr<< "sig " << _sig <<endl;
return true;
}
bool sign_aes(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
//cerr << "ENTER SIGN" << endl;
auto keyStr = make_shared<string>(_encryptedKeyHex);
auto hash = make_shared<array<uint8_t, 32>>();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())){
throw RPCException(INVALID_HEX, "Invalid hash");
}
// assert(binLen == hash->size());
// auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
//
// //cerr << "keyShare created" << endl;
// // {
// auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
// // }
//
// auto sigShareStr = sigShare->toString();
//
// strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
shared_ptr<signatures::Bls> obj;
obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
obj->HashtoG1withHint(hash);
int errStatus = 0;
string* xStr = FqToString(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
string* yStr = FqToString(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature [BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
}
sgx_status_t status =
bls_sign_message_aes(eid, &errStatus, errMsg, encryptedKey,
sz, xStrArg, yStrArg, signature);
if (status != SGX_SUCCESS) {
cerr <<"SGX enclave call to bls_sign_message failed:" << status << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to bls_sign_message failed"));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
std::string sig = signature;
sig.append(":");
sig.append(hint);
strncpy(_sig, sig.c_str(), BUF_LEN);
printf("_sig is: %s\n", sig.c_str());
//string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
//strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
// string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
// auto sig_ptr = make_shared<string>(test_sig);
// strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
//cerr<< "sig " << _sig <<endl;
return true;
}
bool bls_sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
if (!is_aes){
return sign(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
else{
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
}
char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
char *keyArray = (char *) calloc(BUF_LEN, 1);
......
BLSCrypto.h
View file @ 83236f41
......@@ -36,7 +36,7 @@
//
//EXTERNC void init_enclave();
EXTERNC bool sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
size_t signerIndex, char* _sig);
EXTERNC int char2int(char _input);
......
DKGCrypto.cpp
View file @ 83236f41
......@@ -96,10 +96,17 @@ string gen_dkg_poly( int _t){
spdlog::info("in DKGCrypto encr len is {}", enc_len);
}
vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
uint64_t length = DKG_MAX_SEALED_LEN;
if (is_aes){
length = enc_len;
}
//vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
vector<char> hexEncrPoly(2 * length + 1, 0);
assert( encrypted_dkg_secret.size() >= length);
//carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data());
string result(hexEncrPoly.data());
return result;
......@@ -117,11 +124,13 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
}
char* public_shares = (char*)calloc(10000, 1);
memset(public_shares, 0, 10000);
// char public_shares[10000];
uint64_t enc_len = 0;
uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN * 2, 1);
memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN * 2);
//uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
if (!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
......@@ -129,16 +138,19 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
}
if (DEBUG_PRINT) {
//cerr << "hex_encr_poly is " << encryptedPolyHex << std::endl;
spdlog::info("hex_encr_poly length is {}", strlen(encryptedPolyHex));
spdlog::info("enc len {}", enc_len);
/*cerr << "encr raw poly: " << endl;
for ( int i = 0 ; i < 3050; i++)
printf(" %d ", encr_dkg_poly[i] );*/
// cerr << "encr raw poly: " << endl;
// for ( int i = 0 ; i < 3050; i++)
// printf(" %d ", encr_dkg_poly[i] );
}
uint32_t len;
if (!is_aes)
status = get_public_shares(eid, &err_status, errMsg1, encr_dkg_poly, len, public_shares, t, n);
else {
status = get_public_shares_aes(eid, &err_status, errMsg1, encr_dkg_poly, enc_len, public_shares, t, n);
}
if ( err_status != 0){
......@@ -174,15 +186,19 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
//char* errMsg1 = (char*) calloc(1024,1);
char errMsg1[BUF_LEN];
int err_status = 0;
char hexEncrKey[BUF_LEN];
memset(hexEncrKey, 0, BUF_LEN);
uint64_t enc_len = 0;
// uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN, 1);
uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN);
if(!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
}
std::cerr << "enc_len is " << enc_len << std::endl;
if (!is_aes)
status = set_encrypted_dkg_poly(eid, &err_status, errMsg1, encr_dkg_poly);
else
......@@ -194,18 +210,18 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
string result;
//char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
char hexEncrKey[2 * BUF_LEN];
for ( int i = 0; i < n; i++){
uint8_t encrypted_skey[BUF_LEN];
memset(encrypted_skey, 0, BUF_LEN);
uint32_t dec_len;
char cur_share[193];
char s_shareG2[320];
string pub_keyB = publicKeys.at(i);//publicKeys.substr(128*i, 128*i + 128);
if (DEBUG_PRINT) {
spdlog::info("pub_keyB is {}", pub_keyB);
}
// if (DEBUG_PRINT) {
// spdlog::info("pub_keyB is {}", pub_keyB);
// }
char pubKeyB[129];
strncpy(pubKeyB, pub_keyB.c_str(), 128);
pubKeyB[128] = 0;
......@@ -232,11 +248,14 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
if (DEBUG_PRINT) {
spdlog::info("dec len is {}", dec_len);
}
carray2Hex(encrypted_skey, dec_len, hexEncrKey);
string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + to_string(i) + ":";
// cerr << "hexEncrKey: " << hexEncrKey << endl;
cerr << "hexEncr DH Key: " << hexEncrKey << endl;
writeDataToDB(DHKey_name, hexEncrKey);
string shareG2_name = "shareG2_" + polyName + "_" + to_string(i) + ":";
......@@ -270,24 +289,27 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
uint64_t dec_key_len ;
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
}
int result;
if (DEBUG_PRINT) {
// cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
// cerr << "dec_key_len " << dec_key_len << endl;
// cerr << "encr_sshare length is " << strlen(encr_sshare) << endl; cerr << "public shares " << publicShares << endl;
cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
cerr << "dec_key_len " << dec_key_len << endl;
cerr << "encr_sshare length is " << strlen(encr_sshare) << endl;
//cerr << "public shares " << publicShares << endl;
spdlog::info("publicShares length is {}", char_traits<char>::length(publicShares));
}
char pshares[8193];
strncpy(pshares, publicShares, strlen(publicShares) + 1);
//cerr << "pshares " << pshares << endl;
memset(pshares, 0, 8193);
strncpy(pshares, publicShares, strlen(publicShares) );
dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
if (!is_aes)
dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
else
dkg_verification_aes(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
if (result == 2){
throw RPCException(INVALID_HEX, "Invalid public shares");
......@@ -313,7 +335,9 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
uint64_t dec_key_len ;
uint8_t encr_bls_key[BUF_LEN];
memset(encr_bls_key, 0, BUF_LEN);
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
}
......@@ -321,10 +345,15 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
uint32_t enc_bls_len = 0;
//cerr << "BEFORE create_bls_key IN ENCLAVE " << endl;
create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
if (!is_aes)
create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
else
create_bls_key_aes(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
//cerr << "AFTER create_bls_key IN ENCLAVE er msg is " << errMsg1 << endl;
if ( err_status != 0){
spdlog::info("ERROR IN ENCLAVE");
//spdlog::info("ERROR IN ENCLAVE with status {}", err_status);
spdlog::error(errMsg1);
spdlog::error("status {}", err_status);
throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
}
else {
......@@ -363,8 +392,13 @@ vector<string> GetBLSPubKey(const char * encryptedKeyHex){
if (DEBUG_PRINT) {
spdlog::info("dec_key_len is {}", dec_key_len);
}
get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
if (!is_aes)
get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
else
get_bls_pub_key_aes(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
if ( err_status != 0){
std::cerr << errMsg1 << " status is " << err_status << std::endl;
throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
}
vector<string> pub_key_vect = SplitString(pub_key, ':');
......@@ -396,12 +430,19 @@ string decrypt_DHKey(const string& polyName, int ind){
if (!hex2carray(hexEncrKey_ptr->c_str(), &DH_enc_len, encrypted_DHkey)){
throw RPCException(INVALID_HEX, "Invalid hexEncrKey");
}
if (DEBUG_PRINT) {
spdlog::info("encr DH key length is {}", DH_enc_len);
spdlog::info("hex encr DH key length is {}", hexEncrKey_ptr->length());
}
char DHKey[ECDSA_SKEY_LEN];
decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
if ( !is_aes)
decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
else
decrypt_key_aes(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
if (err_status != 0){
throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
throw RPCException(/*ERROR_IN_ENCLAVE*/ err_status, "decrypt key failed in enclave");
}
return DHKey;
......
DockerfileSimulation
View file @ 83236f41
......@@ -35,4 +35,4 @@ RUN make
RUN mkdir /usr/src/sdk/sgx_data
COPY docker/start.sh ./
ENTRYPOINT ["/usr/src/sdk/start.sh"]
ENTRYPOINT ["/usr/src/sdk/start.sh"]
\ No newline at end of file
ECDSACrypto.cpp
View file @ 83236f41
......@@ -53,17 +53,18 @@ std::vector<std::string> gen_ecdsa_key(){
if ( !is_aes)
status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
else status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
else
status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
if ( err_status != 0 ){
std::cerr << "RPCException thrown" << std::endl;
throw RPCException(-666, errMsg) ;
if ( status != SGX_SUCCESS || err_status != 0 ){
std::cerr << "RPCException thrown with status" << status << std::endl;
throw RPCException(status, errMsg) ;
}
std::vector<std::string> keys(3);
if (DEBUG_PRINT) {
std::cerr << "account key is " << errMsg << std::endl;
std::cerr << "enc_len is " << enc_len << std::endl;
std::cerr << "enc_key is " << std::endl;
// std::cerr << "enc_key is " << std::endl;
// for(int i = 0 ; i < 1024; i++)
// std::cerr << (int)encr_pr_key[i] << " " ;
}
......
LevelDB.cpp
View file @ 83236f41
......@@ -282,7 +282,6 @@ void LevelDB::initDataFolderAndDBs() {
exit(-1);
}
sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
struct stat info;
......@@ -298,7 +297,6 @@ void LevelDB::initDataFolderAndDBs() {
}
}
auto dbName = sgx_data_folder + WALLETDB_NAME;
levelDb = make_shared<LevelDB>(dbName);
......
Makefile.am
View file @ 83236f41
......@@ -43,8 +43,9 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
## Additional automake variables
##
#AM_CPPFLAGS += -g -Og
#AM_CFLAGS = -g -Og
#AM_CXXFLAGS = ${AM_CPPFLAGS}
AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
......@@ -91,7 +92,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
## Use the variables, not the actual library names to ensure these
## targets work on simulation builds.
sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
-LlibBLS/build/libff/libff \
-l:libbls.a -l:libleveldb.a \
-l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
......
SEKManager.cpp
View file @ 83236f41
......@@ -27,30 +27,210 @@
#include "LevelDB.h"
#include <iostream>
#include <algorithm>
#include "sgxwallet_common.h"
#include "common.h"
#include "sgxwallet.h"
void generate_SEK(){
#include "ServerDataChecker.h"
#include "spdlog/spdlog.h"
bool case_insensitive_match(string s1, string s2) {
//convert s1 and s2 into lower case strings
transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
return s1.compare(s2);
}
void create_test_key(){
int errStatus = 0;
vector<char> errMsg(1024,0);
uint32_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
std::string key = TEST_VALUE;
status = encrypt_key_aes(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if ( status != 0){
std::cerr << "encrypt test key failed with status " << status << std::endl;
throw RPCException(status, errMsg.data()) ;
}
//std::cerr << "enc len is " << enc_len << std::endl;
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
uint64_t test_len;
vector<uint8_t>test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())){
std::cerr << "wrong encrypted test key" << std::endl;
}
LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
}
bool check_SEK(std::string SEK){
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
// if (test_key_ptr == nullptr){
// spdlog::error("empty db" );
// exit(-1);
// }
// else{
vector<uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if ( !hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())){
spdlog::error("wrong test key" );
exit(-1);
}
vector<char> decr_key(1024,0);
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024,0);
uint32_t l = len;
std::cerr << " l is " << l << std::endl;
status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str() );
if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl;
throw RPCException(status, errMsg.data());
}
status = decrypt_key_aes(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0){
spdlog::error("failed to decrypt test key" );
spdlog::error(errMsg.data());
exit(-1);
}
std::string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data())!= 0){
std::cerr << "decrypted key is " << decr_key.data() << std::endl;
spdlog::error("Invalid SEK" );
return false;
}
return true;
// }
}
void gen_SEK(){
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0;
status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
if ( err_status != 0 ){
cerr << "RPCException thrown" << endl;
throw RPCException(-666, errMsg.data()) ;
//vector<char> SEK(65, 0);
char SEK[65];
memset(SEK, 0, 65);
status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS || err_status != 0 ){
throw RPCException(status, errMsg.data()) ;
}
vector<char> hexEncrKey(2*enc_len + 1, 0);
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
cerr << "key is " << errMsg.data() << endl;
cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
cout << "key is " << SEK << endl;
if (!autoconfirm) {
std::string confirm_str = "I confirm";
std::string buffer;
do {
std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
<< std::endl;
std::getline(std::cin, buffer);
} while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
}
system("reset");
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
}
void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
vector<char> errMsg(1024,0);
int err_status = 0;
//vector<uint8_t> encr_SEK(1024, 0);
uint8_t encr_SEK[BUF_LEN];
memset(encr_SEK, 0, BUF_LEN);
uint64_t len;
if (!hex2carray(hex_encr_SEK->c_str(), &len, encr_SEK)){
throw RPCException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
status = set_SEK(eid, &err_status, errMsg.data(), encr_SEK, len );
if ( status != SGX_SUCCESS || err_status != 0 ){
cerr << "RPCException thrown" << endl;
throw RPCException(status, errMsg.data()) ;
}
}
void enter_SEK(){
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(BUF_LEN, 0);
uint32_t enc_len;
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
if (test_key_ptr == nullptr){
spdlog::error("empty db" );
exit(-1);
}
std::string SEK;
std::cout << "ENTER BACKUP KEY" << std::endl;
std::cin >> SEK;
while (!checkHex(SEK, 16) || !check_SEK(SEK)){
std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
SEK = "";
std::cin >> SEK;
}
// if (DEBUG_PRINT)
// std::cerr << "your key is " << SEK << std::endl;
status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl;
throw RPCException(status, errMsg.data());
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
LevelDB::getLevelDb() -> deleteKey("SEK");
LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
}
void init_SEK(){
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::info("SEK was not created yet. Going to create SEK");
gen_SEK();
}
else{
if (DEBUG_PRINT)
spdlog::info("going to set SEK from db" );
set_SEK(encr_SEK_ptr);
}
}
//a002e7ca685d46a32771d16fe2518e58
\ No newline at end of file
SEKManager.h
View file @ 83236f41
......@@ -24,6 +24,29 @@
#ifndef SGXD_SEKMANAGER_H
#define SGXD_SEKMANAGER_H
void generate_SEK();
#ifdef __cplusplus
#include <string>
#include <memory>
#endif
void gen_SEK();
#ifdef __cplusplus
void set_SEK(std::shared_ptr<std::string> hex_encr_SEK);
#endif
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
EXTERNC void enter_SEK();
EXTERNC void init_SEK();
#endif //SGXD_SEKMANAGER_H
SGXRegistrationServer.cpp
View file @ 83236f41
......@@ -48,7 +48,8 @@
int DEBUG_PRINT = 0;
int is_sgx_https = 1;
int is_aes = 0;
int is_aes = 1;
bool autoconfirm = false;
SGXRegistrationServer *regs = nullptr;
HttpServer *hs2 = nullptr;
......
SGXWalletServer.cpp
View file @ 83236f41
......@@ -218,7 +218,7 @@ Json::Value blsSignMessageHashImpl(const string &keyShareName, const string &mes
}
try {
if (!sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
if (!bls_sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
result["status"] = -1;
result["errorMessage"] = "Could not sign";
return result;
......@@ -501,6 +501,7 @@ Json::Value getSecretShareImpl(const string& polyName, const Json::Value& public
vector<string> pubKeys_vect;
for ( int i = 0; i < n ; i++) {
std::cerr << "publicKeys " << i << " is " << publicKeys[i].asString() <<std::endl;
if ( !checkHex(publicKeys[i].asString(), 64)){
throw RPCException(INVALID_HEX, "Invalid public key");
}
......
ServerDataChecker.cpp
View file @ 83236f41
......@@ -72,8 +72,8 @@ bool checkECDSAKeyName(const string& keyName) {
bool checkHex(const string& hex, const uint32_t sizeInBytes){
if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
spdlog::error("public key is too long or zero - ", hex.length());
std::cerr << "public key length is " << hex.length() << std::endl;
spdlog::error("key is too long or zero - ", hex.length());
std::cerr << "key length is " << hex.length() << std::endl;
return false;
}
......@@ -81,7 +81,7 @@ bool checkHex(const string& hex, const uint32_t sizeInBytes){
mpz_init(num);
if ( mpz_set_str(num, hex.c_str(), 16) == -1){
spdlog::error("public key is not hex {}", hex);
spdlog::error("key is not hex {}", hex);
mpz_clear(num);
return false;
}
......
ServerInit.cpp
View file @ 83236f41
......@@ -52,7 +52,7 @@
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "SEKManager.h"
#include <iostream>
......@@ -67,19 +67,13 @@
//#include <system>
void init_daemon() {
libff::init_alt_bn128_params();
LevelDB::initDataFolderAndDBs();
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::info("SEK was not created yet");
generate_SEK();
}
}
......@@ -135,12 +129,14 @@ void init_enclave() {
int sgxServerInited = 0;
void init_all(bool check_cert, bool sign_automatically) {
void init_all(bool check_cert, bool sign_automatically, void (*SEK_func)()) {
//spdlog::set_pattern("%c");
if (sgxServerInited == 1)
return;
init_enclave();
init_daemon();
//init_SEK();
SEK_func();
sgxServerInited = 1;
......@@ -152,7 +148,7 @@ void init_all(bool check_cert, bool sign_automatically) {
else {
init_http_server();
}
init_enclave();
//std::cerr << "enclave inited" << std::endl;
}
ServerInit.h
View file @ 83236f41
......@@ -30,12 +30,12 @@
#define EXTERNC
#endif
EXTERNC void init_all(bool check_cert, bool sign_automatically);
EXTERNC void init_all(bool check_cert, bool sign_automatically, void (*func)());
EXTERNC void init_daemon();
EXTERNC void init_enclave();
EXTERNC void init_enclave();
#endif //SGXWALLET_SERVERINIT_H
scripts/docker_test.py
View file @ 83236f41
......@@ -28,8 +28,13 @@ print("Running tests for branch " + BRANCH);
assert subprocess.call(["docker", "image", "inspect", FULL_IMAGE_NAME]) == 0;
assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
"-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
#assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
# "-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
obj = subprocess.Popen(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d","--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-y"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
obj.communicate(input=b"i confirm", timeout=5)
obj.terminate()
obj.wait()
time.sleep(5);
......
secure_enclave/BLSEnclave.cpp
View file @ 83236f41
......@@ -25,7 +25,8 @@
#include <string.h>
#include <cstdint>
#include "../sgxwallet_common.h"
//#include "../sgxwallet_common.h"
#include "enclave_common.h"
#include "BLSEnclave.h"
......
secure_enclave/DKGUtils.cpp
View file @ 83236f41
......@@ -30,7 +30,8 @@
#include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.hpp>
#include "../sgxwallet_common.h"
//#include "../sgxwallet_common.h"
#include "enclave_common.h"
#include <cstdio>
#include <stdio.h>
......@@ -313,27 +314,31 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
char arr[mpz_sizeinbase (decr_secret_share, 10) + 2];
char * tmp = mpz_get_str(arr, 10, decr_secret_share);
libff::alt_bn128_Fr sshare(tmp);
// strncpy(public_shares, tmp, strlen(tmp));
// std::string res = ConvertHexToDec("fe43567238abcdef98760");
// strncpy(public_shares, res.c_str(), res.length());
libff::alt_bn128_G2 val2 = sshare * libff::alt_bn128_G2::one();
memset(public_shares, 0, strlen(public_shares));
strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
strncpy(public_shares, tmp, strlen(tmp));
// strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
// strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
// strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
val.to_affine_coordinates();
val2.to_affine_coordinates();
// strncpy(public_shares + strlen(tmp), ":", 1);
// strncpy(public_shares + 77 + 1, ConvertToString(val.X.c0).c_str(), 77);
// strncpy(public_shares + 77 + 78, ":", 1);
// strncpy(public_shares + 77 + 79, ConvertToString(val2.X.c0).c_str(), 77);
strncpy(public_shares, ConvertToString(val.X.c0).c_str(), ConvertToString(val.X.c0).length());
strncpy(public_shares + ConvertToString(val.X.c0).length(), ":", 1);
strncpy(public_shares + ConvertToString(val.X.c0).length() + 1, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
/*strncpy(public_shares + 77 + 77 + 79, "\n", 1);
strncpy(public_shares + 144 + 79, ConvertToString(val2.X.c0).c_str(), 77);
strncpy(public_shares + 144 + 78, ":", 1);
......
secure_enclave/enclave_common.h
View file @ 83236f41
......@@ -18,7 +18,7 @@
#define ADD_ENTROPY_SIZE 32
#define DKG_BUFER_LENGTH 2490//3060
#define DKG_MAX_SEALED_LEN 3050
#define DKG_MAX_SEALED_LEN 3100
#define SECRET_SHARE_NUM_BYTES 96
......
secure_enclave/secure_enclave.c
View file @ 83236f41
This diff is collapsed.
secure_enclave/secure_enclave.edl
View file @ 83236f41
This diff is collapsed.
sgxwallet.c
View file @ 83236f41
......@@ -38,9 +38,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "SEKManager.h"
#include <stdbool.h>
void usage() {
fprintf(stderr, "usage: sgxwallet\n");
exit(1);
......@@ -52,7 +56,8 @@ sgx_status_t status;
int updated;
int main(int argc, char *argv[]) {
void (*SEK_initializer)();
SEK_initializer = init_SEK;
bool check_client_cert = true;
bool sign_automatically = false;
int opt;
......@@ -62,7 +67,9 @@ int main(int argc, char *argv[]) {
exit(1);
}
while ((opt = getopt(argc, argv, "cshd0a")) != -1) {
while ((opt = getopt(argc, argv, "cshd0aby")) != -1) {
switch (opt) {
case 'h':
if (strlen(argv[1]) == 2 ) {
......@@ -70,6 +77,7 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "-s client certificate will be signed automatically\n");
fprintf(stderr, "-d turn on debug output\n");
fprintf(stderr, "-0 SGXWalletServer will be launched on http (not https)\n");
fprintf(stderr, "-b Enter backup key\n");
exit(0);
} else {
fprintf(stderr, "unknown flag %s\n", argv[1]);
......@@ -88,14 +96,21 @@ int main(int argc, char *argv[]) {
is_sgx_https = 0;
break;
case 'a':
is_aes = 1;
is_aes = 0;
break;
case 'b':
SEK_initializer = enter_SEK;
break;
case 'y':
autoconfirm = true;
break;
case '?': // fprintf(stderr, "unknown flag\n");
exit(1);
default:
break;
}
}
init_all(check_client_cert, sign_automatically);
init_all(check_client_cert, sign_automatically, SEK_initializer);
while (true) {
sleep(10);
......
sgxwallet_common.h
View file @ 83236f41
......@@ -38,6 +38,7 @@
extern int DEBUG_PRINT;
extern int is_sgx_https;
extern int is_aes;
extern bool autoconfirm;
#define BUF_LEN 1024
......@@ -93,11 +94,11 @@ extern int is_aes;
#define BASE_PORT 1026
#define WALLETDB_NAME "sgxwallet.db"//"test_sgxwallet.db"//
#define WALLETDB_NAME "sgxwallet.db"//"test_sgxwallet.db"
#define ENCLAVE_NAME "secure_enclave.signed.so"
#define SGXDATA_FOLDER "sgx_data/"
#define TEST_VALUE "1234567890"
......
testw.cpp
View file @ 83236f41
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment