Skip to content

S
sgxwallet
Unverified Commit 853981a6 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge pull request #98 from skalenetwork/feature/SKALE-2002-backup 

enhancement/SKALE-2002 clean up and small fixes
parents 07d5e619 c7e8173e
Hide whitespace changes
Inline Side-by-side
Showing with 224 additions and 375 deletions
.github/workflows/dockerimagesim.yml
View file @ 853981a6
...@@ -47,14 +47,10 @@ jobs: ...@@ -47,14 +47,10 @@ jobs:
id: create_release id: create_release
uses: actions/create-release@latest uses: actions/create-release@latest
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:
tag_name: ${{ env.VERSION }} tag_name: ${{ env.VERSION }}
release_name: Release ${{ env.VERSION }} release_name: ${{ env.VERSION }}
body: |
Changes in this Release
- First Change
- Second Change
draft: false draft: false
prerelease: true prerelease: true
......
.gitignore
View file @ 853981a6
...@@ -46,3 +46,7 @@ ...@@ -46,3 +46,7 @@
/m4 /m4
/.testw.py.swp /.testw.py.swp
/cert_util /cert_util
/secure_enclave/*.o
/*.user
/cert/*.csr
/cert/*.crt
\ No newline at end of file
ECDSACrypto.cpp
View file @ 853981a6
...@@ -67,6 +67,10 @@ vector <string> genECDSAKey() { ...@@ -67,6 +67,10 @@ vector <string> genECDSAKey() {
uint32_t enc_len = 0; uint32_t enc_len = 0;
// status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encr_pr_key.data(), &enc_len,
// pub_key_x.data(), pub_key_y.data());
if (!encryptKeys) if (!encryptKeys)
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(), status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(),
&enc_len, pub_key_x.data(), pub_key_y.data()); &enc_len, pub_key_x.data(), pub_key_y.data());
...@@ -115,6 +119,9 @@ string getECDSAPubKey(const char *_encryptedKeyHex) { ...@@ -115,6 +119,9 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
} }
// status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
// errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (!encryptKeys) if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data()); pubKeyY.data());
...@@ -201,6 +208,11 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, ...@@ -201,6 +208,11 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
pubKeyStr = getECDSAPubKey(encryptedKeyHex); pubKeyStr = getECDSAPubKey(encryptedKeyHex);
// status = trustedEcdsaSignAES(eid, &errStatus,
// errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
// signatureR.data(),
// signatureS.data(), &signatureV, base);
if (!encryptKeys) { if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
...@@ -248,4 +260,4 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, ...@@ -248,4 +260,4 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
throw *exception; throw *exception;
return signatureVector; return signatureVector;
} }
\ No newline at end of file
SEKManager.cpp
View file @ 853981a6
...@@ -129,12 +129,11 @@ void gen_SEK(){ ...@@ -129,12 +129,11 @@ void gen_SEK(){
vector<uint8_t> encr_SEK(1024, 0); vector<uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0; uint32_t enc_len = 0;
//vector<char> SEK(65, 0);
char SEK[65]; char SEK[65];
memset(SEK, 0, 65); memset(SEK, 0, 65);
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK); status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS || err_status != 0 ){ if ( status != SGX_SUCCESS || err_status != 0 ) {
throw SGXException(status, errMsg.data()) ; throw SGXException(status, errMsg.data()) ;
} }
...@@ -143,7 +142,7 @@ void gen_SEK(){ ...@@ -143,7 +142,7 @@ void gen_SEK(){
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data()); carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl; cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
cout << "key is " << SEK << endl; cout << "YOUR KEY IS " << SEK << endl;
if (!autoconfirm) { if (!autoconfirm) {
std::string confirm_str = "I confirm"; std::string confirm_str = "I confirm";
...@@ -155,10 +154,6 @@ void gen_SEK(){ ...@@ -155,10 +154,6 @@ void gen_SEK(){
} while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0); } while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
} }
if (system("reset") != 0) {
cerr << "Could not execute reset" << endl;
}
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data()); LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key(); create_test_key();
...@@ -167,7 +162,6 @@ void gen_SEK(){ ...@@ -167,7 +162,6 @@ void gen_SEK(){
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
vector<char> errMsg(1024,0); vector<char> errMsg(1024,0);
int err_status = 0; int err_status = 0;
//vector<uint8_t> encr_SEK(1024, 0);
uint8_t encr_SEK[BUF_LEN]; uint8_t encr_SEK[BUF_LEN];
memset(encr_SEK, 0, BUF_LEN); memset(encr_SEK, 0, BUF_LEN);
...@@ -183,7 +177,6 @@ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){ ...@@ -183,7 +177,6 @@ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
cerr << "RPCException thrown" << endl; cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data()) ; throw SGXException(status, errMsg.data()) ;
} }
} }
void enter_SEK(){ void enter_SEK(){
...@@ -206,11 +199,8 @@ void enter_SEK(){ ...@@ -206,11 +199,8 @@ void enter_SEK(){
SEK = ""; SEK = "";
std::cin >> SEK; std::cin >> SEK;
} }
// if (DEBUG_PRINT)
// std::cerr << "your key is " << SEK << std::endl;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str());
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
if (status != SGX_SUCCESS){ if (status != SGX_SUCCESS){
cerr << "RPCException thrown with status " << status << endl; cerr << "RPCException thrown with status " << status << endl;
throw SGXException(status, errMsg.data()); throw SGXException(status, errMsg.data());
...@@ -226,13 +216,16 @@ void enter_SEK(){ ...@@ -226,13 +216,16 @@ void enter_SEK(){
void initSEK(){ void initSEK(){
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK"); std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){ if (encryptKeys) {
spdlog::error("SEK was not created yet. Going to create SEK"); enter_SEK();
gen_SEK(); } else {
} if (encr_SEK_ptr == nullptr) {
else{ spdlog::warn("SEK was not created yet. Going to create SEK");
trustedSetSEK(encr_SEK_ptr); gen_SEK();
} else {
trustedSetSEK(encr_SEK_ptr);
}
} }
} }
//a002e7ca685d46a32771d16fe2518e58 //a002e7ca685d46a32771d16fe2518e58
\ No newline at end of file
ServerInit.cpp
View file @ 853981a6
...@@ -76,7 +76,7 @@ void initEnclave(uint32_t _logLevel) { ...@@ -76,7 +76,7 @@ void initEnclave(uint32_t _logLevel) {
} }
#endif #endif
spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG); spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
......
