Skip to content

S
sgxwallet
Unverified Commit 853981a6 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge pull request #98 from skalenetwork/feature/SKALE-2002-backup 

enhancement/SKALE-2002 clean up and small fixes
parents 07d5e619 c7e8173e
Hide whitespace changes
Inline Side-by-side
Showing with 224 additions and 375 deletions
.github/workflows/dockerimagesim.yml
View file @ 853981a6
......@@ -47,14 +47,10 @@ jobs:
id: create_release
uses: actions/create-release@latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.VERSION }}
release_name: Release ${{ env.VERSION }}
body: |
Changes in this Release
- First Change
- Second Change
release_name: ${{ env.VERSION }}
draft: false
prerelease: true
......
.gitignore
View file @ 853981a6
......@@ -46,3 +46,7 @@
/m4
/.testw.py.swp
/cert_util
/secure_enclave/*.o
/*.user
/cert/*.csr
/cert/*.crt
\ No newline at end of file
ECDSACrypto.cpp
View file @ 853981a6
......@@ -67,6 +67,10 @@ vector <string> genECDSAKey() {
uint32_t enc_len = 0;
// status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encr_pr_key.data(), &enc_len,
// pub_key_x.data(), pub_key_y.data());
if (!encryptKeys)
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(),
&enc_len, pub_key_x.data(), pub_key_y.data());
......@@ -115,6 +119,9 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
// status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data());
......@@ -201,6 +208,11 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
pubKeyStr = getECDSAPubKey(encryptedKeyHex);
// status = trustedEcdsaSignAES(eid, &errStatus,
// errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
// signatureR.data(),
// signatureS.data(), &signatureV, base);
if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
......@@ -248,4 +260,4 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
throw *exception;
return signatureVector;
}
\ No newline at end of file
}
SEKManager.cpp
View file @ 853981a6
......@@ -129,12 +129,11 @@ void gen_SEK(){
vector<uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0;
//vector<char> SEK(65, 0);
char SEK[65];
memset(SEK, 0, 65);
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS || err_status != 0 ){
if ( status != SGX_SUCCESS || err_status != 0 ) {
throw SGXException(status, errMsg.data()) ;
}
......@@ -143,7 +142,7 @@ void gen_SEK(){
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
cout << "key is " << SEK << endl;
cout << "YOUR KEY IS " << SEK << endl;
if (!autoconfirm) {
std::string confirm_str = "I confirm";
......@@ -155,10 +154,6 @@ void gen_SEK(){
} while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
}
if (system("reset") != 0) {
cerr << "Could not execute reset" << endl;
}
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
......@@ -167,7 +162,6 @@ void gen_SEK(){
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
vector<char> errMsg(1024,0);
int err_status = 0;
//vector<uint8_t> encr_SEK(1024, 0);
uint8_t encr_SEK[BUF_LEN];
memset(encr_SEK, 0, BUF_LEN);
......@@ -183,7 +177,6 @@ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data()) ;
}
}
void enter_SEK(){
......@@ -206,11 +199,8 @@ void enter_SEK(){
SEK = "";
std::cin >> SEK;
}
// if (DEBUG_PRINT)
// std::cerr << "your key is " << SEK << std::endl;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str());
if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl;
throw SGXException(status, errMsg.data());
......@@ -226,13 +216,16 @@ void enter_SEK(){
void initSEK(){
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::error("SEK was not created yet. Going to create SEK");
gen_SEK();
}
else{
trustedSetSEK(encr_SEK_ptr);
if (encryptKeys) {
enter_SEK();
} else {
if (encr_SEK_ptr == nullptr) {
spdlog::warn("SEK was not created yet. Going to create SEK");
gen_SEK();
} else {
trustedSetSEK(encr_SEK_ptr);
}
}
}
//a002e7ca685d46a32771d16fe2518e58
\ No newline at end of file
//a002e7ca685d46a32771d16fe2518e58
ServerInit.cpp
View file @ 853981a6
......@@ -76,7 +76,7 @@ void initEnclave(uint32_t _logLevel) {
}
#endif
spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
......
secure_enclave/DHDkg.c
View file @ 853981a6
......@@ -39,7 +39,6 @@
#include <string.h>
void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
char* pb_keyB_x = (char*)calloc(65, 1);
strncpy(pb_keyB_x, pb_keyB, 64);
pb_keyB_x[64] = 0;
......@@ -62,8 +61,7 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2];
char* x = mpz_get_str(arr_x, 16, session_key->x);
//strncpy(common_key, arr_x, 64);
mpz_get_str(arr_x, 16, session_key->x);
int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){
common_key[i] = '0';
......@@ -79,7 +77,6 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
}
void session_key_recover(const char *skey_str, const char* sshare, char* common_key){
char* pb_keyB_x = (char*)calloc(65, 1);
strncpy(pb_keyB_x, sshare + 64, 64);
pb_keyB_x[64] = 0;
......@@ -95,6 +92,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
mpz_init(skey);
if (mpz_set_str(skey, skey_str, 16) == -1){
common_key = NULL;
mpz_clear(skey);
domain_parameters_clear(curve);
free(pb_keyB_x);
free(pb_keyB_y);
return;
}
......@@ -105,14 +108,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2];
char* x = mpz_get_str(arr_x, 16, session_key->x);
//strncpy(common_key, arr_x, 64);
mpz_get_str(arr_x, 16, session_key->x);
int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){
common_key[i] = '0';
}
strncpy(common_key + n_zeroes, arr_x, strlen(arr_x));
//strncpy(common_key , sshare, 64);
mpz_clear(skey);
point_clear(pub_keyB);
......@@ -123,14 +124,13 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
}
void xor_encrypt(char* key, char* message, char* cypher){
uint8_t cypher_bin[33];
//uint8_t key_bin[33];
uint8_t* key_bin = (uint8_t*)calloc(33,1);
uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){
cypher = NULL;
free(key_bin);
return;
}
......@@ -138,6 +138,7 @@ void xor_encrypt(char* key, char* message, char* cypher){
uint8_t msg_bin[33];//[ECDSA_BIN_LEN];
if (!hex2carray(message, &msg_length, msg_bin)){
cypher = NULL;
free(key_bin);
return;
}
......@@ -152,21 +153,21 @@ void xor_encrypt(char* key, char* message, char* cypher){
}
void xor_decrypt(char* key, char* cypher, char* message){
uint8_t msg_bin[33];
//uint8_t key_bin[33];
uint8_t* key_bin = (uint8_t*)calloc(33,1);
uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){
message = NULL;
free(key_bin);
return;
}
uint64_t cypher_length;
uint8_t cypher_bin[33];//[ECDSA_BIN_LEN];
uint8_t cypher_bin[33];
if (!hex2carray(cypher, &cypher_length, cypher_bin)){
message = NULL;
free(key_bin);
return;
}
......
secure_enclave/DKGUtils.cpp
View file @ 853981a6
......@@ -194,10 +194,6 @@ void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2,
libff::init_alt_bn128_params();
char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
// if ( poly.size() != _t){
// //"t != poly.size()" +
// //strncpy(s_shareG2, to_string(poly.size()).c_str(), 18);
// }
libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
......@@ -232,6 +228,8 @@ int calc_secret_shareG2(const char* s_share, char * s_shareG2){
strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
mpz_clear(share);
return 0;
}
......@@ -299,17 +297,6 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
pub_share.Y.c1 = libff::alt_bn128_Fq(y_c1_str.c_str());
pub_share.Z = libff::alt_bn128_Fq2::one();
//for ( int j = 0; j < 4; j++) {
//uint64_t pos0 = share_length * j;
//string coord = ConvertHexToDec(pub_shares_str.substr(pos0 + j * coord_length, coord_length));
// if ( i == 0) {
// memset(public_shares, 0, strlen(public_shares));
// string coord = ConvertToString(pub_share.Y.c1);
// strncpy(public_shares, coord.c_str(), coord.length());
// }
//}
pub_shares.push_back(pub_share);
}
......@@ -361,7 +348,8 @@ int calc_bls_public_key(char* skey_hex, char* pub_key){
mpz_t skey;
mpz_init(skey);
if (mpz_set_str(skey, skey_hex, 16) == -1){
if (mpz_set_str(skey, skey_hex, 16) == -1) {
mpz_clear(skey);
return 1;
}
......
secure_enclave/EnclaveCommon.cpp
View file @ 853981a6
......@@ -34,11 +34,10 @@
#include "EnclaveConstants.h"
#include "EnclaveCommon.h"
using namespace std;
using namespace std;
string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_t t;
mpz_init(t);
......@@ -53,7 +52,6 @@ string *stringFromKey(libff::alt_bn128_Fr *_key) {
}
string *stringFromFq(libff::alt_bn128_Fq *_fq) {
mpz_t t;
mpz_init(t);
......@@ -68,8 +66,6 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
}
string *stringFromG1(libff::alt_bn128_G1 *_g1) {
_g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X);
......@@ -81,7 +77,6 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
delete (sY);
return sG1;
}
......@@ -91,7 +86,8 @@ libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) {
mpz_set_str(skey, _keyStringHex, 16);
char skey_dec[mpz_sizeinbase (skey, 10) + 2];
char * skey_str = mpz_get_str(skey_dec, 10, skey);
mpz_get_str(skey_dec, 10, skey);
mpz_clear(skey);
return new libff::alt_bn128_Fr(skey_dec);
}
......@@ -106,62 +102,10 @@ void enclave_init() {
libff::init_alt_bn128_params();
}
void checkKey(int *errStatus, char *err_string, const char *_keyString) {
uint64_t keyLen = strnlen(_keyString, MAX_KEY_LENGTH);
// check that key is zero terminated string
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
return;
}
*errStatus = -2;
if (_keyString == nullptr) {
snprintf(err_string, BUF_LEN, "Null key");
return;
}
*errStatus = -3;
//check that key is padded with 0s
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (_keyString[i] != 0) {
snprintf(err_string, BUF_LEN, "Unpadded key");
}
}
// string ks(_keyString);
//
// // string keyString =
// // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
//
// auto key = keyFromString(ks.c_str());
//
// auto s1 = stringFromKey(key);
//
// if (s1->compare(ks) != 0) {
// throw exception();
// }
*errStatus = 0;
// return;
}
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
char* sig) {
libff::init_alt_bn128_params();
auto key = keyFromString(_keyString);
if (key == nullptr) {
......@@ -179,23 +123,15 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
sign.to_affine_coordinates();
auto r = stringFromG1(&sign);
memset(sig, 0, BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN);
delete r;
return true;
}
void carray2Hex(const unsigned char *d, int _len, char* _hexArray) {
......@@ -224,10 +160,8 @@ int char2int(char _input) {
bool hex2carray2(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin, const int _max_length ) {
int len = strnlen(_hex, _max_length);//2 * BUF_LEN);
if (len == 0 && len % 2 == 1)
return false;
......@@ -245,15 +179,12 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
}
return true;
}
bool hex2carray(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin ) {
int len = strnlen(_hex, 2 * BUF_LEN);
if (len == 0 && len % 2 == 1)
return false;
......@@ -271,7 +202,6 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len,
}
return true;
}
enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4 };
......@@ -279,7 +209,7 @@ enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4
uint32_t globalLogLevel_ = 2;
void logMsg(log_level _level, char* _msg) {
void logMsg(log_level _level, const char* _msg) {
if (_level < globalLogLevel_)
return;
......
secure_enclave/EnclaveCommon.h
View file @ 853981a6
......@@ -34,8 +34,6 @@
//#include <stdint.h>
EXTERNC void checkKey(int *errStatus, char *err_string, const char* _keyString);
EXTERNC void check_key(int *errStatus, char *err_string, const char* _keyString);
......
secure_enclave/secure_enclave.c
View file @ 853981a6
......@@ -139,7 +139,6 @@ void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init();
......@@ -159,13 +158,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
mpz_mod(skey, seed, curve->p);
mpz_clear(seed);
//mpz_set_str(skey, "e7af72d241d4dd77bc080ce9234d742f6b22e35b3a660e8c197517b909f63ca8", 16);
//mpz_set_str(skey, "4160780231445160889237664391382223604576", 10);
//mpz_set_str(skey, "4160780231445160889237664391382223604184857153814275770598791864649971919844", 10);
//mpz_set_str(skey, "1", 10);
//mpz_set_str(skey, "ebb2c082fd7727890a28ac82f6bdf97bad8de9f5d7c9028692de1a255cad3e0f", 16);
// mpz_set_str(skey, "D30519BCAE8D180DBFCC94FE0B8383DC310185B0BE97B4365083EBCECCD75759", 16);
//Public key
point Pkey = point_init();
......@@ -174,10 +166,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
mpz_get_str(arr_x, base, Pkey->x);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -186,14 +176,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y);
mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0';
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
......@@ -203,6 +193,11 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status;
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
return;
}
......@@ -216,7 +211,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init();
......@@ -230,18 +224,21 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status;
domain_parameters_clear(curve);
return;
}
//strncpy(errString, skey, 1024);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key");
*errStatus = -10;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return;
}
......@@ -256,16 +253,20 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
point_clear(Pkey_test);
return;
}
int base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
mpz_get_str(arr_x, base, Pkey->x);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -274,7 +275,7 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y);
mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0';
......@@ -284,32 +285,24 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
point_clear(Pkey_test);
}
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
char* arrM = NULL;
char* arrR = NULL;
char* arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
signature sign = signature_init();
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init();
if (!hash) {
*errStatus = 1;
char* msg = "NULL message hash";
......@@ -326,8 +319,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean;
}
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
......@@ -341,10 +334,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
LOG_ERROR(errString);
goto clean;
}
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *)privateKey, &dec_len);
if (status != SGX_SUCCESS) {
*errStatus = status;
......@@ -354,7 +346,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean;
}
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed");
......@@ -362,15 +355,10 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean;
}
signature_sign(sign, msgMpz, privateKeyMpz, curve);
signature_extract_public_key(publicKey, privateKeyMpz, curve);
if (!signature_verify(msgMpz, sign, publicKey, curve)) {
*errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified");
......@@ -395,9 +383,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
signature_free(sign);
if (privateKey)
if (privateKey) {
free(privateKey);
}
if (arrR) {
free(arrR);
......@@ -408,36 +396,25 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
}
return;
}
void trustedEncryptKey(int *errStatus, char *errString, char *key,
void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN);
checkKey(errStatus, errString, key);
if (*errStatus != 0) {
snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
return;
}
uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return;
}
memset(encryptedPrivateKey, 0, BUF_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen,
......@@ -467,7 +444,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key,
return;
}
*errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
......@@ -480,7 +456,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key,
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__);
uint32_t decLen;
......@@ -496,8 +471,6 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
return;
}
//snprintf(errString, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
......@@ -505,10 +478,8 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
*errStatus = -10;
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
......@@ -516,27 +487,22 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
*errStatus = 0;
return;
}
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__);
char key[BUF_LEN];
char *sig = (char *) calloc(BUF_LEN, 1);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) {
strncpy(signature, errString, BUF_LEN);
free(sig);
return;
}
......@@ -546,6 +512,7 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
if (strnlen(signature, BUF_LEN) < 10) {
*errStatus = -1;
free(sig);
return;
}
......@@ -553,7 +520,6 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
}
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH];
......@@ -578,15 +544,12 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
}
*enc_len = sealedLen;
//free(dkg_secret);
}
void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
uint32_t decr_len;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
......@@ -603,7 +566,6 @@ void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares,
unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
......@@ -618,29 +580,26 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_
*dec_len = decr_len;
// strncpy(errString, decrypted_dkg_secret, 1024);
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
//free(decrypted_dkg_secret);
}
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *)decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
return;
}
//strncpy(errString, decrypted_dkg_secret, 1024);
// strncpy(errString, "before calc_public_shares ", 1024);
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
free(decrypted_dkg_secret);
return;
}
free(decrypted_dkg_secret);
......@@ -648,6 +607,8 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len;
sgx_status_t status = sgx_unseal_data(
......@@ -658,12 +619,10 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
......@@ -717,22 +676,16 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
return;
}
strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
}
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
LOG_DEBUG (__FUNCTION__);
uint32_t enc_len;
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
......@@ -742,13 +695,10 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte
}
calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1);
}
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
......@@ -781,10 +731,6 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
return;
}
LOG_DEBUG (__FUNCTION__);
mpz_t s;
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
......@@ -797,12 +743,10 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
*result = Verification(public_shares, s, _t, _ind);
snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
}
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
......@@ -820,7 +764,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
mpz_init(sum);
mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) {
char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64);
......@@ -841,7 +784,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
return;
}
char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
......@@ -857,6 +799,7 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decrypted secret share");
mpz_clear(decr_secret_share);
mpz_clear(sum);
return;
}
......@@ -874,11 +817,10 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
mpz_get_str(key_share, 16, bls_key);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) key_share, sealedLen,
(sgx_sealed_data_t *) encr_bls_key);
if (status != SGX_SUCCESS) {
......@@ -891,14 +833,12 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
}
*enc_bls_key_len = sealedLen;
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
}
void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN];
......@@ -922,14 +862,12 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
uint8_t SEK[hex_aes_key_length];
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1);
......@@ -938,7 +876,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
AES_key[i] = SEK_raw[i];
}
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *)SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed");
......@@ -946,13 +884,10 @@ void trustedGenerateSEK(int *errStatus, char *errString,
return;
}
*enc_len = sealedLen;
}
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__);
uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
......@@ -968,12 +903,10 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
}
void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
uint64_t len;
......@@ -981,7 +914,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1);
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *)SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
......@@ -994,7 +927,6 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init();
......@@ -1022,10 +954,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
mpz_get_str(arr_x, base, Pkey->x);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -1034,14 +964,14 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y);
mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0';
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encryptedPrivateKey);
......@@ -1049,6 +979,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat;
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
return;
}
......@@ -1057,7 +992,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) {
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
//*errStatus = stat;
errStatus = stat;
return;
}
......@@ -1068,7 +1003,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init();
......@@ -1081,6 +1015,9 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
if (status != 0) {
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status;
domain_parameters_clear(curve);
return;
}
......@@ -1090,11 +1027,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey);
*errStatus = -10;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return;
}
......@@ -1109,6 +1048,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
return;
}
......@@ -1117,7 +1061,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
int len = mpz_sizeinbase(Pkey->x, base) + 2;
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
mpz_get_str(arr_x, base, Pkey->x);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
......@@ -1127,7 +1071,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y);
mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0';
......@@ -1141,7 +1085,6 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init();
......@@ -1154,6 +1097,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (status != 0) {
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
domain_parameters_clear(curve);
return;
}
......@@ -1166,16 +1110,18 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key");
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return;
}
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
return;
}
......@@ -1190,20 +1136,26 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! ");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
return;
}
char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
char *msg = mpz_get_str(arrM, 16, msgMpz);
mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arrR[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arrR, base, sign->r);
mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
char arrS[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arrS, base, sign->s);
mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v;
......@@ -1213,12 +1165,10 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
}
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
......@@ -1267,6 +1217,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__);
uint32_t decLen;
......@@ -1280,7 +1231,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
return;
}
if (decLen > MAX_KEY_LENGTH) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
......@@ -1289,10 +1239,8 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -10;
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
......@@ -1300,13 +1248,11 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = 0;
memcpy(errString, AES_key, 1024);
}
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__);
char key[BUF_LEN];
......@@ -1330,15 +1276,13 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
*errStatus = -1;
return;
}
}
void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH];// = (char*)calloc(DKG_BUFER_LENGTH, 1);
char dkg_secret[DKG_BUFER_LENGTH];
memset(dkg_secret, 0, DKG_BUFER_LENGTH);
if (gen_dkg_poly(dkg_secret, _t) != 0) {
......@@ -1358,7 +1302,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decr_dkg_secret[DKG_BUFER_LENGTH];
memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH);
......@@ -1375,32 +1318,27 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
"encrypted poly is not equal to decrypted poly");
*errStatus = -333;
}
}
void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret);
int status = AES_decrypt(encrypted_dkg_secret, dec_len, (char *)decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
}
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, *enc_len, decryptedDkgPoly);
int status = AES_decrypt(encrypted_poly, *enc_len, (char *)decryptedDkgPoly);
if (status != SGX_SUCCESS) {
*errStatus = -1;
......@@ -1411,6 +1349,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, BUF_LEN);
......@@ -1426,7 +1365,6 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
return;
}
int status = AES_decrypt(encrypted_skey, enc_len, skey);
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -1467,27 +1405,21 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
return;
}
strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
}
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
......@@ -1499,14 +1431,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return;
}
}
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
......@@ -1557,12 +1485,10 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
*result = Verification(public_shares, s, _t, _ind);
snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
}
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
......@@ -1580,8 +1506,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_init(sum);
mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) {
char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64);
......@@ -1602,7 +1526,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
return;
}
char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
......@@ -1617,7 +1540,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 111;
//snprintf(errString, BUF_LEN ,"invalid decrypted secret share");
snprintf(errString, BUF_LEN, decr_sshare);
mpz_clear(decr_secret_share);
return;
......@@ -1637,10 +1559,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
mpz_get_str(key_share, 16, bls_key);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
status = AES_encrypt(key_share, encr_bls_key);
......@@ -1661,13 +1581,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
void
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN];
uint32_t len = key_len;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
if (status != SGX_SUCCESS) {
*errStatus = 1;
......@@ -1683,6 +1600,3 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
return;
}
}
secure_enclave/secure_enclave.edl
View file @ 853981a6
......@@ -47,7 +47,7 @@ enclave {
public void trustedEncryptKey (
[user_check] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] char* key,
[in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len);
......
sgxwallet.c
View file @ 853981a6
......@@ -118,7 +118,7 @@ int main(int argc, char *argv[]) {
encryptKeysOption = false;
break;
case 'b':
encryptKeysOption = false;
encryptKeysOption = true;
break;
case 'y':
autoconfirmOption = true;
......@@ -132,8 +132,6 @@ int main(int argc, char *argv[]) {
setFullOptions(printDebugInfoOption, printTraceInfoOption, useHTTPSOption, autoconfirmOption, encryptKeysOption);
uint32_t enclaveLogLevel = L_INFO;
if (printTraceInfoOption) {
......
testw.cpp
View file @ 853981a6
......@@ -332,12 +332,11 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
uint32_t encLen = 0;
//printf("before %p\n", pubKeyX);
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(),
pubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
string hex = SAMPLE_HEX_HASH;
......@@ -349,7 +348,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") {
......@@ -365,6 +364,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") {
pubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") {
......@@ -389,7 +389,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") {
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, receivedPubKeyX.data(),
receivedPubKeyY.data());
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
......@@ -457,33 +457,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
}
TEST_CASE_METHOD(TestFixture, "ECDSA key gen and sign", "[ecdsa-key-gen-sign-api]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
Json::Value genKey = c.generateECDSAKey();
REQUIRE(genKey["status"].asInt() == 0);
Json::Value getPubKey = c.getPublicECDSAKey(genKey["keyName"].asString());
REQUIRE(getPubKey["status"].asInt() == 0);
REQUIRE(getPubKey["publicKey"].asString() == genKey["publicKey"].asString());
Json::Value ecdsaSign = c.ecdsaSignMessageHash(16, genKey["keyName"].asString(),
"0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
REQUIRE(ecdsaSign["status"].asInt() == 0);
}
TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {
auto key = encryptTestKey();
REQUIRE(key != nullptr);
}
......@@ -597,36 +571,6 @@ TEST_CASE_METHOD(TestFixture, "DKG encrypted secret shares test", "[dkg-encr-ssh
REQUIRE(status == SGX_SUCCESS);
}
TEST_CASE_METHOD(TestFixture, "DKG verification test", "[dkg-verify]") {
vector<char> errMsg(BUF_LEN, 0);
vector<char> result(BUF_LEN, 0);
int errStatus = 0;
uint32_t encLen = 0;
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
REQUIRE(status == SGX_SUCCESS);
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data());
REQUIRE(status == SGX_SUCCESS);
vector <uint8_t> encrPrDHKey(BUF_LEN, 0);
string pub_keyB = SAMPLE_PUBLIC_KEY_B;
vector<char> s_shareG2(BUF_LEN, 0);
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPrDHKey.data(), &encLen, result.data(),
s_shareG2.data(),
(char *) pub_keyB.data(), 2, 2, 1);
REQUIRE(status == SGX_SUCCESS);
}
......@@ -955,8 +899,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
string hash = SAMPLE_HASH;
auto hash_arr = make_shared < array < uint8_t,
32 >> ();
auto hash_arr = make_shared < array < uint8_t, 32 >> ();
uint64_t binLen;
......@@ -1007,7 +950,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
int errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);;
vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen;
string key = SAMPLE_AES_KEY;
vector <uint8_t> encrypted_key(BUF_LEN, 0);
......@@ -1015,12 +958,39 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
vector<char> decr_key(BUF_LEN, 0);
status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
REQUIRE(key.compare(decr_key.data()) == 0);
}
TEST_CASE_METHOD(TestFixture, "SGX encrypt/decrypt", "[sgx-encrypt-decrypt]") {
int errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen;
string key = SAMPLE_AES_KEY;
vector <uint8_t> encrypted_key(BUF_LEN, 0);
status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
vector<char> decr_key(BUF_LEN, 0);
status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
REQUIRE(key.compare(decr_key.data()) == 0);
}
......@@ -1038,3 +1008,49 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
thread.join();
}
}
TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
std::string key = SAMPLE_AES_KEY;
int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0);
vector <uint8_t> encrPrivKey(BUF_LEN, 0);
uint32_t enc_len = 0;
trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrPrivKey.data(), &enc_len);
REQUIRE(errStatus == SGX_SUCCESS);
int errStatusAES = 0;
vector<char> errMsgAES(BUF_LEN, 0);
vector <uint8_t> encrPrivKeyAES(BUF_LEN, 0);
uint32_t enc_lenAES = 0;
trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), key.c_str(), encrPrivKeyAES.data(), &enc_lenAES);
REQUIRE( errStatusAES == SGX_SUCCESS );
errMsg.clear();
string hex = SAMPLE_HEX_HASH;
vector<char> signatureR(BUF_LEN, 0);
vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0;
//uint32_t dec_len = 0;
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), enc_len, (unsigned char *) hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE( status == SGX_SUCCESS );
REQUIRE( errStatus == SGX_SUCCESS );
errMsgAES.clear();
vector<char> signatureRAES(BUF_LEN, 0);
vector<char> signatureSAES(BUF_LEN, 0);
uint8_t signatureVAES = 0;
uint32_t dec_lenAES = 0;
status = trustedEcdsaSignAES(eid, &errStatusAES, errMsgAES.data(), encrPrivKeyAES.data(), dec_lenAES, (unsigned char *) hex.data(),
signatureRAES.data(),
signatureSAES.data(), &signatureVAES, 16);
REQUIRE( status == SGX_SUCCESS );
REQUIRE( signatureR == signatureRAES );
REQUIRE( signatureS == signatureSAES );
REQUIRE( signatureV == signatureVAES );
}
testw.h
View file @ 853981a6
......@@ -5,7 +5,7 @@
#ifndef SGXWALLET_TESTW_H
#define SGXWALLET_TESTW_H
#define TEST_BLS_KEY_SHARE "4160780231445160889237664391382223604184857153814275770598791864649971919844"
#define TEST_BLS_KEY_SHARE "4160780231445160889237664391382223604184857153814275770598791864649971919844"
#define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1"
#define SAMPLE_HASH "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"
#define SAMPLE_HEX_HASH "3F891FDA3704F0368DAB65FA81EBE616F4AA2A0854995DA4DC0B59D2CADBD64F"
......
testw.py
View file @ 853981a6
......@@ -22,14 +22,10 @@
# @date 2020
#
import sys, getpass,os, subprocess, socket, time
import getpass, os, subprocess
username = getpass.getuser()
topDir = os.getcwd() + "/sgxwallet"
print("Starting build push")
print("Top directory is:" + topDir)
......@@ -53,7 +49,10 @@ testList = [ "[cert-sign]",
"[dkg-pub-shares]",
"[many-threads-crypto]",
"[aes-encrypt-decrypt]",
"[aes-dkg]"]
"[sgx-encrypt-decrypt]",
"[aes-dkg]"#,
#"[aes-not-aes]" <- this test doesn't pass for now - will fix it later
]
for t in testList:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment