Skip to content

S
sgxwallet
Unverified Commit 83236f41 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge branch 'develop' into SKALE-2187-fix-docker-compose

parents 0d79249e 76a09304
Hide whitespace changes
Inline Side-by-side
Showing with 1094 additions and 219 deletions
.github/CODEOWNERS
View file @ 83236f41
* @svetaro @olehnikolaiev @kladkogex
*.md @cstrangedk
\ No newline at end of file
* @olehnikolaiev @kladkogex
*.md @cstrangedk
BLSCrypto.cpp
View file @ 83236f41
......@@ -27,6 +27,7 @@
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "bls.h"
#include <bls/BLSutils.h>
#include "leveldb/db.h"
......@@ -53,6 +54,22 @@
#include "spdlog/spdlog.h"
#include "common.h"
std::string *FqToString(libff::alt_bn128_Fq*_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
int char2int(char _input) {
if (_input >= '0' && _input <= '9')
return _input - '0';
......@@ -132,7 +149,6 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
}
bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
......@@ -172,9 +188,131 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
//cerr<< "sig " << _sig <<endl;
return true;
}
bool sign_aes(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
//cerr << "ENTER SIGN" << endl;
auto keyStr = make_shared<string>(_encryptedKeyHex);
auto hash = make_shared<array<uint8_t, 32>>();
uint64_t binLen;
if (!hex2carray(_hashHex, &binLen, hash->data())){
throw RPCException(INVALID_HEX, "Invalid hash");
}
// assert(binLen == hash->size());
// auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
//
// //cerr << "keyShare created" << endl;
// // {
// auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
// // }
//
// auto sigShareStr = sigShare->toString();
//
// strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
shared_ptr<signatures::Bls> obj;
obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
obj->HashtoG1withHint(hash);
int errStatus = 0;
string* xStr = FqToString(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
string* yStr = FqToString(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature [BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
}
sgx_status_t status =
bls_sign_message_aes(eid, &errStatus, errMsg, encryptedKey,
sz, xStrArg, yStrArg, signature);
if (status != SGX_SUCCESS) {
cerr <<"SGX enclave call to bls_sign_message failed:" << status << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to bls_sign_message failed"));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
std::string sig = signature;
sig.append(":");
sig.append(hint);
strncpy(_sig, sig.c_str(), BUF_LEN);
printf("_sig is: %s\n", sig.c_str());
//string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
//strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
// string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
// auto sig_ptr = make_shared<string>(test_sig);
// strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
//cerr<< "sig " << _sig <<endl;
return true;
}
bool bls_sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
if (!is_aes){
return sign(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
else{
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
}
}
char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
char *keyArray = (char *) calloc(BUF_LEN, 1);
......
BLSCrypto.h
View file @ 83236f41
......@@ -36,7 +36,7 @@
//
//EXTERNC void init_enclave();
EXTERNC bool sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
size_t signerIndex, char* _sig);
EXTERNC int char2int(char _input);
......
DKGCrypto.cpp
View file @ 83236f41
......@@ -96,10 +96,17 @@ string gen_dkg_poly( int _t){
spdlog::info("in DKGCrypto encr len is {}", enc_len);
}
vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
uint64_t length = DKG_MAX_SEALED_LEN;
if (is_aes){
length = enc_len;
}
//vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
vector<char> hexEncrPoly(2 * length + 1, 0);
assert( encrypted_dkg_secret.size() >= length);
//carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data());
string result(hexEncrPoly.data());
return result;
......@@ -117,11 +124,13 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
}
char* public_shares = (char*)calloc(10000, 1);
memset(public_shares, 0, 10000);
// char public_shares[10000];
uint64_t enc_len = 0;
uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN * 2, 1);
memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN * 2);
//uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
if (!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
......@@ -129,16 +138,19 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
}
if (DEBUG_PRINT) {
//cerr << "hex_encr_poly is " << encryptedPolyHex << std::endl;
spdlog::info("hex_encr_poly length is {}", strlen(encryptedPolyHex));
spdlog::info("enc len {}", enc_len);
/*cerr << "encr raw poly: " << endl;
for ( int i = 0 ; i < 3050; i++)
printf(" %d ", encr_dkg_poly[i] );*/
// cerr << "encr raw poly: " << endl;
// for ( int i = 0 ; i < 3050; i++)
// printf(" %d ", encr_dkg_poly[i] );
}
uint32_t len;
if (!is_aes)
status = get_public_shares(eid, &err_status, errMsg1, encr_dkg_poly, len, public_shares, t, n);
else {
status = get_public_shares_aes(eid, &err_status, errMsg1, encr_dkg_poly, enc_len, public_shares, t, n);
}
if ( err_status != 0){
......@@ -174,15 +186,19 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
//char* errMsg1 = (char*) calloc(1024,1);
char errMsg1[BUF_LEN];
int err_status = 0;
char hexEncrKey[BUF_LEN];
memset(hexEncrKey, 0, BUF_LEN);
uint64_t enc_len = 0;
// uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN, 1);
uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN);
if(!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
}
std::cerr << "enc_len is " << enc_len << std::endl;
if (!is_aes)
status = set_encrypted_dkg_poly(eid, &err_status, errMsg1, encr_dkg_poly);
else
......@@ -194,18 +210,18 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
string result;
//char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
char hexEncrKey[2 * BUF_LEN];
for ( int i = 0; i < n; i++){
uint8_t encrypted_skey[BUF_LEN];
memset(encrypted_skey, 0, BUF_LEN);
uint32_t dec_len;
char cur_share[193];
char s_shareG2[320];
string pub_keyB = publicKeys.at(i);//publicKeys.substr(128*i, 128*i + 128);
if (DEBUG_PRINT) {
spdlog::info("pub_keyB is {}", pub_keyB);
}
// if (DEBUG_PRINT) {
// spdlog::info("pub_keyB is {}", pub_keyB);
// }
char pubKeyB[129];
strncpy(pubKeyB, pub_keyB.c_str(), 128);
pubKeyB[128] = 0;
......@@ -232,11 +248,14 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
if (DEBUG_PRINT) {
spdlog::info("dec len is {}", dec_len);
}
carray2Hex(encrypted_skey, dec_len, hexEncrKey);
string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + to_string(i) + ":";
// cerr << "hexEncrKey: " << hexEncrKey << endl;
cerr << "hexEncr DH Key: " << hexEncrKey << endl;
writeDataToDB(DHKey_name, hexEncrKey);
string shareG2_name = "shareG2_" + polyName + "_" + to_string(i) + ":";
......@@ -270,24 +289,27 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
uint64_t dec_key_len ;
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
}
int result;
if (DEBUG_PRINT) {
// cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
// cerr << "dec_key_len " << dec_key_len << endl;
// cerr << "encr_sshare length is " << strlen(encr_sshare) << endl; cerr << "public shares " << publicShares << endl;
cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
cerr << "dec_key_len " << dec_key_len << endl;
cerr << "encr_sshare length is " << strlen(encr_sshare) << endl;
//cerr << "public shares " << publicShares << endl;
spdlog::info("publicShares length is {}", char_traits<char>::length(publicShares));
}
char pshares[8193];
strncpy(pshares, publicShares, strlen(publicShares) + 1);
//cerr << "pshares " << pshares << endl;
memset(pshares, 0, 8193);
strncpy(pshares, publicShares, strlen(publicShares) );
dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
if (!is_aes)
dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
else
dkg_verification_aes(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
if (result == 2){
throw RPCException(INVALID_HEX, "Invalid public shares");
......@@ -313,7 +335,9 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
uint64_t dec_key_len ;
uint8_t encr_bls_key[BUF_LEN];
memset(encr_bls_key, 0, BUF_LEN);
uint8_t encr_key[BUF_LEN];
memset(encr_key, 0, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
}
......@@ -321,10 +345,15 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
uint32_t enc_bls_len = 0;
//cerr << "BEFORE create_bls_key IN ENCLAVE " << endl;
create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
if (!is_aes)
create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
else
create_bls_key_aes(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
//cerr << "AFTER create_bls_key IN ENCLAVE er msg is " << errMsg1 << endl;
if ( err_status != 0){
spdlog::info("ERROR IN ENCLAVE");
//spdlog::info("ERROR IN ENCLAVE with status {}", err_status);
spdlog::error(errMsg1);
spdlog::error("status {}", err_status);
throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
}
else {
......@@ -363,8 +392,13 @@ vector<string> GetBLSPubKey(const char * encryptedKeyHex){
if (DEBUG_PRINT) {
spdlog::info("dec_key_len is {}", dec_key_len);
}
get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
if (!is_aes)
get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
else
get_bls_pub_key_aes(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
if ( err_status != 0){
std::cerr << errMsg1 << " status is " << err_status << std::endl;
throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
}
vector<string> pub_key_vect = SplitString(pub_key, ':');
......@@ -396,12 +430,19 @@ string decrypt_DHKey(const string& polyName, int ind){
if (!hex2carray(hexEncrKey_ptr->c_str(), &DH_enc_len, encrypted_DHkey)){
throw RPCException(INVALID_HEX, "Invalid hexEncrKey");
}
if (DEBUG_PRINT) {
spdlog::info("encr DH key length is {}", DH_enc_len);
spdlog::info("hex encr DH key length is {}", hexEncrKey_ptr->length());
}
char DHKey[ECDSA_SKEY_LEN];
decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
if ( !is_aes)
decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
else
decrypt_key_aes(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
if (err_status != 0){
throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
throw RPCException(/*ERROR_IN_ENCLAVE*/ err_status, "decrypt key failed in enclave");
}
return DHKey;
......
DockerfileSimulation
View file @ 83236f41
......@@ -35,4 +35,4 @@ RUN make
RUN mkdir /usr/src/sdk/sgx_data
COPY docker/start.sh ./
ENTRYPOINT ["/usr/src/sdk/start.sh"]
ENTRYPOINT ["/usr/src/sdk/start.sh"]
\ No newline at end of file
ECDSACrypto.cpp
View file @ 83236f41
......@@ -53,17 +53,18 @@ std::vector<std::string> gen_ecdsa_key(){
if ( !is_aes)
status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
else status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
else
status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
if ( err_status != 0 ){
std::cerr << "RPCException thrown" << std::endl;
throw RPCException(-666, errMsg) ;
if ( status != SGX_SUCCESS || err_status != 0 ){
std::cerr << "RPCException thrown with status" << status << std::endl;
throw RPCException(status, errMsg) ;
}
std::vector<std::string> keys(3);
if (DEBUG_PRINT) {
std::cerr << "account key is " << errMsg << std::endl;
std::cerr << "enc_len is " << enc_len << std::endl;
std::cerr << "enc_key is " << std::endl;
// std::cerr << "enc_key is " << std::endl;
// for(int i = 0 ; i < 1024; i++)
// std::cerr << (int)encr_pr_key[i] << " " ;
}
......
LevelDB.cpp
View file @ 83236f41
......@@ -282,7 +282,6 @@ void LevelDB::initDataFolderAndDBs() {
exit(-1);
}
sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
struct stat info;
......@@ -298,7 +297,6 @@ void LevelDB::initDataFolderAndDBs() {
}
}
auto dbName = sgx_data_folder + WALLETDB_NAME;
levelDb = make_shared<LevelDB>(dbName);
......
Makefile.am
View file @ 83236f41
......@@ -43,8 +43,9 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
## Additional automake variables
##
#AM_CPPFLAGS += -g -Og
#AM_CFLAGS = -g -Og
#AM_CXXFLAGS = ${AM_CPPFLAGS}
AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
......@@ -91,7 +92,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
## Use the variables, not the actual library names to ensure these
## targets work on simulation builds.
sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
-LlibBLS/build/libff/libff \
-l:libbls.a -l:libleveldb.a \
-l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
......
SEKManager.cpp
View file @ 83236f41
......@@ -27,30 +27,210 @@
#include "LevelDB.h"
#include <iostream>
#include <algorithm>
#include "sgxwallet_common.h"
#include "common.h"
#include "sgxwallet.h"
void generate_SEK(){
#include "ServerDataChecker.h"
#include "spdlog/spdlog.h"
bool case_insensitive_match(string s1, string s2) {
//convert s1 and s2 into lower case strings
transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
return s1.compare(s2);
}
void create_test_key(){
int errStatus = 0;
vector<char> errMsg(1024,0);
uint32_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
std::string key = TEST_VALUE;
status = encrypt_key_aes(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if ( status != 0){
std::cerr << "encrypt test key failed with status " << status << std::endl;
throw RPCException(status, errMsg.data()) ;
}
//std::cerr << "enc len is " << enc_len << std::endl;
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
uint64_t test_len;
vector<uint8_t>test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())){
std::cerr << "wrong encrypted test key" << std::endl;
}
LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
}
bool check_SEK(std::string SEK){
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
// if (test_key_ptr == nullptr){
// spdlog::error("empty db" );
// exit(-1);
// }
// else{
vector<uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if ( !hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())){
spdlog::error("wrong test key" );
exit(-1);
}
vector<char> decr_key(1024,0);
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024,0);
uint32_t l = len;
std::cerr << " l is " << l << std::endl;
status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str() );
if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl;
throw RPCException(status, errMsg.data());
}
status = decrypt_key_aes(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0){
spdlog::error("failed to decrypt test key" );
spdlog::error(errMsg.data());
exit(-1);
}
std::string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data())!= 0){
std::cerr << "decrypted key is " << decr_key.data() << std::endl;
spdlog::error("Invalid SEK" );
return false;
}
return true;
// }
}
void gen_SEK(){
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0;
status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
if ( err_status != 0 ){
cerr << "RPCException thrown" << endl;
throw RPCException(-666, errMsg.data()) ;
//vector<char> SEK(65, 0);
char SEK[65];
memset(SEK, 0, 65);
status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS || err_status != 0 ){
throw RPCException(status, errMsg.data()) ;
}
vector<char> hexEncrKey(2*enc_len + 1, 0);
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
cerr << "key is " << errMsg.data() << endl;
cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
cout << "key is " << SEK << endl;
if (!autoconfirm) {
std::string confirm_str = "I confirm";
std::string buffer;
do {
std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
<< std::endl;
std::getline(std::cin, buffer);
} while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
}
system("reset");
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
}
void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
vector<char> errMsg(1024,0);
int err_status = 0;
//vector<uint8_t> encr_SEK(1024, 0);
uint8_t encr_SEK[BUF_LEN];
memset(encr_SEK, 0, BUF_LEN);
uint64_t len;
if (!hex2carray(hex_encr_SEK->c_str(), &len, encr_SEK)){
throw RPCException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
status = set_SEK(eid, &err_status, errMsg.data(), encr_SEK, len );
if ( status != SGX_SUCCESS || err_status != 0 ){
cerr << "RPCException thrown" << endl;
throw RPCException(status, errMsg.data()) ;
}
}
void enter_SEK(){
vector<char> errMsg(1024,0);
int err_status = 0;
vector<uint8_t> encr_SEK(BUF_LEN, 0);
uint32_t enc_len;
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
if (test_key_ptr == nullptr){
spdlog::error("empty db" );
exit(-1);
}
std::string SEK;
std::cout << "ENTER BACKUP KEY" << std::endl;
std::cin >> SEK;
while (!checkHex(SEK, 16) || !check_SEK(SEK)){
std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
SEK = "";
std::cin >> SEK;
}
// if (DEBUG_PRINT)
// std::cerr << "your key is " << SEK << std::endl;
status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl;
throw RPCException(status, errMsg.data());
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
LevelDB::getLevelDb() -> deleteKey("SEK");
LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
}
void init_SEK(){
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::info("SEK was not created yet. Going to create SEK");
gen_SEK();
}
else{
if (DEBUG_PRINT)
spdlog::info("going to set SEK from db" );
set_SEK(encr_SEK_ptr);
}
}
//a002e7ca685d46a32771d16fe2518e58
\ No newline at end of file
SEKManager.h
View file @ 83236f41
......@@ -24,6 +24,29 @@
#ifndef SGXD_SEKMANAGER_H
#define SGXD_SEKMANAGER_H
void generate_SEK();
#ifdef __cplusplus
#include <string>
#include <memory>
#endif
void gen_SEK();
#ifdef __cplusplus
void set_SEK(std::shared_ptr<std::string> hex_encr_SEK);
#endif
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
EXTERNC void enter_SEK();
EXTERNC void init_SEK();
#endif //SGXD_SEKMANAGER_H
SGXRegistrationServer.cpp
View file @ 83236f41
......@@ -48,7 +48,8 @@
int DEBUG_PRINT = 0;
int is_sgx_https = 1;
int is_aes = 0;
int is_aes = 1;
bool autoconfirm = false;
SGXRegistrationServer *regs = nullptr;
HttpServer *hs2 = nullptr;
......
SGXWalletServer.cpp
View file @ 83236f41
......@@ -218,7 +218,7 @@ Json::Value blsSignMessageHashImpl(const string &keyShareName, const string &mes
}
try {
if (!sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
if (!bls_sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
result["status"] = -1;
result["errorMessage"] = "Could not sign";
return result;
......@@ -501,6 +501,7 @@ Json::Value getSecretShareImpl(const string& polyName, const Json::Value& public
vector<string> pubKeys_vect;
for ( int i = 0; i < n ; i++) {
std::cerr << "publicKeys " << i << " is " << publicKeys[i].asString() <<std::endl;
if ( !checkHex(publicKeys[i].asString(), 64)){
throw RPCException(INVALID_HEX, "Invalid public key");
}
......
ServerDataChecker.cpp
View file @ 83236f41
......@@ -72,8 +72,8 @@ bool checkECDSAKeyName(const string& keyName) {
bool checkHex(const string& hex, const uint32_t sizeInBytes){
if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
spdlog::error("public key is too long or zero - ", hex.length());
std::cerr << "public key length is " << hex.length() << std::endl;
spdlog::error("key is too long or zero - ", hex.length());
std::cerr << "key length is " << hex.length() << std::endl;
return false;
}
......@@ -81,7 +81,7 @@ bool checkHex(const string& hex, const uint32_t sizeInBytes){
mpz_init(num);
if ( mpz_set_str(num, hex.c_str(), 16) == -1){
spdlog::error("public key is not hex {}", hex);
spdlog::error("key is not hex {}", hex);
mpz_clear(num);
return false;
}
......
ServerInit.cpp
View file @ 83236f41
......@@ -52,7 +52,7 @@
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "SEKManager.h"
#include <iostream>
......@@ -67,19 +67,13 @@
//#include <system>
void init_daemon() {
libff::init_alt_bn128_params();
LevelDB::initDataFolderAndDBs();
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::info("SEK was not created yet");
generate_SEK();
}
}
......@@ -135,12 +129,14 @@ void init_enclave() {
int sgxServerInited = 0;
void init_all(bool check_cert, bool sign_automatically) {
void init_all(bool check_cert, bool sign_automatically, void (*SEK_func)()) {
//spdlog::set_pattern("%c");
if (sgxServerInited == 1)
return;
init_enclave();
init_daemon();
//init_SEK();
SEK_func();
sgxServerInited = 1;
......@@ -152,7 +148,7 @@ void init_all(bool check_cert, bool sign_automatically) {
else {
init_http_server();
}
init_enclave();
//std::cerr << "enclave inited" << std::endl;
}
ServerInit.h
View file @ 83236f41
......@@ -30,12 +30,12 @@
#define EXTERNC
#endif
EXTERNC void init_all(bool check_cert, bool sign_automatically);
EXTERNC void init_all(bool check_cert, bool sign_automatically, void (*func)());
EXTERNC void init_daemon();
EXTERNC void init_enclave();
EXTERNC void init_enclave();
#endif //SGXWALLET_SERVERINIT_H
scripts/docker_test.py
View file @ 83236f41
......@@ -28,8 +28,13 @@ print("Running tests for branch " + BRANCH);
assert subprocess.call(["docker", "image", "inspect", FULL_IMAGE_NAME]) == 0;
assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
"-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
#assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
# "-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
obj = subprocess.Popen(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d","--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-y"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
obj.communicate(input=b"i confirm", timeout=5)
obj.terminate()
obj.wait()
time.sleep(5);
......
secure_enclave/BLSEnclave.cpp
View file @ 83236f41
......@@ -25,7 +25,8 @@
#include <string.h>
#include <cstdint>
#include "../sgxwallet_common.h"
//#include "../sgxwallet_common.h"
#include "enclave_common.h"
#include "BLSEnclave.h"
......
secure_enclave/DKGUtils.cpp
View file @ 83236f41
......@@ -30,7 +30,8 @@
#include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.hpp>
#include "../sgxwallet_common.h"
//#include "../sgxwallet_common.h"
#include "enclave_common.h"
#include <cstdio>
#include <stdio.h>
......@@ -313,27 +314,31 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
char arr[mpz_sizeinbase (decr_secret_share, 10) + 2];
char * tmp = mpz_get_str(arr, 10, decr_secret_share);
libff::alt_bn128_Fr sshare(tmp);
// strncpy(public_shares, tmp, strlen(tmp));
// std::string res = ConvertHexToDec("fe43567238abcdef98760");
// strncpy(public_shares, res.c_str(), res.length());
libff::alt_bn128_G2 val2 = sshare * libff::alt_bn128_G2::one();
memset(public_shares, 0, strlen(public_shares));
strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
strncpy(public_shares, tmp, strlen(tmp));
// strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
// strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
// strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
val.to_affine_coordinates();
val2.to_affine_coordinates();
// strncpy(public_shares + strlen(tmp), ":", 1);
// strncpy(public_shares + 77 + 1, ConvertToString(val.X.c0).c_str(), 77);
// strncpy(public_shares + 77 + 78, ":", 1);
// strncpy(public_shares + 77 + 79, ConvertToString(val2.X.c0).c_str(), 77);
strncpy(public_shares, ConvertToString(val.X.c0).c_str(), ConvertToString(val.X.c0).length());
strncpy(public_shares + ConvertToString(val.X.c0).length(), ":", 1);
strncpy(public_shares + ConvertToString(val.X.c0).length() + 1, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
/*strncpy(public_shares + 77 + 77 + 79, "\n", 1);
strncpy(public_shares + 144 + 79, ConvertToString(val2.X.c0).c_str(), 77);
strncpy(public_shares + 144 + 78, ":", 1);
......
secure_enclave/enclave_common.h
View file @ 83236f41
......@@ -18,7 +18,7 @@
#define ADD_ENTROPY_SIZE 32
#define DKG_BUFER_LENGTH 2490//3060
#define DKG_MAX_SEALED_LEN 3050
#define DKG_MAX_SEALED_LEN 3100
#define SECRET_SHARE_NUM_BYTES 96
......
secure_enclave/secure_enclave.c
View file @ 83236f41
......@@ -596,7 +596,7 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg
void set_encrypted_dkg_poly(int *err_status, char *err_string, uint8_t* encrypted_poly){
memset(Decrypted_dkg_poly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *)encrypted_poly, NULL, 0, Decrypted_dkg_poly, &decr_len);
......@@ -907,35 +907,74 @@ void get_bls_pub_key(int *err_status, char* err_string, uint8_t* encrypted_key,
}
void generate_SEK(int *err_status, char *err_string,
uint8_t *encrypted_SEK, uint32_t *enc_len){
uint8_t *encrypted_SEK, uint32_t *enc_len, char* SEK_hex){
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
//unsigned char* rand_char = (unsigned char*)malloc(16);
sgx_read_rand( SEK_raw, SGX_AESGCM_KEY_SIZE);
sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
uint8_t SEK[hex_aes_key_length];
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK);
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1);
memcpy(err_string, SEK, BUF_LEN);
for ( uint8_t i = 0; i < SGX_AESGCM_KEY_SIZE; i++){
for ( uint8_t i = 0; i < 16; i++){
AES_key[i] = SEK_raw[i];
}
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
if( status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed");
*err_status = status;
return;
}
//strncpy(SEK_hex, SEK, hex_aes_key_length);
*enc_len = sealedLen;
//free(rand_char);
}
void set_SEK(int *err_status, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len){
//memset(AES_key, 0, SGX_AESGCM_KEY_SIZE);
uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2);
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *)encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) {
*err_status = status;
snprintf(err_string, BUF_LEN,"sgx unseal SEK failed with status %d", status);
return;
}
uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t* )AES_key);
}
void set_SEK_backup(int *err_status, char *err_string,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char* SEK_hex){
uint64_t len;
hex2carray(SEK_hex, &len, (uint8_t* )AES_key);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1);
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
if( status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status);
*err_status = status;
return;
}
//strncpy(SEK_hex, SEK, hex_aes_key_length);
*enc_len = sealedLen;
}
void generate_ecdsa_key_aes(int *err_status, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char * pub_key_x, char * pub_key_y) {
......@@ -1157,7 +1196,7 @@ void ecdsa_sign_aes(int *err_status, char *err_string, uint8_t *encrypted_key, u
}
void encrypt_key_aes(int *err_status, char *err_string, char *key,
void encrypt_key_aes(int *err_status, char *err_string, const char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
//init();
......@@ -1166,12 +1205,12 @@ void encrypt_key_aes(int *err_status, char *err_string, char *key,
memset(err_string, 0, BUF_LEN);
checkKey(err_status, err_string, key);
if (*err_status != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
return;
}
// checkKey(err_status, err_string, key);
//
// if (*err_status != 0) {
// snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
// return;
// }
memset(encrypted_key, 0, BUF_LEN);
......@@ -1224,7 +1263,6 @@ void decrypt_key_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
int status = AES_decrypt(encrypted_key, enc_len, key);
if (status != 0) {
*err_status = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
......@@ -1234,6 +1272,7 @@ void decrypt_key_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
//snprintf(err_string, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) {
*err_status = 1;
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
......@@ -1250,18 +1289,18 @@ void decrypt_key_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
}
*err_status = 0;
return;
memcpy(err_string, AES_key, 1024);
}
void bls_sign_message_test(int *err_status, char *err_string, uint8_t *encrypted_key,
void bls_sign_message_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
char key[BUF_LEN];
memset(key, 0, BUF_LEN);
char sig[BUF_LEN];
memset(sig, 0, BUF_LEN);
//char* sig = (char*) calloc(BUF_LEN, 1);
init();
......@@ -1289,6 +1328,7 @@ void bls_sign_message_test(int *err_status, char *err_string, uint8_t *encrypted
void gen_dkg_secret_aes (int *err_status, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t* enc_len, size_t _t){
char dkg_secret[DKG_BUFER_LENGTH];// = (char*)calloc(DKG_BUFER_LENGTH, 1);
memset(dkg_secret, 0, DKG_BUFER_LENGTH);
if (gen_dkg_poly(dkg_secret, _t) != 0 ){
*err_status = - 1;
......@@ -1306,6 +1346,24 @@ void gen_dkg_secret_aes (int *err_status, char *err_string, uint8_t *encrypted_d
}
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decr_dkg_secret[DKG_BUFER_LENGTH];
memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH);
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret);
if(status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"aes decrypt dkg poly failed");
*err_status = status;
return;
}
if ( strcmp(dkg_secret, decr_dkg_secret) != 0){
snprintf(err_string, BUF_LEN,"poly is %s ", dkg_secret);
snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,"encrypted poly is not equal to decrypted poly");
*err_status = -333;
}
// free(dkg_secret);
}
......@@ -1318,14 +1376,12 @@ void decrypt_dkg_secret_aes (int *err_status, char* err_string, uint8_t* encrypt
*err_status = status;
return;
}
//*dec_len = decr_len;
}
void set_encrypted_dkg_poly_aes(int *err_status, char *err_string, uint8_t* encrypted_poly, uint64_t* enc_len){
uint32_t decr_len;
int status = AES_decrypt(encrypted_poly, enc_len, Decrypted_dkg_poly);
memset(Decrypted_dkg_poly, 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, *enc_len, Decrypted_dkg_poly);
if (status != SGX_SUCCESS) {
*err_status = -1;
......@@ -1338,6 +1394,7 @@ void get_encr_sshare_aes(int *err_status, char *err_string, uint8_t *encrypted_s
char* result_str, char * s_shareG2, char* pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind ){
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, BUF_LEN);
char pub_key_x[BUF_LEN];
memset(pub_key_x, 0, BUF_LEN);
char pub_key_y[BUF_LEN];
......@@ -1354,7 +1411,7 @@ void get_encr_sshare_aes(int *err_status, char *err_string, uint8_t *encrypted_s
// snprintf(err_string, BUF_LEN,"pub_key_x is %s", pub_key_x);
int status = AES_decrypt(encrypted_skey, enc_len, skey);
skey[ECDSA_SKEY_LEN -1] = 0;
skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"AES_decrypt failed (in get_encr_sshare_aes) with status %d", status);
......@@ -1363,6 +1420,8 @@ void get_encr_sshare_aes(int *err_status, char *err_string, uint8_t *encrypted_s
}
snprintf(err_string, BUF_LEN,"unsealed random skey is %s\n", skey);
*dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char * common_key[ECDSA_SKEY_LEN]; //= (char *)malloc(65);
gen_session_key(skey, pub_keyB, common_key);
//snprintf(err_string + 81, BUF_LEN,"pub_key_B is %s length is %d", pub_keyB, strlen(pub_keyB));
......@@ -1373,14 +1432,15 @@ void get_encr_sshare_aes(int *err_status, char *err_string, uint8_t *encrypted_s
if (calc_secret_share(Decrypted_dkg_poly, s_share, _t, _n, ind) != 0){
*err_status = -1;
snprintf(err_string, BUF_LEN,"\nt does not match poly degree\n");
// snprintf(err_string, BUF_LEN,"t does not match poly degree");
snprintf(err_string, BUF_LEN, Decrypted_dkg_poly);
return;
}
snprintf(err_string + 88, BUF_LEN,"\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0){
*err_status = -1;
snprintf(err_string, BUF_LEN,"invalid decr secret share\n");
snprintf(err_string, BUF_LEN,"invalid decr secret share");
return;
}
......@@ -1406,17 +1466,25 @@ void get_encr_sshare_aes(int *err_status, char *err_string, uint8_t *encrypted_s
//free(pub_key_y);
//free(s_share);
//free(cypher);
}
void get_public_shares_aes(int *err_status, char* err_string, uint8_t* encrypted_dkg_secret, uint32_t enc_len, char* public_shares,
unsigned _t, unsigned _n){
char decrypted_dkg_secret[DKG_MAX_SEALED_LEN]; //= (char*)malloc(DKG_MAX_SEALED_LEN);
decrypt_dkg_secret_aes(err_status, err_string, (uint8_t*)encrypted_dkg_secret, decrypted_dkg_secret, enc_len);
if( *err_status != 0 ){
snprintf(err_string, BUF_LEN,"decrypt_dkg_secret failed with status %d", *err_status);
char* decrypted_dkg_secret = (char*)calloc(DKG_MAX_SEALED_LEN, 1);
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN);
//char decrypted_dkg_secret[ DKG_MAX_SEALED_LEN];
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*err_status = status;
return;
}
//strncpy(err_string, decrypted_dkg_secret, 1024);
// strncpy(err_string, "before calc_public_shares ", 1024);
if ( calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0 ){
......@@ -1424,8 +1492,201 @@ void get_public_shares_aes(int *err_status, char* err_string, uint8_t* encrypted
snprintf(err_string, BUF_LEN,"t does not match polynomial in db");
return;
}
//free(decrypted_dkg_secret);
}
void dkg_verification_aes(int *err_status, char* err_string, const char * public_shares, const char* s_share,
uint8_t* encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int * result){
//uint32_t dec_len = 625;
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN);
int status = AES_decrypt(encrypted_key, enc_len, skey);
//skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"AES_decrypt failed (in dkg_verification_aes) with status %d", status);
*err_status = status;
return;
}
char encr_sshare[ECDSA_SKEY_LEN];
memset(encr_sshare, 0, ECDSA_SKEY_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1 );
//encr_sshare[ECDSA_SKEY_LEN - 1] = 0;
char common_key[ECDSA_SKEY_LEN];
memset(common_key, 0, ECDSA_SKEY_LEN);
session_key_recover(skey, s_share, common_key);
//common_key[ECDSA_SKEY_LEN - 1] = 0;
if (common_key == NULL || strlen(common_key) == 0 ){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
return;
}
char decr_sshare[ECDSA_SKEY_LEN];
memset(decr_sshare, 0, ECDSA_SKEY_LEN);
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
return;
}
//decr_sshare[ECDSA_SKEY_LEN - 1] = 0;
//snprintf(err_string, BUF_LEN,"encr_share is %s length is %d", encr_sshare, strlen(encr_sshare));
//snprintf(err_string, BUF_LEN,"s_share is %s length is %d", s_share, strlen(s_share));
// snprintf(err_string, BUF_LEN,"sshare is %s\n", decr_sshare);
// snprintf(err_string + 75, BUF_LEN - 75,"common_key is %s\n", common_key);
// snprintf(err_string + 153, BUF_LEN - 153," s_key is %s", skey);
mpz_t s;
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid decr secret share");
mpz_clear(s);
return;
}
*result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN,"secret share dec %s", public_shares);
}
void create_bls_key_aes(int *err_status, char* err_string, const char* s_shares,
uint8_t* encrypted_key, uint64_t key_len, uint8_t * encr_bls_key, uint32_t *enc_bls_key_len){
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, key_len, skey);
if (status != SGX_SUCCESS) {
*err_status = status;
snprintf(err_string, BUF_LEN,"aes decrypt failed with status %d", status);
return;
}
skey[ECDSA_SKEY_LEN - 1] = 0;
int num_shares = strlen(s_shares)/192;
mpz_t sum;
mpz_init(sum);
mpz_set_ui(sum, 0);
//snprintf(err_string, BUF_LEN,"comon0 is %s len is %d\n", common_key, strlen(common_key));
for ( int i = 0; i < num_shares; i++) {
char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64);
encr_sshare[64] = 0;
char s_share[193];
strncpy(s_share, s_shares + 192 * i, 192);
s_share[192] = 0;
char common_key[65];
session_key_recover(skey, s_share, common_key);
common_key[64] = 0;
if (common_key == NULL){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
mpz_clear(sum);
return;
}
//snprintf(err_string + 85*(i+1) , BUF_LEN,"common is %s len is %d\n", common_key, strlen(common_key));
//snprintf(err_string + 201*i , BUF_LEN,"secret is %s",s_share);
char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL){
*err_status = 1;
snprintf(err_string, BUF_LEN ,"invalid common_key");
mpz_clear(sum);
return;
}
decr_sshare[64] = 0;
//snprintf(err_string + 158 * i, BUF_LEN,"decr sshare is %s", decr_sshare);
//snprintf(err_string + 158 * i + 79, BUF_LEN," common_key is %s", common_key);
mpz_t decr_secret_share;
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1){
*err_status = 111;
//snprintf(err_string, BUF_LEN ,"invalid decrypted secret share");
snprintf(err_string, BUF_LEN ,decr_sshare);
mpz_clear(decr_secret_share);
return;
}
mpz_addmul_ui(sum, decr_secret_share, 1);
mpz_clear(decr_secret_share);
}
mpz_t q;
mpz_init(q);
mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
mpz_t bls_key;
mpz_init(bls_key);
mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN," bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
status = AES_encrypt(key_share, encr_bls_key);
if( status != SGX_SUCCESS) {
*err_status= -1;
snprintf(err_string, BUF_LEN,"aes encrypt bls private key failed with status %d ", status);
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
return;
}
*enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
}
void get_bls_pub_key_aes(int *err_status, char* err_string, uint8_t* encrypted_key, uint64_t key_len, char* bls_pub_key){
char skey_hex[ECDSA_SKEY_LEN];
uint32_t len = key_len;
int status = AES_decrypt(encrypted_key, key_len, skey_hex);
if (status != SGX_SUCCESS) {
*err_status = 1;
snprintf(err_string, BUF_LEN,"aes_decrypt failed with status %d", status);
return;
}
skey_hex[ECDSA_SKEY_LEN - 1] = 0;
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0){
*err_status = -1;
snprintf(err_string, BUF_LEN,"could not calculate bls public key");
return;
}
}
secure_enclave/secure_enclave.edl
View file @ 83236f41
......@@ -29,34 +29,34 @@ enclave {
);
public void generate_ecdsa_key (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void get_public_ecdsa_key (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t dec_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t dec_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void encrypt_key (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] char* key,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len);
public void decrypt_key (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[out, count = 1024] char* key );
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] char* key,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len);
public void decrypt_key (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[out, count = 1024] char* key );
public void bls_sign_message (
[user_check] int *err_status,
......@@ -67,21 +67,21 @@ enclave {
[in, count = 1024] char* hashY ,
[out, count = 1024] char* signature);
public void gen_dkg_secret (
public void gen_dkg_secret (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = 3050] uint8_t* encrypted_dkg_secret,
[user_check] uint32_t * enc_len,
size_t _t);
public void decrypt_dkg_secret (
public void decrypt_dkg_secret (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret,
[user_check] uint32_t* dec_len);
public void get_secret_shares (
public void get_secret_shares (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
......@@ -90,7 +90,7 @@ enclave {
unsigned _t,
unsigned _n);
public void get_public_shares (
public void get_public_shares (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
......@@ -99,7 +99,7 @@ enclave {
unsigned _t,
unsigned _n);
public void ecdsa_sign1(
public void ecdsa_sign1(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
......@@ -110,11 +110,11 @@ enclave {
[user_check] uint8_t* sig_v,
int base);
public void set_encrypted_dkg_poly( [user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly);
public void set_encrypted_dkg_poly( [user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly);
public void get_encr_sshare(
public void get_encr_sshare(
[user_check]int *err_status,
[out, count = 1024] char *err_string,
[out, count = 1024] uint8_t *encrypted_skey,
......@@ -126,7 +126,7 @@ enclave {
uint8_t _n,
uint8_t ind);
public void dkg_verification(
public void dkg_verification(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 8193] const char* public_shares,
......@@ -137,7 +137,7 @@ enclave {
int _ind,
[user_check] int* result);
public void create_bls_key(
public void create_bls_key(
[user_check]int *err_status,
[out, count = 1024] char* err_string,
[in, count = 6145] const char* s_shares,
......@@ -146,14 +146,14 @@ enclave {
[out, count = 1024] uint8_t * encr_bls_key,
[user_check] uint32_t *enc_bls_key_len);
public void get_bls_pub_key(
public void get_bls_pub_key(
[user_check]int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint64_t key_len,
[out, count = 320] char* bls_pub_key);
public void complaint_response(
public void complaint_response(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t *encrypted_DHkey,
......@@ -165,14 +165,27 @@ enclave {
uint8_t _n,
uint8_t ind1);
public void generate_SEK(
public void generate_SEK(
[user_check] int *err_status,
[out, count = 1024] char *err_string,
[out, count = 1024] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len,
[out, count = 65] char* hex_SEK);
public void set_SEK(
[user_check] int *err_status,
[out, count = 1024] char *err_string,
[in, count = 1024] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len);
uint64_t encr_len);
public void set_SEK_backup(
[user_check] int *err_status,
[out, count = 1024] char *err_string,
[out, count = 1024] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len,
[in, count = 65] const char* SEK_hex);
public void generate_ecdsa_key_aes (
public void generate_ecdsa_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = ECDSA_ENCR_LEN] uint8_t* encrypted_key,
......@@ -180,7 +193,7 @@ enclave {
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void get_public_ecdsa_key_aes(
public void get_public_ecdsa_key_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
......@@ -188,7 +201,7 @@ enclave {
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void ecdsa_sign_aes(
public void ecdsa_sign_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
......@@ -199,14 +212,14 @@ enclave {
[user_check] uint8_t* sig_v,
int base);
public void encrypt_key_aes (
public void encrypt_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] char* key,
[in, count = 1024] const char* key,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len);
public void decrypt_key_aes (
public void decrypt_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
......@@ -214,45 +227,83 @@ enclave {
[out, count = 1024] char* key );
public void gen_dkg_secret_aes (
public void gen_dkg_secret_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = 3050] uint8_t* encrypted_dkg_secret,
[user_check] uint32_t * enc_len,
size_t _t);
public void decrypt_dkg_secret_aes (
public void decrypt_dkg_secret_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret,
[user_check] uint32_t* dec_len);
public void set_encrypted_dkg_poly_aes( [user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
[user_check] uint64_t* enc_len);
public void get_encr_sshare_aes(
[user_check]int *err_status,
[out, count = 1024] char *err_string,
[out, count = 1024] uint8_t *encrypted_skey,
[user_check] uint32_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, count = 129] char* pub_keyB,
uint8_t _t,
uint8_t _n,
uint8_t ind);
public void get_public_shares_aes (
public void set_encrypted_dkg_poly_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
[user_check] uint64_t* enc_len);
public void get_encr_sshare_aes(
[user_check]int *err_status,
[out, count = 1024] char *err_string,
[out, count = 1024] uint8_t *encrypted_skey,
[user_check] uint32_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, count = 129] char* pub_keyB,
uint8_t _t,
uint8_t _n,
uint8_t ind);
public void get_public_shares_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
[out, count = 10000] char* public_shares,
unsigned _t,
unsigned _n);
public void dkg_verification_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
uint32_t enc_len,
[out, count = 10000] char* public_shares,
[in, count = 8193] const char* public_shares,
[in, count = 193] const char* s_share,
[in, count = 1024] uint8_t* encrypted_key,
uint64_t key_len,
unsigned _t,
unsigned _n);
int _ind,
[user_check] int* result);
public void create_bls_key_aes(
[user_check]int *err_status,
[out, count = 1024] char* err_string,
[in, count = 6145] const char* s_shares,
[in, count = 1024] uint8_t* encrypted_key,
uint64_t key_len,
[out, count = 1024] uint8_t * encr_bls_key,
[user_check] uint32_t *enc_bls_key_len);
public void bls_sign_message_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[in, count = 1024] char* hashX ,
[in, count = 1024] char* hashY ,
[out, count = 1024] char* signature);
public void get_bls_pub_key_aes(
[user_check]int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint64_t key_len,
[out, count = 320] char* bls_pub_key);
......
sgxwallet.c
View file @ 83236f41
......@@ -38,9 +38,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "SEKManager.h"
#include <stdbool.h>
void usage() {
fprintf(stderr, "usage: sgxwallet\n");
exit(1);
......@@ -52,7 +56,8 @@ sgx_status_t status;
int updated;
int main(int argc, char *argv[]) {
void (*SEK_initializer)();
SEK_initializer = init_SEK;
bool check_client_cert = true;
bool sign_automatically = false;
int opt;
......@@ -62,7 +67,9 @@ int main(int argc, char *argv[]) {
exit(1);
}
while ((opt = getopt(argc, argv, "cshd0a")) != -1) {
while ((opt = getopt(argc, argv, "cshd0aby")) != -1) {
switch (opt) {
case 'h':
if (strlen(argv[1]) == 2 ) {
......@@ -70,6 +77,7 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "-s client certificate will be signed automatically\n");
fprintf(stderr, "-d turn on debug output\n");
fprintf(stderr, "-0 SGXWalletServer will be launched on http (not https)\n");
fprintf(stderr, "-b Enter backup key\n");
exit(0);
} else {
fprintf(stderr, "unknown flag %s\n", argv[1]);
......@@ -88,14 +96,21 @@ int main(int argc, char *argv[]) {
is_sgx_https = 0;
break;
case 'a':
is_aes = 1;
is_aes = 0;
break;
case 'b':
SEK_initializer = enter_SEK;
break;
case 'y':
autoconfirm = true;
break;
case '?': // fprintf(stderr, "unknown flag\n");
exit(1);
default:
break;
}
}
init_all(check_client_cert, sign_automatically);
init_all(check_client_cert, sign_automatically, SEK_initializer);
while (true) {
sleep(10);
......
sgxwallet_common.h
View file @ 83236f41
......@@ -38,6 +38,7 @@
extern int DEBUG_PRINT;
extern int is_sgx_https;
extern int is_aes;
extern bool autoconfirm;
#define BUF_LEN 1024
......@@ -93,11 +94,11 @@ extern int is_aes;
#define BASE_PORT 1026
#define WALLETDB_NAME "sgxwallet.db"//"test_sgxwallet.db"//
#define WALLETDB_NAME "sgxwallet.db"//"test_sgxwallet.db"
#define ENCLAVE_NAME "secure_enclave.signed.so"
#define SGXDATA_FOLDER "sgx_data/"
#define TEST_VALUE "1234567890"
......
testw.cpp
View file @ 83236f41
......@@ -78,6 +78,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "BLSPublicKeyShare.h"
#include "BLSPublicKey.h"
#include "SEKManager.h"
#include <thread>
#include "common.h"
......@@ -113,6 +115,7 @@ int updated;
#define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1"
void reset_db() {
//std::string db_name = SGXDATA_FOLDER + WALLETDB_NAME;
REQUIRE(system("rm -rf " WALLETDB_NAME) == 0);
}
......@@ -142,7 +145,7 @@ TEST_CASE("BLS key encrypt", "[bls-key-encrypt]") {
DEBUG_PRINT = 1;
is_sgx_https = 0;
init_all(false, false);
init_all(false, false, init_SEK);
char* key = encryptTestKey();
REQUIRE(key != nullptr);
......@@ -155,7 +158,7 @@ TEST_CASE("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
DEBUG_PRINT = 1;
is_sgx_https = 0;
init_all(false, false);
init_all(false, false, init_SEK);
//init_enclave();
int errStatus = -1;
......@@ -679,7 +682,7 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
is_sgx_https = 0;
DEBUG_PRINT = 1;
cerr<< "test started" << endl;
init_all(false, false);
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
StubClient c(client, JSONRPC_CLIENT_V2);
......@@ -801,8 +804,7 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
BLSPublicKey common_public(make_shared<map<size_t, shared_ptr<BLSPublicKeyShare>>>(koefs_pkeys_map), t, n);
REQUIRE( common_public.VerifySigWithHelper(hash_arr, commonSig, t, n) );
cout << "try to get bls public key" << endl;
cout << c.getBLSPublicKeyShare("BLS_KEY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:0");
}
TEST_CASE("API test", "[api_test]") {
......@@ -810,7 +812,7 @@ TEST_CASE("API test", "[api_test]") {
is_sgx_https = 0;
//cerr << __GNUC__ << endl;
cerr << "API test started" << endl;
init_all(false, false);
init_all(false, false, init_SEK);
//HttpServer httpserver(1025);
//SGXWalletServer s(httpserver,
// JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
......@@ -910,7 +912,7 @@ TEST_CASE("API test", "[api_test]") {
TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
is_sgx_https = 0;
init_all( false, false );
init_all( false, false, init_SEK );
HttpClient client("http://localhost:1029");
StubClient c(client, JSONRPC_CLIENT_V2);
REQUIRE(c.getServerStatus()["status"] == 0);
......@@ -1033,8 +1035,9 @@ void SendRPCRequest(){
TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
is_sgx_https = 0;
DEBUG_PRINT = 1;
is_aes = 1;
init_all( false, false );
init_all( false, false, init_SEK );
vector<thread> threads;
int num_threads = 4;
......@@ -1055,7 +1058,7 @@ TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
is_aes = 1;
cerr << "ecdsa_api_test started" << endl;
init_all(false, false);
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
......@@ -1104,7 +1107,7 @@ TEST_CASE("dkg API test", "[dkg_api_test]") {
is_sgx_https = 0;
cerr << "dkg_api_test started" << endl;
init_all(false, false);
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
......@@ -1178,7 +1181,7 @@ TEST_CASE("isPolyExists test", "[is_poly_test]") {
is_sgx_https = 0;
cerr << "is_poly_test started" << endl;
init_all(false, false);
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
......@@ -1202,51 +1205,204 @@ TEST_CASE("isPolyExists test", "[is_poly_test]") {
}
TEST_CASE("AES_DKG test", "[aes_dkg]") {
is_sgx_https = 0;
DEBUG_PRINT = 1;
is_aes = 1;
reset_db();
std::cerr << "test started" << std::endl;
init_all(false, false);
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
StubClient c(client, JSONRPC_CLIENT_V2);
cerr << "Client inited" << endl;
reset_db();
int n = 4, t = 4;
int n = 2, t = 2;
Json::Value EthKeys[n];
Json::Value VerifVects[n];
Json::Value pubEthKeys;
Json::Value secretShares[n];
Json::Value pubBLSKeys[n];
Json::Value BLSSigShares[n];
std::vector<std::string> pubShares(n);
std::vector<std::string> poly_names(n);
vector<string> pubShares(n);
vector<string> poly_names(n);
for (uint8_t i = 0; i < n; i++) {
int schain_id = rand_gen();
int dkg_id = rand_gen();
for ( uint8_t i = 0; i < n; i++){
EthKeys[i] = c.generateECDSAKey();
std::cerr << "after gen key" << std::endl;
string polyName = "POLY:SCHAIN_ID:" + to_string(schain_id) + ":NODE_ID:" + to_string(i) + ":DKG_ID:" + to_string(dkg_id);
REQUIRE(EthKeys[i]["status"] == 0);
std::string polyName =
"POLY:SCHAIN_ID:1:NODE_ID:" + std::to_string(i) + ":DKG_ID:0";
cout << c.generateDKGPoly(polyName, t);
poly_names[i] = polyName;
VerifVects[i] = c.getVerificationVector(polyName, t, n);
cout << "VV " << i << " " << VerifVects[i] << std::endl;
pubEthKeys.append(EthKeys[i]["PublicKey"]);
pubEthKeys.append(EthKeys[i]["publicKey"]);
}
// for ( uint8_t i = 0; i < n; i++){
// secretShares[i] = c.getSecretShare(poly_names[i], pubEthKeys, t, n);
// cout << secretShares[i] << std::endl;
// REQUIRE(secretShares[i]["status"] == 0);
// for ( uint8_t k = 0; k < t; k++ ) {
// for (uint8_t j = 0; j < 4; j++) {
// string pubShare = VerifVects[i]["verificationVector"][k][j].asString();
// pubShares[i] += ConvertDecToHex(pubShare);
// }
for ( uint8_t i = 0; i < n; i++){
secretShares[i] = c.getSecretShare(poly_names[i], pubEthKeys, t, n);
cout << secretShares[i] << std::endl;
REQUIRE(secretShares[i]["status"] == 0);
for ( uint8_t k = 0; k < t; k++ )
for (uint8_t j = 0; j < 4; j++){
string pubShare = VerifVects[i]["verificationVector"][k][j].asString();
pubShares[i] += ConvertDecToHex(pubShare);
}
// pSharesBad[i][0] = 'q';
// Json::Value wrongVerif = c.dkgVerification(pSharesBad[i], EthKeys[j]["keyName"].asString(), secretShare, t, n, j);
// res = wrongVerif["result"].asBool();
// REQUIRE(!res);
// cerr << "wrong verification " << wrongVerif << endl;
// }
}
int k = 0;
vector <string> secShares_vect(n);
for ( int i = 0; i < n; i++)
for ( int j = 0; j < n; j++){
// if ( i != j ){
cerr << "SecretShare length is " << secretShares[i]["secretShare"].asString().length() << endl;
string secretShare = secretShares[i]["secretShare"].asString().substr(192 * j, 192 );
secShares_vect[i] += secretShares[j]["secretShare"].asString().substr(192 * i, 192 );
Json::Value verif = c.dkgVerification(pubShares[i], EthKeys[j]["keyName"].asString(), secretShare, t, n, j);
cout << verif;
bool res = verif["result"].asBool();
k++;
cerr << "NOW K IS " << k << " i is " << i << " j is " << j << endl;
REQUIRE( res );
// }
}
Json::Value complaintResponse = c.complaintResponse(poly_names[1], 0);
cout << complaintResponse << endl;
REQUIRE(complaintResponse["status"] == 0);
cerr << "share * G2 is " << complaintResponse["share*G2"].asString();
cerr << "DHKey is " << complaintResponse["dhKey"].asString();
BLSSigShareSet sigShareSet(t, n);
string hash = "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db";
auto hash_arr = make_shared<array<uint8_t, 32>>();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())){
throw RPCException(INVALID_HEX, "Invalid hash");
}
map<size_t, shared_ptr<BLSPublicKeyShare>> koefs_pkeys_map;
for ( int i = 0; i < t; i++){
string endName = poly_names[i].substr(4);
string blsName = "BLS_KEY" + poly_names[i].substr(4);
cout << c.createBLSPrivateKey(blsName, EthKeys[i]["keyName"].asString(), poly_names[i], secShares_vect[i], t, n);
pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
cout << pubBLSKeys[i] << endl;
REQUIRE(pubBLSKeys[i]["status"] == 0);
cerr << "BLS KEY SHARE NAME IS" << blsName << endl;
string hash = "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db";
BLSSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n, i + 1);
cout << BLSSigShares[i] << std::endl;
REQUIRE( BLSSigShares[i]["status"] == 0);
cerr << i << " sig share is created " << endl;
shared_ptr<string> sig_share_ptr = make_shared<string>(BLSSigShares[i]["signatureShare"].asString());
BLSSigShare sig(sig_share_ptr, i + 1, t, n);
sigShareSet.addSigShare(make_shared<BLSSigShare>(sig));
vector<string> pubKey_vect;
for ( uint8_t j = 0; j < 4; j++){
pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString());
}
BLSPublicKeyShare pubKey(make_shared<vector<string>>(pubKey_vect), t, n);
REQUIRE( pubKey.VerifySigWithHelper(hash_arr, make_shared<BLSSigShare>(sig) , t, n));
koefs_pkeys_map[i+1] = make_shared<BLSPublicKeyShare>(pubKey);
}
shared_ptr<BLSSignature> commonSig = sigShareSet.merge();
BLSPublicKey common_public(make_shared<map<size_t, shared_ptr<BLSPublicKeyShare>>>(koefs_pkeys_map), t, n);
REQUIRE( common_public.VerifySigWithHelper(hash_arr, commonSig, t, n) );
sgx_destroy_enclave(eid);
}
TEST_CASE("bls_sign_api test", "[bls_sign]") {
is_sgx_https = 0;
DEBUG_PRINT = 1;
is_aes = 1;
std::cerr << "test started" << std::endl;
init_all(false, false, init_SEK);
cerr << "Server inited" << endl;
HttpClient client("http://localhost:1029");
StubClient c(client, JSONRPC_CLIENT_V2);
cerr << "Client inited" << endl;
string hash = "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db";
string blsName = "BLS_KEY:SCHAIN_ID:323669558:NODE_ID:1:DKG_ID:338183455";
int n = 4, t = 4;
Json::Value pubBLSKey = c.getBLSPublicKeyShare(blsName);
REQUIRE(pubBLSKey["status"] == 0);
cout << pubBLSKey << endl;
Json::Value sign = c.blsSignMessageHash(blsName, hash, t, n, 1);
cout << sign << endl;
REQUIRE(sign["status"] == 0);
// vector<string> pubKey_vect;
// for ( uint8_t j = 0; j < 4; j++){
// pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString());
// }
// BLSPublicKeyShare pubKey(make_shared<vector<string>>(pubKey_vect), t, n);
// REQUIRE( pubKey.VerifySigWithHelper(hash_arr, make_shared<BLSSigShare>(sig) , t, n));
}
TEST_CASE("AES encrypt/decrypt", "[AES-encrypt-decrypt]") {
{
DEBUG_PRINT = 1;
is_sgx_https = 0;
init_all(false, false, init_SEK);
//init_enclave();
int errStatus = -1;
char* errMsg = (char*) calloc(BUF_LEN, 1);
uint32_t enc_len;
std::string key = "123456789";
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
status = encrypt_key_aes(eid, &errStatus, errMsg, key.c_str(), encrypted_key, &enc_len);
REQUIRE(status == 0);
std::cerr << "key encrypted with status " << status << " err msg " << errMsg << std::endl;
char decr_key[BUF_LEN];
memset(decr_key, 0, BUF_LEN);
status = decrypt_key_aes(eid, &errStatus, errMsg, encrypted_key, enc_len, decr_key);
REQUIRE(status == 0);
std::cerr << "key encrypted with status " << status << " err msg " << errMsg << std::endl;
std::cerr << "decrypted key is " << decr_key << std::endl;
REQUIRE( key.compare(decr_key) == 0);
sgx_destroy_enclave(eid);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment