SKALE-2977 fix hash ecdsa

90cab3b6 · Oleh Nikolaiev · 511a7468 · 90cab3b6 · 90cab3b6 · 90cab3b6
Unverified Commit 90cab3b6 authored Aug 06, 2020 by Oleh Nikolaiev
6 changed files
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -179,16 +179,17 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
    }

    status = trustedEcdsaSignAES(eid, &errStatus,
-            errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
+            errMsg.data(), encryptedKey.data(), decLen, hashHex,
                                 signatureR.data(),
                                 signatureS.data(), &signatureV, base);

    if (errStatus != 0) {
+        spdlog::error("failed to sign {}", errStatus);
        throw SGXException(666, errMsg.data());
    }

    if (status != SGX_SUCCESS) {
-        spdlog::error("failed to sign {}", status);
+        spdlog::error("failed to sign in enclave {}", status);
        throw SGXException(666, "failed to sign");
    }
    signatureVector.at(0) = to_string(signatureV);
@@ -205,6 +206,7 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
    pubKeyStr = getECDSAPubKey(encryptedKeyHex);

    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
+        spdlog::error("failed to verify ecdsa signature");
        throw SGXException(667, "ECDSA did not verify");
    }


--- a/Log.h
+++ b/Log.h
--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -339,9 +339,9 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
        if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
        }
-        while (hashTmp[0] == '0') {
-            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
-        }
+//        while (hashTmp[0] == '0') {
+//            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
+//        }

        if (!checkECDSAKeyName(_keyName)) {
            throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
@@ -546,11 +546,11 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
        if (!check_n_t(_t, _n)) {
            throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
        }
-        vector< string > sshares_vect;
+        vector<string> sshares_vect;

        spdlog::debug("secret shares from json are - {}", _secretShare);

-        shared_ptr< string > encryptedKeyHex_ptr = readFromDb(_ethKeyName);
+        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);

        bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
        if (res) {
@@ -579,11 +579,11 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
        if (!checkName(_blsKeyName, "BLS_KEY")) {
            throw SGXException(INVALID_BLS_NAME, "Invalid BLSKey name");
        }
-        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
+        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
        spdlog::debug("encr_bls_key_share is {}", *encryptedKeyHex_ptr);
        spdlog::debug("length is {}", encryptedKeyHex_ptr->length());

-        vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
+        vector<string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
        for (uint8_t i = 0; i < 4; i++) {
            result["blsPublicKeyShare"][i] = public_key_vect.at(i);
        }

--- a/SGXWalletServer.hpp
+++ b/SGXWalletServer.hpp
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -1097,17 +1097,12 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
    point_clear(Pkey_test);
 }

-static uint64_t sigCounter = 0;
-static domain_parameters ecdsaCurve = NULL;
-
 void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
-                         unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
+                         const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
    LOG_DEBUG(__FUNCTION__);

-    if (!ecdsaCurve) {
-        ecdsaCurve = domain_parameters_init();
+    domain_parameters ecdsaCurve = domain_parameters_init();
    domain_parameters_load_curve(ecdsaCurve, secp256k1);
-    }

    char skey[ECDSA_SKEY_LEN];

@@ -1116,6 +1111,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    if (status != 0) {
        *errStatus = status;
        snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
+        domain_parameters_clear(ecdsaCurve);
        return;
    }

@@ -1129,6 +1125,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
        snprintf(errString, BUF_LEN, "invalid secret key");
        LOG_ERROR(skey);
        mpz_clear(privateKeyMpz);
+        domain_parameters_clear(ecdsaCurve);
        return;
    }

@@ -1140,6 +1137,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv

        mpz_clear(privateKeyMpz);
        mpz_clear(msgMpz);
+        domain_parameters_clear(ecdsaCurve);

        return;
    }
@@ -1148,30 +1146,6 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv

    signature_sign(sign, msgMpz, privateKeyMpz, ecdsaCurve);

-    sigCounter++;
-
-    if (sigCounter % 1000 == 0) {
-
-        point Pkey = point_init();
-
-        signature_extract_public_key(Pkey, privateKeyMpz, ecdsaCurve);
-
-        if (!signature_verify(msgMpz, sign, Pkey, ecdsaCurve)) {
-            *errStatus = -2;
-            snprintf(errString, BUF_LEN, "signature is not verified! ");
-
-            mpz_clear(privateKeyMpz);
-            mpz_clear(msgMpz);
-            domain_parameters_clear(ecdsaCurve);
-            signature_free(sign);
-            point_clear(Pkey);
-
-            return;
-        }
-
-        point_clear(Pkey);
-    }
-
    char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
    mpz_get_str(arrM, 16, msgMpz);
    snprintf(errString, BUF_LEN, "message is %s ", arrM);
@@ -1189,6 +1163,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    mpz_clear(privateKeyMpz);
    mpz_clear(msgMpz);
    signature_free(sign);
+    domain_parameters_clear(ecdsaCurve);
 }

 void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,

--- a/secure_enclave/secure_enclave.edl
+++ b/secure_enclave/secure_enclave.edl
@@ -204,7 +204,7 @@ enclave {
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                uint32_t enc_len,
-                                [in, count = SMALL_BUF_SIZE] unsigned char* hash,
+                                [in, count = SMALL_BUF_SIZE] const char* hash,
                                [out, count = SMALL_BUF_SIZE] char* sig_r,
                                [out, count = SMALL_BUF_SIZE] char* sig_s,
                                [user_check] uint8_t* sig_v,