SKALE-2977 fix hash ecdsa

ECDSACrypto.cpp

@@ -179,16 +179,17 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
     }
 
     status = trustedEcdsaSignAES(eid, &errStatus,
-            errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
+            errMsg.data(), encryptedKey.data(), decLen, hashHex,
                                  signatureR.data(),
                                  signatureS.data(), &signatureV, base);
 
     if (errStatus != 0) {
+        spdlog::error("failed to sign {}", errStatus);
         throw SGXException(666, errMsg.data());
     }
 
     if (status != SGX_SUCCESS) {
-        spdlog::error("failed to sign {}", status);
+        spdlog::error("failed to sign in enclave {}", status);
         throw SGXException(666, "failed to sign");
     }
     signatureVector.at(0) = to_string(signatureV);
@@ -205,6 +206,7 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
     pubKeyStr = getECDSAPubKey(encryptedKeyHex);
 
     if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
+        spdlog::error("failed to verify ecdsa signature");
         throw SGXException(667, "ECDSA did not verify");
     }
 

Log.h

@@ -78,9 +78,9 @@ public:
 #define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
         catch (exception  &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
 
-#define READ_LOCK(__M__)   ReadLock __rlock(__M__);
-#define WRITE_LOCK(__M__)  WriteLock __wlock(__M__);
-#define LOCK(__M__)  lock_guard<recursive_mutex> lock(__M__);
+#define READ_LOCK(__M__) ReadLock __rlock(__M__);
+#define WRITE_LOCK(__M__) WriteLock __wlock(__M__);
+#define LOCK(__M__) lock_guard<recursive_mutex> lock(__M__);
 
 #endif
 

SGXWalletServer.cpp

@@ -339,9 +339,9 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
         if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
             hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
         }
-        while (hashTmp[0] == '0') {
-            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
-        }
+//        while (hashTmp[0] == '0') {
+//            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
+//        }
 
         if (!checkECDSAKeyName(_keyName)) {
             throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
@@ -546,11 +546,11 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
         if (!check_n_t(_t, _n)) {
             throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
         }
-        vector< string > sshares_vect;
+        vector<string> sshares_vect;
 
         spdlog::debug("secret shares from json are - {}", _secretShare);
 
-        shared_ptr< string > encryptedKeyHex_ptr = readFromDb(_ethKeyName);
+        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
 
         bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
         if (res) {
@@ -579,11 +579,11 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
         if (!checkName(_blsKeyName, "BLS_KEY")) {
             throw SGXException(INVALID_BLS_NAME, "Invalid BLSKey name");
         }
-        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
+        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
         spdlog::debug("encr_bls_key_share is {}", *encryptedKeyHex_ptr);
         spdlog::debug("length is {}", encryptedKeyHex_ptr->length());
 
-        vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
+        vector<string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
         for (uint8_t i = 0; i < 4; i++) {
             result["blsPublicKeyShare"][i] = public_key_vect.at(i);
         }

SGXWalletServer.hpp

@@ -28,8 +28,8 @@
 #include <boost/thread/shared_mutex.hpp>
 
 typedef boost::shared_mutex Lock;
-typedef boost::unique_lock< Lock >  WriteLock;
-typedef boost::shared_lock< Lock >  ReadLock;
+typedef boost::unique_lock< Lock > WriteLock;
+typedef boost::shared_lock< Lock > ReadLock;
 
 #include <jsonrpccpp/server/connectors/httpserver.h>
 #include <mutex>

secure_enclave/secure_enclave.c

@@ -1097,17 +1097,12 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
     point_clear(Pkey_test);
 }
 
-static uint64_t sigCounter = 0;
-static domain_parameters ecdsaCurve = NULL;
-
 void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
-                         unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
+                         const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
     LOG_DEBUG(__FUNCTION__);
 
-    if (!ecdsaCurve) {
-        ecdsaCurve = domain_parameters_init();
-        domain_parameters_load_curve(ecdsaCurve, secp256k1);
-    }
+    domain_parameters ecdsaCurve = domain_parameters_init();
+    domain_parameters_load_curve(ecdsaCurve, secp256k1);
 
     char skey[ECDSA_SKEY_LEN];
 
@@ -1116,6 +1111,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
     if (status != 0) {
         *errStatus = status;
         snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
+        domain_parameters_clear(ecdsaCurve);
         return;
     }
 
@@ -1129,6 +1125,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
         snprintf(errString, BUF_LEN, "invalid secret key");
         LOG_ERROR(skey);
         mpz_clear(privateKeyMpz);
+        domain_parameters_clear(ecdsaCurve);
         return;
     }
 
@@ -1140,6 +1137,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 
         mpz_clear(privateKeyMpz);
         mpz_clear(msgMpz);
+        domain_parameters_clear(ecdsaCurve);
 
         return;
     }
@@ -1148,30 +1146,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 
     signature_sign(sign, msgMpz, privateKeyMpz, ecdsaCurve);
 
-    sigCounter++;
-
-    if (sigCounter % 1000 == 0) {
-
-        point Pkey = point_init();
-
-        signature_extract_public_key(Pkey, privateKeyMpz, ecdsaCurve);
-
-        if (!signature_verify(msgMpz, sign, Pkey, ecdsaCurve)) {
-            *errStatus = -2;
-            snprintf(errString, BUF_LEN, "signature is not verified! ");
-
-            mpz_clear(privateKeyMpz);
-            mpz_clear(msgMpz);
-            domain_parameters_clear(ecdsaCurve);
-            signature_free(sign);
-            point_clear(Pkey);
-
-            return;
-        }
-
-        point_clear(Pkey);
-    }
-
     char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
     mpz_get_str(arrM, 16, msgMpz);
     snprintf(errString, BUF_LEN, "message is %s ", arrM);
@@ -1189,6 +1163,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
     mpz_clear(privateKeyMpz);
     mpz_clear(msgMpz);
     signature_free(sign);
+    domain_parameters_clear(ecdsaCurve);
 }
 
 void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,

secure_enclave/secure_enclave.edl

@@ -204,7 +204,7 @@ enclave {
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                 uint32_t enc_len,
-                                [in, count = SMALL_BUF_SIZE] unsigned char* hash,
+                                [in, count = SMALL_BUF_SIZE] const char* hash,
                                 [out, count = SMALL_BUF_SIZE] char* sig_r,
                                 [out, count = SMALL_BUF_SIZE] char* sig_s,
                                 [user_check] uint8_t* sig_v,