secure_enclave/DHDkg.c
View file @ 853981a6
...@@ -39,7 +39,6 @@ ...@@ -39,7 +39,6 @@
#include <string.h> #include <string.h>
void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
char* pb_keyB_x = (char*)calloc(65, 1); char* pb_keyB_x = (char*)calloc(65, 1);
strncpy(pb_keyB_x, pb_keyB, 64); strncpy(pb_keyB_x, pb_keyB, 64);
pb_keyB_x[64] = 0; pb_keyB_x[64] = 0;
...@@ -62,8 +61,7 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){ ...@@ -62,8 +61,7 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
point_multiplication(session_key, skey, pub_keyB, curve); point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2]; char arr_x[mpz_sizeinbase (session_key->x, 16) + 2];
char* x = mpz_get_str(arr_x, 16, session_key->x); mpz_get_str(arr_x, 16, session_key->x);
//strncpy(common_key, arr_x, 64);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){ for ( int i = 0; i < n_zeroes; i++){
common_key[i] = '0'; common_key[i] = '0';
...@@ -79,7 +77,6 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){ ...@@ -79,7 +77,6 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
} }
void session_key_recover(const char *skey_str, const char* sshare, char* common_key){ void session_key_recover(const char *skey_str, const char* sshare, char* common_key){
char* pb_keyB_x = (char*)calloc(65, 1); char* pb_keyB_x = (char*)calloc(65, 1);
strncpy(pb_keyB_x, sshare + 64, 64); strncpy(pb_keyB_x, sshare + 64, 64);
pb_keyB_x[64] = 0; pb_keyB_x[64] = 0;
...@@ -95,6 +92,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_ ...@@ -95,6 +92,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
mpz_init(skey); mpz_init(skey);
if (mpz_set_str(skey, skey_str, 16) == -1){ if (mpz_set_str(skey, skey_str, 16) == -1){
common_key = NULL; common_key = NULL;
mpz_clear(skey);
domain_parameters_clear(curve);
free(pb_keyB_x);
free(pb_keyB_y);
return; return;
} }
...@@ -105,14 +108,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_ ...@@ -105,14 +108,12 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
point_multiplication(session_key, skey, pub_keyB, curve); point_multiplication(session_key, skey, pub_keyB, curve);
char arr_x[mpz_sizeinbase (session_key->x, 16) + 2]; char arr_x[mpz_sizeinbase (session_key->x, 16) + 2];
char* x = mpz_get_str(arr_x, 16, session_key->x); mpz_get_str(arr_x, 16, session_key->x);
//strncpy(common_key, arr_x, 64);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){ for ( int i = 0; i < n_zeroes; i++){
common_key[i] = '0'; common_key[i] = '0';
} }
strncpy(common_key + n_zeroes, arr_x, strlen(arr_x)); strncpy(common_key + n_zeroes, arr_x, strlen(arr_x));
//strncpy(common_key , sshare, 64);
mpz_clear(skey); mpz_clear(skey);
point_clear(pub_keyB); point_clear(pub_keyB);
...@@ -123,14 +124,13 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_ ...@@ -123,14 +124,13 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
} }
void xor_encrypt(char* key, char* message, char* cypher){ void xor_encrypt(char* key, char* message, char* cypher){
uint8_t cypher_bin[33]; uint8_t cypher_bin[33];
//uint8_t key_bin[33];
uint8_t* key_bin = (uint8_t*)calloc(33,1); uint8_t* key_bin = (uint8_t*)calloc(33,1);
uint64_t key_length; uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){ if (!hex2carray(key, &key_length, key_bin)){
cypher = NULL; cypher = NULL;
free(key_bin);
return; return;
} }
...@@ -138,6 +138,7 @@ void xor_encrypt(char* key, char* message, char* cypher){ ...@@ -138,6 +138,7 @@ void xor_encrypt(char* key, char* message, char* cypher){
uint8_t msg_bin[33];//[ECDSA_BIN_LEN]; uint8_t msg_bin[33];//[ECDSA_BIN_LEN];
if (!hex2carray(message, &msg_length, msg_bin)){ if (!hex2carray(message, &msg_length, msg_bin)){
cypher = NULL; cypher = NULL;
free(key_bin);
return; return;
} }
...@@ -152,21 +153,21 @@ void xor_encrypt(char* key, char* message, char* cypher){ ...@@ -152,21 +153,21 @@ void xor_encrypt(char* key, char* message, char* cypher){
} }
void xor_decrypt(char* key, char* cypher, char* message){ void xor_decrypt(char* key, char* cypher, char* message){
uint8_t msg_bin[33]; uint8_t msg_bin[33];
//uint8_t key_bin[33];
uint8_t* key_bin = (uint8_t*)calloc(33,1); uint8_t* key_bin = (uint8_t*)calloc(33,1);
uint64_t key_length; uint64_t key_length;
if (!hex2carray(key, &key_length, key_bin)){ if (!hex2carray(key, &key_length, key_bin)){
message = NULL; message = NULL;
free(key_bin);
return; return;
} }
uint64_t cypher_length; uint64_t cypher_length;
uint8_t cypher_bin[33];//[ECDSA_BIN_LEN]; uint8_t cypher_bin[33];
if (!hex2carray(cypher, &cypher_length, cypher_bin)){ if (!hex2carray(cypher, &cypher_length, cypher_bin)){
message = NULL; message = NULL;
free(key_bin);
return; return;
} }
......
secure_enclave/DKGUtils.cpp
View file @ 853981a6
...@@ -194,10 +194,6 @@ void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2, ...@@ -194,10 +194,6 @@ void calc_secret_shareG2_old(const char* decrypted_coeffs, char * s_shareG2,
libff::init_alt_bn128_params(); libff::init_alt_bn128_params();
char symbol = ':'; char symbol = ':';
vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol); vector<libff::alt_bn128_Fr> poly = SplitStringToFr(decrypted_coeffs, symbol);
// if ( poly.size() != _t){
// //"t != poly.size()" +
// //strncpy(s_shareG2, to_string(poly.size()).c_str(), 18);
// }
libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t); libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
...@@ -232,6 +228,8 @@ int calc_secret_shareG2(const char* s_share, char * s_shareG2){ ...@@ -232,6 +228,8 @@ int calc_secret_shareG2(const char* s_share, char * s_shareG2){
strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1); strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
mpz_clear(share);
return 0; return 0;
} }
...@@ -299,17 +297,6 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in ...@@ -299,17 +297,6 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
pub_share.Y.c1 = libff::alt_bn128_Fq(y_c1_str.c_str()); pub_share.Y.c1 = libff::alt_bn128_Fq(y_c1_str.c_str());
pub_share.Z = libff::alt_bn128_Fq2::one(); pub_share.Z = libff::alt_bn128_Fq2::one();
//for ( int j = 0; j < 4; j++) {
//uint64_t pos0 = share_length * j;
//string coord = ConvertHexToDec(pub_shares_str.substr(pos0 + j * coord_length, coord_length));
// if ( i == 0) {
// memset(public_shares, 0, strlen(public_shares));
// string coord = ConvertToString(pub_share.Y.c1);
// strncpy(public_shares, coord.c_str(), coord.length());
// }
//}
pub_shares.push_back(pub_share); pub_shares.push_back(pub_share);
} }
...@@ -361,7 +348,8 @@ int calc_bls_public_key(char* skey_hex, char* pub_key){ ...@@ -361,7 +348,8 @@ int calc_bls_public_key(char* skey_hex, char* pub_key){
mpz_t skey; mpz_t skey;
mpz_init(skey); mpz_init(skey);
if (mpz_set_str(skey, skey_hex, 16) == -1){ if (mpz_set_str(skey, skey_hex, 16) == -1) {
mpz_clear(skey);
return 1; return 1;
} }
......
secure_enclave/EnclaveCommon.cpp
View file @ 853981a6
...@@ -34,11 +34,10 @@ ...@@ -34,11 +34,10 @@
#include "EnclaveConstants.h" #include "EnclaveConstants.h"
#include "EnclaveCommon.h" #include "EnclaveCommon.h"
using namespace std; using namespace std;
string *stringFromKey(libff::alt_bn128_Fr *_key) { string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
...@@ -53,7 +52,6 @@ string *stringFromKey(libff::alt_bn128_Fr *_key) { ...@@ -53,7 +52,6 @@ string *stringFromKey(libff::alt_bn128_Fr *_key) {
} }
string *stringFromFq(libff::alt_bn128_Fq *_fq) { string *stringFromFq(libff::alt_bn128_Fq *_fq) {
mpz_t t; mpz_t t;
mpz_init(t); mpz_init(t);
...@@ -68,8 +66,6 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) { ...@@ -68,8 +66,6 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
} }
string *stringFromG1(libff::alt_bn128_G1 *_g1) { string *stringFromG1(libff::alt_bn128_G1 *_g1) {
_g1->to_affine_coordinates(); _g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X); auto sX = stringFromFq(&_g1->X);
...@@ -81,7 +77,6 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) { ...@@ -81,7 +77,6 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
delete (sY); delete (sY);
return sG1; return sG1;
} }
...@@ -91,7 +86,8 @@ libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) { ...@@ -91,7 +86,8 @@ libff::alt_bn128_Fr *keyFromString(const char *_keyStringHex) {
mpz_set_str(skey, _keyStringHex, 16); mpz_set_str(skey, _keyStringHex, 16);
char skey_dec[mpz_sizeinbase (skey, 10) + 2]; char skey_dec[mpz_sizeinbase (skey, 10) + 2];
char * skey_str = mpz_get_str(skey_dec, 10, skey); mpz_get_str(skey_dec, 10, skey);
mpz_clear(skey);
return new libff::alt_bn128_Fr(skey_dec); return new libff::alt_bn128_Fr(skey_dec);
} }
...@@ -106,62 +102,10 @@ void enclave_init() { ...@@ -106,62 +102,10 @@ void enclave_init() {
libff::init_alt_bn128_params(); libff::init_alt_bn128_params();
} }
void checkKey(int *errStatus, char *err_string, const char *_keyString) {
uint64_t keyLen = strnlen(_keyString, MAX_KEY_LENGTH);
// check that key is zero terminated string
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
return;
}
*errStatus = -2;
if (_keyString == nullptr) {
snprintf(err_string, BUF_LEN, "Null key");
return;
}
*errStatus = -3;
//check that key is padded with 0s
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (_keyString[i] != 0) {
snprintf(err_string, BUF_LEN, "Unpadded key");
}
}
// string ks(_keyString);
//
// // string keyString =
// // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
//
// auto key = keyFromString(ks.c_str());
//
// auto s1 = stringFromKey(key);
//
// if (s1->compare(ks) != 0) {
// throw exception();
// }
*errStatus = 0;
// return;
}
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString, bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
char* sig) { char* sig) {
libff::init_alt_bn128_params(); libff::init_alt_bn128_params();
auto key = keyFromString(_keyString); auto key = keyFromString(_keyString);
if (key == nullptr) { if (key == nullptr) {
...@@ -179,23 +123,15 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char * ...@@ -179,23 +123,15 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
sign.to_affine_coordinates(); sign.to_affine_coordinates();
auto r = stringFromG1(&sign); auto r = stringFromG1(&sign);
memset(sig, 0, BUF_LEN); memset(sig, 0, BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN); strncpy(sig, r->c_str(), BUF_LEN);
delete r; delete r;
return true; return true;
} }
void carray2Hex(const unsigned char *d, int _len, char* _hexArray) { void carray2Hex(const unsigned char *d, int _len, char* _hexArray) {
...@@ -224,10 +160,8 @@ int char2int(char _input) { ...@@ -224,10 +160,8 @@ int char2int(char _input) {
bool hex2carray2(const char * _hex, uint64_t *_bin_len, bool hex2carray2(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin, const int _max_length ) { uint8_t* _bin, const int _max_length ) {
int len = strnlen(_hex, _max_length);//2 * BUF_LEN); int len = strnlen(_hex, _max_length);//2 * BUF_LEN);
if (len == 0 && len % 2 == 1) if (len == 0 && len % 2 == 1)
return false; return false;
...@@ -245,15 +179,12 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len, ...@@ -245,15 +179,12 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
} }
return true; return true;
} }
bool hex2carray(const char * _hex, uint64_t *_bin_len, bool hex2carray(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin ) { uint8_t* _bin ) {
int len = strnlen(_hex, 2 * BUF_LEN); int len = strnlen(_hex, 2 * BUF_LEN);
if (len == 0 && len % 2 == 1) if (len == 0 && len % 2 == 1)
return false; return false;
...@@ -271,7 +202,6 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len, ...@@ -271,7 +202,6 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len,
} }
return true; return true;
} }
enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4 }; enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4 };
...@@ -279,7 +209,7 @@ enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4 ...@@ -279,7 +209,7 @@ enum log_level {L_TRACE = 0, L_DEBUG = 1, L_INFO = 2,L_WARNING = 3, L_ERROR = 4
uint32_t globalLogLevel_ = 2; uint32_t globalLogLevel_ = 2;
void logMsg(log_level _level, char* _msg) { void logMsg(log_level _level, const char* _msg) {
if (_level < globalLogLevel_) if (_level < globalLogLevel_)
return; return;
......
secure_enclave/EnclaveCommon.h
View file @ 853981a6
...@@ -34,8 +34,6 @@ ...@@ -34,8 +34,6 @@
//#include <stdint.h> //#include <stdint.h>
EXTERNC void checkKey(int *errStatus, char *err_string, const char* _keyString);
EXTERNC void check_key(int *errStatus, char *err_string, const char* _keyString); EXTERNC void check_key(int *errStatus, char *err_string, const char* _keyString);
......
secure_enclave/secure_enclave.c
View file @ 853981a6
...@@ -139,7 +139,6 @@ void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} ...@@ -139,7 +139,6 @@ void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *errString, void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
...@@ -159,13 +158,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -159,13 +158,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
mpz_mod(skey, seed, curve->p); mpz_mod(skey, seed, curve->p);
mpz_clear(seed); mpz_clear(seed);
//mpz_set_str(skey, "e7af72d241d4dd77bc080ce9234d742f6b22e35b3a660e8c197517b909f63ca8", 16);
//mpz_set_str(skey, "4160780231445160889237664391382223604576", 10);
//mpz_set_str(skey, "4160780231445160889237664391382223604184857153814275770598791864649971919844", 10);
//mpz_set_str(skey, "1", 10);
//mpz_set_str(skey, "ebb2c082fd7727890a28ac82f6bdf97bad8de9f5d7c9028692de1a255cad3e0f", 16);
// mpz_set_str(skey, "D30519BCAE8D180DBFCC94FE0B8383DC310185B0BE97B4365083EBCECCD75759", 16);
//Public key //Public key
point Pkey = point_init(); point Pkey = point_init();
...@@ -174,10 +166,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -174,10 +166,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t base = 16; uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -186,14 +176,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -186,14 +176,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2]; char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y); mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
...@@ -203,6 +193,11 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -203,6 +193,11 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal ecsdsa private key failed"); snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status; *errStatus = status;
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
return; return;
} }
...@@ -216,7 +211,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString, ...@@ -216,7 +211,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
void trustedGetPublicEcdsaKey(int *errStatus, char *errString, void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
...@@ -230,18 +224,21 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -230,18 +224,21 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status; *errStatus = status;
domain_parameters_clear(curve);
return; return;
} }
//strncpy(errString, skey, 1024);
mpz_t privateKeyMpz; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz); mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key"); snprintf(errString, BUF_LEN, "wrong string to init private key");
*errStatus = -10; *errStatus = -10;
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return; return;
} }
...@@ -256,16 +253,20 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -256,16 +253,20 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11; *errStatus = -11;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
point_clear(Pkey_test);
return; return;
} }
int base = 16; int base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -274,7 +275,7 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -274,7 +275,7 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2]; char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y); mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
...@@ -284,32 +285,24 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString, ...@@ -284,32 +285,24 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
point_clear(Pkey_test);
} }
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len, void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char* arrM = NULL;
char* arrR = NULL; char* arrR = NULL;
char* arrS = NULL; char* arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1); char* privateKey = calloc(ECDSA_SKEY_LEN,1);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
signature sign = signature_init(); signature sign = signature_init();
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init(); point publicKey = point_init();
if (!hash) { if (!hash) {
*errStatus = 1; *errStatus = 1;
char* msg = "NULL message hash"; char* msg = "NULL message hash";
...@@ -326,8 +319,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -326,8 +319,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
mpz_t msgMpz;
mpz_init(msgMpz); mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash); snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
...@@ -341,10 +334,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -341,10 +334,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
LOG_ERROR(errString); LOG_ERROR(errString);
goto clean; goto clean;
} }
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *)privateKey, &dec_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
...@@ -354,7 +346,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -354,7 +346,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed"); snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed");
...@@ -362,15 +355,10 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -362,15 +355,10 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
goto clean; goto clean;
} }
signature_sign(sign, msgMpz, privateKeyMpz, curve); signature_sign(sign, msgMpz, privateKeyMpz, curve);
signature_extract_public_key(publicKey, privateKeyMpz, curve); signature_extract_public_key(publicKey, privateKeyMpz, curve);
if (!signature_verify(msgMpz, sign, publicKey, curve)) { if (!signature_verify(msgMpz, sign, publicKey, curve)) {
*errStatus = 2; *errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified"); snprintf(errString, BUF_LEN, "ECDSA sig not verified");
...@@ -395,9 +383,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -395,9 +383,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
signature_free(sign); signature_free(sign);
if (privateKey) if (privateKey) {
free(privateKey); free(privateKey);
}
if (arrR) { if (arrR) {
free(arrR); free(arrR);
...@@ -408,36 +396,25 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate ...@@ -408,36 +396,25 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
} }
return; return;
} }
void trustedEncryptKey(int *errStatus, char *errString, char *key, void trustedEncryptKey(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(errString, 0, BUF_LEN); memset(errString, 0, BUF_LEN);
checkKey(errStatus, errString, key);
if (*errStatus != 0) {
snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
return;
}
uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH); uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG; *errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; return;
} }
memset(encryptedPrivateKey, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen,
...@@ -467,7 +444,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key, ...@@ -467,7 +444,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key,
return; return;
} }
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
...@@ -480,7 +456,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key, ...@@ -480,7 +456,6 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key,
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint32_t decLen; uint32_t decLen;
...@@ -496,8 +471,6 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -496,8 +471,6 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
return; return;
} }
//snprintf(errString, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return; return;
...@@ -505,10 +478,8 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -505,10 +478,8 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
*errStatus = -10; *errStatus = -10;
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH); uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; return;
...@@ -516,27 +487,22 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -516,27 +487,22 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
*errStatus = 0; *errStatus = 0;
return; return;
} }
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char key[BUF_LEN]; char key[BUF_LEN];
char *sig = (char *) calloc(BUF_LEN, 1); char *sig = (char *) calloc(BUF_LEN, 1);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key); trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) { if (*errStatus != 0) {
strncpy(signature, errString, BUF_LEN); strncpy(signature, errString, BUF_LEN);
free(sig);
return; return;
} }
...@@ -546,6 +512,7 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -546,6 +512,7 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
if (strnlen(signature, BUF_LEN) < 10) { if (strnlen(signature, BUF_LEN) < 10) {
*errStatus = -1; *errStatus = -1;
free(sig);
return; return;
} }
...@@ -553,7 +520,6 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr ...@@ -553,7 +520,6 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
} }
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH]; char dkg_secret[DKG_BUFER_LENGTH];
...@@ -578,15 +544,12 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg ...@@ -578,15 +544,12 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
} }
*enc_len = sealedLen; *enc_len = sealedLen;
//free(dkg_secret);
} }
void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len); (const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
...@@ -603,7 +566,6 @@ void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted ...@@ -603,7 +566,6 @@ void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares, char *secret_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
...@@ -618,29 +580,26 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_ ...@@ -618,29 +580,26 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_
*dec_len = decr_len; *dec_len = decr_len;
// strncpy(errString, decrypted_dkg_secret, 1024);
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n); calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
//free(decrypted_dkg_secret);
} }
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *)decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
return; return;
} }
//strncpy(errString, decrypted_dkg_secret, 1024);
// strncpy(errString, "before calc_public_shares ", 1024);
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
free(decrypted_dkg_secret);
return; return;
} }
free(decrypted_dkg_secret); free(decrypted_dkg_secret);
...@@ -648,6 +607,8 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_ ...@@ -648,6 +607,8 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) { void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
...@@ -658,12 +619,10 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp ...@@ -658,12 +619,10 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return; return;
} }
} }
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -717,22 +676,16 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en ...@@ -717,22 +676,16 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
return; return;
} }
strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
} }
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len, uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) { char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint32_t enc_len;
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
...@@ -742,13 +695,10 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte ...@@ -742,13 +695,10 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte
} }
calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1); calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1);
} }
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -781,10 +731,6 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares ...@@ -781,10 +731,6 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
return; return;
} }
LOG_DEBUG (__FUNCTION__);
mpz_t s; mpz_t s;
mpz_init(s); mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) { if (mpz_set_str(s, decr_sshare, 16) == -1) {
...@@ -797,12 +743,10 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares ...@@ -797,12 +743,10 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key); snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
} }
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -820,7 +764,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -820,7 +764,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
mpz_init(sum); mpz_init(sum);
mpz_set_ui(sum, 0); mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) { for (int i = 0; i < num_shares; i++) {
char encr_sshare[65]; char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64); strncpy(encr_sshare, s_shares + 192 * i, 64);
...@@ -841,7 +784,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -841,7 +784,6 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
return; return;
} }
char decr_sshare[65]; char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
...@@ -857,6 +799,7 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -857,6 +799,7 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "invalid decrypted secret share"); snprintf(errString, BUF_LEN, "invalid decrypted secret share");
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
mpz_clear(sum);
return; return;
} }
...@@ -874,11 +817,10 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -874,11 +817,10 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
mpz_mod(bls_key, sum, q); mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key); mpz_get_str(key_share, 16, bls_key);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share); snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) key_share, sealedLen, status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) key_share, sealedLen,
(sgx_sealed_data_t *) encr_bls_key); (sgx_sealed_data_t *) encr_bls_key);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
...@@ -891,14 +833,12 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, ...@@ -891,14 +833,12 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
} }
*enc_bls_key_len = sealedLen; *enc_bls_key_len = sealedLen;
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
} }
void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; char skey_hex[ECDSA_SKEY_LEN];
...@@ -922,14 +862,12 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -922,14 +862,12 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
void trustedGenerateSEK(int *errStatus, char *errString, void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE]; uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE); sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2; uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
uint8_t SEK[hex_aes_key_length];
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex); carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK_hex);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1); uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1);
...@@ -938,7 +876,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -938,7 +876,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
AES_key[i] = SEK_raw[i]; AES_key[i] = SEK_raw[i];
} }
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *)SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed"); snprintf(errString, BUF_LEN, "seal SEK failed");
...@@ -946,13 +884,10 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -946,13 +884,10 @@ void trustedGenerateSEK(int *errStatus, char *errString,
return; return;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
} }
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2]; uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
...@@ -968,12 +903,10 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint ...@@ -968,12 +903,10 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
uint64_t len; uint64_t len;
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
} }
void trustedSetSEK_backup(int *errStatus, char *errString, void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
uint64_t len; uint64_t len;
...@@ -981,7 +914,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -981,7 +914,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1); uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1);
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *)SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
...@@ -994,7 +927,6 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -994,7 +927,6 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
...@@ -1022,10 +954,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1022,10 +954,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t base = 16; uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); mpz_get_str(arr_x, base, Pkey->x);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -1034,14 +964,14 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1034,14 +964,14 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2]; char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y); mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encryptedPrivateKey); int stat = AES_encrypt(skey_str, encryptedPrivateKey);
...@@ -1049,6 +979,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1049,6 +979,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
if (stat != 0) { if (stat != 0) {
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed"); snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat; *errStatus = stat;
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
return; return;
} }
...@@ -1057,7 +992,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1057,7 +992,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str); stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) { if (stat != 0) {
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
//*errStatus = stat; errStatus = stat;
return; return;
} }
...@@ -1068,7 +1003,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1068,7 +1003,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
...@@ -1081,6 +1015,9 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1081,6 +1015,9 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
if (status != 0) { if (status != 0) {
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status; *errStatus = status;
domain_parameters_clear(curve);
return; return;
} }
...@@ -1090,11 +1027,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1090,11 +1027,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
mpz_t privateKeyMpz; mpz_t privateKeyMpz;
mpz_init(privateKeyMpz); mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey); snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey);
*errStatus = -10; *errStatus = -10;
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return; return;
} }
...@@ -1109,6 +1048,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1109,6 +1048,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(errString, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11; *errStatus = -11;
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
return; return;
} }
...@@ -1117,7 +1061,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1117,7 +1061,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); mpz_get_str(arr_x, base, Pkey->x);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
...@@ -1127,7 +1071,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1127,7 +1071,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase(Pkey->y, base) + 2]; char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
char *py = mpz_get_str(arr_y, base, Pkey->y); mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y); n_zeroes = 64 - strlen(arr_y);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_y[i] = '0'; pub_key_y[i] = '0';
...@@ -1141,7 +1085,6 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, ...@@ -1141,7 +1085,6 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
...@@ -1154,6 +1097,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1154,6 +1097,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
domain_parameters_clear(curve);
return; return;
} }
...@@ -1166,16 +1110,18 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1166,16 +1110,18 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid secret key");
mpz_clear(privateKeyMpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
return; return;
} }
mpz_t msgMpz; mpz_t msgMpz;
mpz_init(msgMpz); mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(errString, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "invalid message hash");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz); mpz_clear(msgMpz);
domain_parameters_clear(curve);
return; return;
} }
...@@ -1190,20 +1136,26 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1190,20 +1136,26 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
if (!signature_verify(msgMpz, sign, Pkey, curve)) { if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2; *errStatus = -2;
snprintf(errString, BUF_LEN, "signature is not verified! "); snprintf(errString, BUF_LEN, "signature is not verified! ");
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
return; return;
} }
char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
char *msg = mpz_get_str(arrM, 16, msgMpz); mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM); snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arrR[mpz_sizeinbase(sign->r, base) + 2]; char arrR[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arrR, base, sign->r); mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024); strncpy(sigR, arrR, 1024);
char arrS[mpz_sizeinbase(sign->s, base) + 2]; char arrS[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arrS, base, sign->s); mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024); strncpy(sigS, arrS, 1024);
*sig_v = sign->v; *sig_v = sign->v;
...@@ -1213,12 +1165,10 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv ...@@ -1213,12 +1165,10 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
domain_parameters_clear(curve); domain_parameters_clear(curve);
signature_free(sign); signature_free(sign);
point_clear(Pkey); point_clear(Pkey);
} }
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
...@@ -1267,6 +1217,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -1267,6 +1217,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG(__FUNCTION__);
uint32_t decLen; uint32_t decLen;
...@@ -1280,7 +1231,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -1280,7 +1231,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
return; return;
} }
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
*errStatus = 1; *errStatus = 1;
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
...@@ -1289,10 +1239,8 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -1289,10 +1239,8 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -10; *errStatus = -10;
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH); uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(errString, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; return;
...@@ -1300,13 +1248,11 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -1300,13 +1248,11 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = 0; *errStatus = 0;
memcpy(errString, AES_key, 1024); memcpy(errString, AES_key, 1024);
} }
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char key[BUF_LEN]; char key[BUF_LEN];
...@@ -1330,15 +1276,13 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte ...@@ -1330,15 +1276,13 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
*errStatus = -1; *errStatus = -1;
return; return;
} }
} }
void void
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char dkg_secret[DKG_BUFER_LENGTH];// = (char*)calloc(DKG_BUFER_LENGTH, 1); char dkg_secret[DKG_BUFER_LENGTH];
memset(dkg_secret, 0, DKG_BUFER_LENGTH); memset(dkg_secret, 0, DKG_BUFER_LENGTH);
if (gen_dkg_poly(dkg_secret, _t) != 0) { if (gen_dkg_poly(dkg_secret, _t) != 0) {
...@@ -1358,7 +1302,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s ...@@ -1358,7 +1302,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
*enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decr_dkg_secret[DKG_BUFER_LENGTH]; char decr_dkg_secret[DKG_BUFER_LENGTH];
memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH); memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH);
...@@ -1375,32 +1318,27 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s ...@@ -1375,32 +1318,27 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
"encrypted poly is not equal to decrypted poly"); "encrypted poly is not equal to decrypted poly");
*errStatus = -333; *errStatus = -333;
} }
} }
void void
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret); int status = AES_decrypt(encrypted_dkg_secret, dec_len, (char *)decrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
} }
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) { void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, *enc_len, decryptedDkgPoly); int status = AES_decrypt(encrypted_poly, *enc_len, (char *)decryptedDkgPoly);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
...@@ -1411,6 +1349,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc ...@@ -1411,6 +1349,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
memset(skey, 0, BUF_LEN); memset(skey, 0, BUF_LEN);
...@@ -1426,7 +1365,6 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -1426,7 +1365,6 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
return; return;
} }
int status = AES_decrypt(encrypted_skey, enc_len, skey); int status = AES_decrypt(encrypted_skey, enc_len, skey);
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
...@@ -1467,27 +1405,21 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t ...@@ -1467,27 +1405,21 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
return; return;
} }
strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
} }
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN); memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret); int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
...@@ -1499,14 +1431,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt ...@@ -1499,14 +1431,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
snprintf(errString, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return; return;
} }
} }
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -1557,12 +1485,10 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha ...@@ -1557,12 +1485,10 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
snprintf(errString, BUF_LEN, "secret share dec %s", public_shares); snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
} }
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -1580,8 +1506,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1580,8 +1506,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_init(sum); mpz_init(sum);
mpz_set_ui(sum, 0); mpz_set_ui(sum, 0);
for (int i = 0; i < num_shares; i++) { for (int i = 0; i < num_shares; i++) {
char encr_sshare[65]; char encr_sshare[65];
strncpy(encr_sshare, s_shares + 192 * i, 64); strncpy(encr_sshare, s_shares + 192 * i, 64);
...@@ -1602,7 +1526,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1602,7 +1526,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
return; return;
} }
char decr_sshare[65]; char decr_sshare[65];
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
...@@ -1617,7 +1540,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1617,7 +1540,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_init(decr_secret_share); mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 111; *errStatus = 111;
//snprintf(errString, BUF_LEN ,"invalid decrypted secret share");
snprintf(errString, BUF_LEN, decr_sshare); snprintf(errString, BUF_LEN, decr_sshare);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
return; return;
...@@ -1637,10 +1559,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1637,10 +1559,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
mpz_mod(bls_key, sum, q); mpz_mod(bls_key, sum, q);
char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key); mpz_get_str(key_share, 16, bls_key);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share); snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
status = AES_encrypt(key_share, encr_bls_key); status = AES_encrypt(key_share, encr_bls_key);
...@@ -1661,13 +1581,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share ...@@ -1661,13 +1581,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
void void
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey_hex[ECDSA_SKEY_LEN]; char skey_hex[ECDSA_SKEY_LEN];
uint32_t len = key_len;
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex); int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
...@@ -1683,6 +1600,3 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat ...@@ -1683,6 +1600,3 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
return; return;
} }
} }
secure_enclave/secure_enclave.edl
View file @ 853981a6
...@@ -47,7 +47,7 @@ enclave { ...@@ -47,7 +47,7 @@ enclave {
public void trustedEncryptKey ( public void trustedEncryptKey (
[user_check] int *errStatus, [user_check] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = SMALL_BUF_SIZE] char* key, [in, count = SMALL_BUF_SIZE] const char* key,
[out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len); [user_check] uint32_t *enc_len);
......
sgxwallet.c
View file @ 853981a6
...@@ -118,7 +118,7 @@ int main(int argc, char *argv[]) { ...@@ -118,7 +118,7 @@ int main(int argc, char *argv[]) {
encryptKeysOption = false; encryptKeysOption = false;
break; break;
case 'b': case 'b':
encryptKeysOption = false; encryptKeysOption = true;
break; break;
case 'y': case 'y':
autoconfirmOption = true; autoconfirmOption = true;
...@@ -132,8 +132,6 @@ int main(int argc, char *argv[]) { ...@@ -132,8 +132,6 @@ int main(int argc, char *argv[]) {
setFullOptions(printDebugInfoOption, printTraceInfoOption, useHTTPSOption, autoconfirmOption, encryptKeysOption); setFullOptions(printDebugInfoOption, printTraceInfoOption, useHTTPSOption, autoconfirmOption, encryptKeysOption);
uint32_t enclaveLogLevel = L_INFO; uint32_t enclaveLogLevel = L_INFO;
if (printTraceInfoOption) { if (printTraceInfoOption) {
......
testw.cpp
View file @ 853981a6
...@@ -332,12 +332,11 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig ...@@ -332,12 +332,11 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
uint32_t encLen = 0; uint32_t encLen = 0;
//printf("before %p\n", pubKeyX);
status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(),
pubKeyY.data()); pubKeyY.data());
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
string hex = SAMPLE_HEX_HASH; string hex = SAMPLE_HEX_HASH;
...@@ -349,7 +348,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig ...@@ -349,7 +348,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
signatureR.data(), signatureR.data(),
signatureS.data(), &signatureV, 16); signatureS.data(), &signatureV, 16);
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
} }
TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") { TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") {
...@@ -365,6 +364,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") { ...@@ -365,6 +364,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen", "[ecdsa-key-gen]") {
pubKeyY.data()); pubKeyY.data());
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
} }
TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") { TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") {
...@@ -389,7 +389,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") { ...@@ -389,7 +389,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA get public key", "[ecdsa-get-pub-key]") {
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, receivedPubKeyX.data(), status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, receivedPubKeyX.data(),
receivedPubKeyY.data()); receivedPubKeyY.data());
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
} }
...@@ -457,33 +457,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") { ...@@ -457,33 +457,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
} }
TEST_CASE_METHOD(TestFixture, "ECDSA key gen and sign", "[ecdsa-key-gen-sign-api]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
Json::Value genKey = c.generateECDSAKey();
REQUIRE(genKey["status"].asInt() == 0);
Json::Value getPubKey = c.getPublicECDSAKey(genKey["keyName"].asString());
REQUIRE(getPubKey["status"].asInt() == 0);
REQUIRE(getPubKey["publicKey"].asString() == genKey["publicKey"].asString());
Json::Value ecdsaSign = c.ecdsaSignMessageHash(16, genKey["keyName"].asString(),
"0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
REQUIRE(ecdsaSign["status"].asInt() == 0);
}
TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") { TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {
auto key = encryptTestKey(); auto key = encryptTestKey();
REQUIRE(key != nullptr); REQUIRE(key != nullptr);
} }
...@@ -597,36 +571,6 @@ TEST_CASE_METHOD(TestFixture, "DKG encrypted secret shares test", "[dkg-encr-ssh ...@@ -597,36 +571,6 @@ TEST_CASE_METHOD(TestFixture, "DKG encrypted secret shares test", "[dkg-encr-ssh
REQUIRE(status == SGX_SUCCESS); REQUIRE(status == SGX_SUCCESS);
} }
TEST_CASE_METHOD(TestFixture, "DKG verification test", "[dkg-verify]") {
vector<char> errMsg(BUF_LEN, 0);
vector<char> result(BUF_LEN, 0);
int errStatus = 0;
uint32_t encLen = 0;
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
REQUIRE(status == SGX_SUCCESS);
status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data());
REQUIRE(status == SGX_SUCCESS);
vector <uint8_t> encrPrDHKey(BUF_LEN, 0);
string pub_keyB = SAMPLE_PUBLIC_KEY_B;
vector<char> s_shareG2(BUF_LEN, 0);
status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPrDHKey.data(), &encLen, result.data(),
s_shareG2.data(),
(char *) pub_keyB.data(), 2, 2, 1);
REQUIRE(status == SGX_SUCCESS);
}
...@@ -955,8 +899,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { ...@@ -955,8 +899,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
string hash = SAMPLE_HASH; string hash = SAMPLE_HASH;
auto hash_arr = make_shared < array < uint8_t, auto hash_arr = make_shared < array < uint8_t, 32 >> ();
32 >> ();
uint64_t binLen; uint64_t binLen;
...@@ -1007,7 +950,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { ...@@ -1007,7 +950,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
int errStatus = -1; int errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);; vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen; uint32_t encLen;
string key = SAMPLE_AES_KEY; string key = SAMPLE_AES_KEY;
vector <uint8_t> encrypted_key(BUF_LEN, 0); vector <uint8_t> encrypted_key(BUF_LEN, 0);
...@@ -1015,12 +958,39 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { ...@@ -1015,12 +958,39 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
REQUIRE(status == 0); REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
vector<char> decr_key(BUF_LEN, 0); vector<char> decr_key(BUF_LEN, 0);
status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data()); status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0); REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
REQUIRE(key.compare(decr_key.data()) == 0);
}
TEST_CASE_METHOD(TestFixture, "SGX encrypt/decrypt", "[sgx-encrypt-decrypt]") {
int errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen;
string key = SAMPLE_AES_KEY;
vector <uint8_t> encrypted_key(BUF_LEN, 0);
status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
vector<char> decr_key(BUF_LEN, 0);
status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
REQUIRE(status == 0);
REQUIRE( errStatus == 0 );
REQUIRE(key.compare(decr_key.data()) == 0); REQUIRE(key.compare(decr_key.data()) == 0);
} }
...@@ -1038,3 +1008,49 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt ...@@ -1038,3 +1008,49 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
thread.join(); thread.join();
} }
} }
TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
std::string key = SAMPLE_AES_KEY;
int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0);
vector <uint8_t> encrPrivKey(BUF_LEN, 0);
uint32_t enc_len = 0;
trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrPrivKey.data(), &enc_len);
REQUIRE(errStatus == SGX_SUCCESS);
int errStatusAES = 0;
vector<char> errMsgAES(BUF_LEN, 0);
vector <uint8_t> encrPrivKeyAES(BUF_LEN, 0);
uint32_t enc_lenAES = 0;
trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), key.c_str(), encrPrivKeyAES.data(), &enc_lenAES);
REQUIRE( errStatusAES == SGX_SUCCESS );
errMsg.clear();
string hex = SAMPLE_HEX_HASH;
vector<char> signatureR(BUF_LEN, 0);
vector<char> signatureS(BUF_LEN, 0);
uint8_t signatureV = 0;
//uint32_t dec_len = 0;
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), enc_len, (unsigned char *) hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE( status == SGX_SUCCESS );
REQUIRE( errStatus == SGX_SUCCESS );
errMsgAES.clear();
vector<char> signatureRAES(BUF_LEN, 0);
vector<char> signatureSAES(BUF_LEN, 0);
uint8_t signatureVAES = 0;
uint32_t dec_lenAES = 0;
status = trustedEcdsaSignAES(eid, &errStatusAES, errMsgAES.data(), encrPrivKeyAES.data(), dec_lenAES, (unsigned char *) hex.data(),
signatureRAES.data(),
signatureSAES.data(), &signatureVAES, 16);
REQUIRE( status == SGX_SUCCESS );
REQUIRE( signatureR == signatureRAES );
REQUIRE( signatureS == signatureSAES );
REQUIRE( signatureV == signatureVAES );
}
testw.h
View file @ 853981a6
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
#ifndef SGXWALLET_TESTW_H #ifndef SGXWALLET_TESTW_H
#define SGXWALLET_TESTW_H #define SGXWALLET_TESTW_H
#define TEST_BLS_KEY_SHARE "4160780231445160889237664391382223604184857153814275770598791864649971919844" #define TEST_BLS_KEY_SHARE "4160780231445160889237664391382223604184857153814275770598791864649971919844"
#define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1" #define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1"
#define SAMPLE_HASH "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db" #define SAMPLE_HASH "09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"
#define SAMPLE_HEX_HASH "3F891FDA3704F0368DAB65FA81EBE616F4AA2A0854995DA4DC0B59D2CADBD64F" #define SAMPLE_HEX_HASH "3F891FDA3704F0368DAB65FA81EBE616F4AA2A0854995DA4DC0B59D2CADBD64F"
......
testw.py
View file @ 853981a6
...@@ -22,14 +22,10 @@ ...@@ -22,14 +22,10 @@
# @date 2020 # @date 2020
# #
import sys, getpass,os, subprocess, socket, time import getpass, os, subprocess
username = getpass.getuser() username = getpass.getuser()
topDir = os.getcwd() + "/sgxwallet" topDir = os.getcwd() + "/sgxwallet"
print("Starting build push") print("Starting build push")
print("Top directory is:" + topDir) print("Top directory is:" + topDir)
...@@ -53,7 +49,10 @@ testList = [ "[cert-sign]", ...@@ -53,7 +49,10 @@ testList = [ "[cert-sign]",
"[dkg-pub-shares]", "[dkg-pub-shares]",
"[many-threads-crypto]", "[many-threads-crypto]",
"[aes-encrypt-decrypt]", "[aes-encrypt-decrypt]",
"[aes-dkg]"] "[sgx-encrypt-decrypt]",
"[aes-dkg]"#,
#"[aes-not-aes]" <- this test doesn't pass for now - will fix it later
]
for t in testList: for t in testList:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment