Skip to content

S
sgxwallet
Unverified Commit 94616f97 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge branch 'develop' into bug/SKALE-2599-fix-test

parents 1d0a660d 48a895df
Show whitespace changes
Inline Side-by-side
Showing with 730 additions and 597 deletions
codacy.yml .codacy.yml
View file @ 94616f97
...@@ -2,3 +2,4 @@ ...@@ -2,3 +2,4 @@
exclude_paths: exclude_paths:
- 'scripts/**' - 'scripts/**'
- '.github/**' - '.github/**'
- 'trusted_libff/**'
.gitignore
View file @ 94616f97
# Created by .ignore support plugin (hsz.mobi) /.idea/
.idea/ /cmake-build-debug/
sgx-gmp/ /build/
gmp-build /sgx_data/
tgmp-build /jsonrpc/
install-sh /gmp-build/
config.log /tgmp-build/
config.status /install-sh
Makefile.in /config.log
Makefile /config.status
secure_enclave_u.h /Makefile.in
secure_enclave_u.c /Makefile
secure_enclave.edl /secure_enclave_u.h
am--include-marker /secure_enclave_u.c
*.o /secure_enclave.edl
aclocal.m4 /am--include-marker
missing /*.o
compile /*.m4
depcomp /missing
ltmain.sh /compile
secure_enclave.signed.so /depcomp
sgxgmpmath /ltmain.sh
sgxgmppi /secure_enclave.signed.so
.deps /sgxgmpmath
CMakeCache.txt /sgxgmppi
cmake_install.cmake /.deps
sgxd.cbp /CMakeCache.txt
sgx-gmp /cmake_install.cmake
sgx-sdk-build /sgxd.cbp
secure_enclave/Makefile /sgx-gmp/
secure_enclave/secure_enclave.signed.so /sgx-sdk-build/
secure_enclave/secure_enclave.so /secure_enclave/Makefile
secure_enclave/secure_enclave_t.c /secure_enclave/secure_enclave.signed.so
secure_enclave/secure_enclave_t.h /secure_enclave/secure_enclave.so
sgxd /secure_enclave/secure_enclave_t.c
cert/SGXServerCertificate* /secure_enclave/secure_enclave_t.h
autom4te.cache /sgxd
sgxwallet /cert/SGXServerCertificate*
testw /autom4te.cache
configure /sgxwallet
jsonrpc/zlib /testw
jsonrpc/argtable2 /configure
jsonrpc/jsoncpp /secure_enclave/.deps
jsonrpc/libjson-rpc-cpp /test-driver
jsonrpc/curl-from-git.tar.gz /intel-sgx-ssl/
jsonrpc/curl /m4
jsonrpc/libmicrohttpd /.testw.py.swp
secure_enclave/.deps /cert_util
test-driver
Dockerfile
View file @ 94616f97
FROM skalenetwork/sgxwallet_base:latest FROM skalenetwork/sgxwallet_base:latest
COPY . /usr/src/sdk
WORKDIR /usr/src/sdk WORKDIR /usr/src/sdk
RUN ccache -sz
RUN touch /var/hwmode
COPY *.cpp ./
COPY *.h ./
COPY *.txt ./
COPY *.c ./
COPY *.am ./
COPY *.hpp ./
COPY *.gmp ./
COPY *.ac ./
COPY *.json ./
COPY docker ./docker
COPY build-aux ./build-aux
COPY cert ./cert
COPY jsonrpc ./jsonrpc
COPY autoconf.bash ./
COPY leveldb ./leveldb
COPY m4 ./m4
COPY scripts ./scripts
COPY secure_enclave ./secure_enclave
COPY spdlog ./spdlog
COPY SGXWALLET_VERSION ./
RUN ./autoconf.bash RUN ./autoconf.bash
RUN ./configure RUN ./configure
......
ECDSACrypto.cpp
View file @ 94616f97
...@@ -32,13 +32,15 @@ ...@@ -32,13 +32,15 @@
#include <random> #include <random>
#include "spdlog/spdlog.h" #include "spdlog/spdlog.h"
#include "common.h" #include "common.h"
#include "secure_enclave/Verify.h"
#include "BLSCrypto.h" #include "BLSCrypto.h"
#include "ECDSACrypto.h"
#include "ECDSACrypto.h"
string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
...@@ -49,19 +51,19 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { ...@@ -49,19 +51,19 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
} }
void fillRandomBuffer(vector<unsigned char>& _buffer) { void fillRandomBuffer(vector<unsigned char> &_buffer) {
ifstream devRandom("/dev/urandom", ios::in|ios::binary); ifstream devRandom("/dev/urandom", ios::in | ios::binary);
devRandom.exceptions(std::ifstream::failbit | std::ifstream::badbit); devRandom.exceptions(ifstream::failbit | ifstream::badbit);
devRandom.read((char*) _buffer.data(), _buffer.size()); devRandom.read((char *) _buffer.data(), _buffer.size());
devRandom.close(); devRandom.close();
} }
std::vector<std::string> genECDSAKey() { vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0); vector<char> errMsg(1024, 0);
int errStatus = 0; int errStatus = 0;
vector<uint8_t> encr_pr_key(1024, 0); vector <uint8_t> encr_pr_key(1024, 0);
vector<char>pub_key_x(1024, 0); vector<char> pub_key_x(1024, 0);
vector<char>pub_key_y(1024, 0); vector<char> pub_key_y(1024, 0);
uint32_t enc_len = 0; uint32_t enc_len = 0;
...@@ -77,18 +79,18 @@ std::vector<std::string> genECDSAKey() { ...@@ -77,18 +79,18 @@ std::vector<std::string> genECDSAKey() {
spdlog::error("RPCException thrown with status {}", status); spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data()); throw SGXException(status, errMsg.data());
} }
std::vector<std::string> keys(3); vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0); vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
keys.at(0) = hexEncrKey.data(); keys.at(0) = hexEncrKey.data();
keys.at(1) = std::string(pub_key_x.data()) + std::string(pub_key_y.data()); keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
vector<unsigned char> randBuffer(32,0); vector<unsigned char> randBuffer(32, 0);
fillRandomBuffer(randBuffer); fillRandomBuffer(randBuffer);
vector<char> rand_str(64,0); vector<char> rand_str(64, 0);
carray2Hex(randBuffer.data(), 32, rand_str.data()); carray2Hex(randBuffer.data(), 32, rand_str.data());
...@@ -99,12 +101,12 @@ std::vector<std::string> genECDSAKey() { ...@@ -99,12 +101,12 @@ std::vector<std::string> genECDSAKey() {
return keys; return keys;
} }
std::string getECDSAPubKey(const char *_encryptedKeyHex) { string getECDSAPubKey(const char *_encryptedKeyHex) {
vector<char> errMsg(BUF_LEN, 0); vector<char> errMsg(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0); vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0); vector<char> pubKeyY(BUF_LEN, 0);
vector<uint8_t> encrPrKey(BUF_LEN, 0); vector <uint8_t> encrPrKey(BUF_LEN, 0);
int errStatus = 0; int errStatus = 0;
uint64_t enc_len = 0; uint64_t enc_len = 0;
...@@ -116,76 +118,134 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) { ...@@ -116,76 +118,134 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) {
if (!encryptKeys) if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data()); pubKeyY.data());
else status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, else
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (errStatus != 0) { if (errStatus != 0) {
throw SGXException(-666, errMsg.data()); throw SGXException(-666, errMsg.data());
} }
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);// string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//
spdlog::debug("enc_len is {}", enc_len);
spdlog::debug("pubkey is {}", pubKey);
spdlog::debug("pubkey length is {}", pubKey.length());
spdlog::debug("err str is {}", errMsg.data());
spdlog::debug("err status is {}", errStatus);
if (pubKey.size() != 128) {
spdlog::error("Incorrect pub key size", status);
throw SGXException(666, "Incorrect pub key size");
}
return pubKey; return pubKey;
} }
vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
vector<string> signature_vect(3); const char *signatureS) {
char *errMsg = (char *) calloc(1024, 1); bool result = false;
int errStatus = 0;
char *signature_r = (char *) calloc(1024, 1); signature sig = signature_init();
char *signature_s = (char *) calloc(1024, 1);
uint8_t signature_v = 0; auto r = pubKeyStr.substr(0, 64);
uint64_t dec_len = 0; auto s = pubKeyStr.substr(64, 128);
domain_parameters curve = domain_parameters_init();
//uint8_t encr_key[BUF_LEN]; domain_parameters_load_curve(curve, secp256k1);
uint8_t *encr_key = (uint8_t *) calloc(1024, 1); point publicKey = point_init();
if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hashHex, 16) == -1) {
spdlog::error("invalid message hash {}", hashHex);
goto clean;
}
signature_set_str(sig, signatureR, signatureS, 16);
point_set_hex(publicKey, r.c_str(), s.c_str());
if (!signature_verify(msgMpz, sig, publicKey, curve)) {
spdlog::error("ECDSA sig not verified");
goto clean;
} }
result = true;
spdlog::debug("encryptedKeyHex: {}", encryptedKeyHex); clean:
spdlog::debug("HASH: {}", hashHex);
spdlog::debug("encrypted len: {}", dec_len);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey);
signature_free(sig);
if (!encryptKeys) return result;
status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base); }
else
status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r, vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) {
signature_s, &signature_v, base); vector <string> signatureVector(3);
if (errStatus != 0) {
throw SGXException(-666, errMsg); vector<char> errMsg(1024, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
string pubKeyStr = "";
shared_ptr<SGXException> exception = NULL;
if (!hex2carray(encryptedKeyHex, &decLen, encryptedKey.data())) {
exception = make_shared<SGXException>(INVALID_HEX, "Invalid encryptedKeyHex");
goto clean;
} }
pubKeyStr = getECDSAPubKey(encryptedKeyHex);
spdlog::debug("signature r in ecdsa_sign_hash: {}", signature_r);
spdlog::debug("signature s in ecdsa_sign_hash: {}", signature_s); if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
} else
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (errStatus != 0) {
exception = make_shared<SGXException>(666, errMsg.data());
goto clean;
}
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
spdlog::error(" failed to sign "); spdlog::error("failed to sign {}", status);
exception = make_shared<SGXException>(666, "failed to sign");
goto clean;
} }
signature_vect.at(0) = to_string(signature_v); signatureVector.at(0) = to_string(signatureV);
if (base == 16) { if (base == 16) {
signature_vect.at(1) = "0x" + string(signature_r); signatureVector.at(1) = "0x" + string(signatureR.data());
signature_vect.at(2) = "0x" + string(signature_s); signatureVector.at(2) = "0x" + string(signatureS.data());
} else { } else {
signature_vect.at(1) = string(signature_r); signatureVector.at(1) = string(signatureR.data());
signature_vect.at(2) = string(signature_s); signatureVector.at(2) = string(signatureS.data());
} }
free(errMsg); /* Now verify signature */
free(signature_r);
free(signature_s); if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
free(encr_key); exception = make_shared<SGXException>(667, "ECDSA did not verify");
goto clean;
}
clean:
if (exception)
throw *exception;
return signature_vect; return signatureVector;
} }
\ No newline at end of file
ECDSAImpl.c 0 → 100644
View file @ 94616f97
#include "secure_enclave/Point.c"
#include "secure_enclave/DomainParameters.c"
#include "secure_enclave/NumberTheory.c"
#include "secure_enclave/Signature.c"
#include "secure_enclave/Curves.c"
\ No newline at end of file
Makefile.am
View file @ 94616f97
...@@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am ...@@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am
## ##
## And a pattern rule for building prexoxy functions from EDL files: ## And a pattern rule for building prexoxy functions from EDL files:
## ##
## %_u.h %_u.c: %.edl ## %_u.h %_u.c: %.edl34
## ##
## And sets these Makefile variables: ## And sets these Makefile variables:
## ##
...@@ -33,7 +33,7 @@ SUBDIRS=secure_enclave ...@@ -33,7 +33,7 @@ SUBDIRS=secure_enclave
## ##
## SGX_EDGER8R_FLAGS= ## SGX_EDGER8R_FLAGS=
WALLET_VERSION := $(shell cat VERSION)
## Needed to make our pattern rule work. ## Needed to make our pattern rule work.
...@@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl ...@@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
#AM_CPPFLAGS += -g -Og #AM_CPPFLAGS += -g -Og
AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
## Additional targets to remove with 'make clean'. You must list ## Additional targets to remove with 'make clean'. You must list
## any edger8r generated files here. ## any edger8r generated files here.
...@@ -67,9 +67,11 @@ bin_PROGRAMS = sgxwallet testw cert_util ...@@ -67,9 +67,11 @@ bin_PROGRAMS = sgxwallet testw cert_util
## have to be explicitly listed. ## have to be explicitly listed.
COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp ECDSACrypto.cpp \ SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \
ECDSACrypto.cpp \
DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \ DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \
sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \
ECDSAImpl.c
COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC) sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC)
......
README.md
View file @ 94616f97
# sgxwallet: SKALE SGX-based hardware crypto wallet # sgxwallet: SKALE SGX-based hardware crypto wallet
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
[![Discord](https://img.shields.io/discord/534485763354787851.svg)](https://discord.gg/vvUtWJB) [![Discord](https://img.shields.io/discord/534485763354787851.svg)](https://discord.gg/vvUtWJB)
## Intro ## Intro
......
SGXWALLET_VERSION deleted 100644 → 0
View file @ 1d0a660d
#define SGXWALLET_VERSION "1.49.5"
SGXWalletServer.cpp
View file @ 94616f97
...@@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin ...@@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
if (!checkName(_keyShareName, "BLS_KEY")) { if (!checkName(_keyShareName, "BLS_KEY")) {
throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name"); throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name");
} }
string cutHash = _messageHash; string hashTmp = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2); hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
} }
while (cutHash[0] == '0') { while (hashTmp[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1); hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
} }
if (!checkHex(cutHash)) { if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash"); throw SGXException(INVALID_HEX, "Invalid hash");
} }
...@@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st ...@@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
throw SGXException(UNKNOWN_ERROR, "invalid key name"); throw SGXException(UNKNOWN_ERROR, "invalid key name");
} }
shared_ptr <string> key_ptr = readFromDb(_tempKeyName); shared_ptr <string> encryptedKey = readFromDb(_tempKeyName);
writeDataToDB(_keyName, *key_ptr); writeDataToDB(_keyName, *encryptedKey);
LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName); LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName);
} HANDLE_SGX_EXCEPTION(result) } HANDLE_SGX_EXCEPTION(result)
...@@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_ ...@@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
result["signature_r"] = ""; result["signature_r"] = "";
result["signature_s"] = ""; result["signature_s"] = "";
vector <string> sign_vect(3); vector <string> signatureVector(3);
try { try {
string cutHash = _messageHash; string hashTmp = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2); hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
} }
while (cutHash[0] == '0') { while (hashTmp[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1); hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
} }
if (!checkECDSAKeyName(_keyName)) { if (!checkECDSAKeyName(_keyName)) {
throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name"); throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
} }
if (!checkHex(cutHash)) { if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash"); throw SGXException(INVALID_HEX, "Invalid hash");
} }
if (_base <= 0 || _base > 32) { if (_base <= 0 || _base > 32) {
throw SGXException(-22, "Invalid base"); throw SGXException(-22, "Invalid base");
} }
shared_ptr <string> key_ptr = readFromDb(_keyName, ""); shared_ptr <string> encryptedKey = readFromDb(_keyName, "");
sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base); signatureVector = ecdsaSignHash(encryptedKey->c_str(), hashTmp.c_str(), _base);
if (sign_vect.size() != 3) { if (signatureVector.size() != 3) {
throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature"); throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature");
} }
spdlog::debug("got signature_s {}", sign_vect.at(2)); spdlog::debug("got signature_s {}", signatureVector.at(2));
result["signature_v"] = sign_vect.at(0); result["signature_v"] = signatureVector.at(0);
result["signature_r"] = sign_vect.at(1); result["signature_r"] = signatureVector.at(1);
result["signature_s"] = sign_vect.at(2); result["signature_s"] = signatureVector.at(2);
} HANDLE_SGX_EXCEPTION(result) } HANDLE_SGX_EXCEPTION(result)
...@@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, ...@@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t "); throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t ");
} }
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName); shared_ptr<string> encrPoly = readFromDb(_polyName);
verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n); verifVector = get_verif_vect(encrPoly->c_str(), _t, _n);
for (int i = 0; i < _t; i++) { for (int i = 0; i < _t; i++) {
vector <string> cur_coef = verifVector.at(i); vector <string> currentCoef = verifVector.at(i);
for (int j = 0; j < 4; j++) { for (int j = 0; j < 4; j++) {
result["verificationVector"][i][j] = cur_coef.at(j); result["verificationVector"][i][j] = currentCoef.at(j);
} }
} }
...@@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J ...@@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t "); throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
} }
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName); shared_ptr <string> encrPoly = readFromDb(_polyName);
vector <string> pubKeysStrs; vector <string> pubKeysStrs;
for (int i = 0; i < _n; i++) { for (int i = 0; i < _n; i++) {
...@@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J ...@@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString()); pubKeysStrs.push_back(_pubKeys[i].asString());
} }
string s = trustedGetSecretShares(_polyName, encr_poly_ptr->c_str(), pubKeysStrs, _t, _n); string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
//cerr << "result is " << s << endl; //cerr << "result is " << s << endl;
result["secretShare"] = s; result["secretShare"] = s;
...@@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() { ...@@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() {
return result; return result;
} }
Json::Value SGXWalletServer::getServerVersionImpl() {
Json::Value SGXWalletServer::getServerVersionImpl() {
INIT_RESULT(result) INIT_RESULT(result)
result["version"] = TOSTRING(SGXWALLET_VERSION);
result["version"] = SGXWALLET_VERSION;
return result; return result;
} }
......
SGXWalletServer.hpp
View file @ 94616f97
...@@ -33,8 +33,13 @@ ...@@ -33,8 +33,13 @@
using namespace jsonrpc; using namespace jsonrpc;
using namespace std; using namespace std;
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
class SGXWalletServer : public AbstractStubServer { class SGXWalletServer : public AbstractStubServer {
recursive_mutex m; recursive_mutex m;
static shared_ptr<SGXWalletServer> server; static shared_ptr<SGXWalletServer> server;
...@@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer { ...@@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer {
public: public:
static const char* getVersion() {
return TOSTRING(SGXWALLET_VERSION);
}
SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type); SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type);
virtual Json::Value virtual Json::Value
......
ServerInit.cpp
View file @ 94616f97
...@@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { ...@@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
static int sgxServerInited; static int sgxServerInited;
cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl; cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl;
CHECK_STATE(sgxServerInited == 0) CHECK_STATE(sgxServerInited == 0)
sgxServerInited = 1; sgxServerInited = 1;
......
ServerInit.h
View file @ 94616f97
...@@ -25,7 +25,6 @@ ...@@ -25,7 +25,6 @@
#define SGXWALLET_SERVERINIT_H #define SGXWALLET_SERVERINIT_H
#include "stdint.h" #include "stdint.h"
#include "SGXWALLET_VERSION"
#ifdef __cplusplus #ifdef __cplusplus
#define EXTERNC extern "C" #define EXTERNC extern "C"
......
VERSION
View file @ 94616f97
1.49 1.50.2
\ No newline at end of file \ No newline at end of file
common.h
View file @ 94616f97
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>. along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file BLSEnclave.cpp @file common.h
@author Stan Kladko @author Stan Kladko
@date 2020 @date 2020
*/ */
...@@ -34,10 +34,13 @@ using namespace std; ...@@ -34,10 +34,13 @@ using namespace std;
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h" #include "InvalidStateException.h"
#define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}}
inline std::string className(const std::string &prettyFunction) { inline std::string className(const std::string &prettyFunction) {
size_t colons = prettyFunction.find("::"); size_t colons = prettyFunction.find("::");
if (colons == std::string::npos) if (colons == std::string::npos)
......
docs/building.md
View file @ 94616f97
# Building SGX wallet from source # Building SGX wallet from source
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
## Clone this repository and its submodules ## Clone this repository and its submodules
`git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git` `git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git`
...@@ -10,8 +12,6 @@ ...@@ -10,8 +12,6 @@
cd scripts; sudo ./install_packages.sh; cd .. cd scripts; sudo ./install_packages.sh; cd ..
``` ```
## Build dependencies ## Build dependencies
Dependencies only need to be built once. Dependencies only need to be built once.
...@@ -19,6 +19,7 @@ Dependencies only need to be built once. ...@@ -19,6 +19,7 @@ Dependencies only need to be built once.
```bash ```bash
cd scripts; ./build_deps.py; cd .. cd scripts; ./build_deps.py; cd ..
``` ```
## Set SGX environment variables ## Set SGX environment variables
```bash ```bash
...@@ -47,7 +48,6 @@ make ...@@ -47,7 +48,6 @@ make
The base container includes software common to hardware mode and simulation mode. The base container includes software common to hardware mode and simulation mode.
```bash ```bash
sudo docker build -t sgxwallet_base . sudo docker build -t sgxwallet_base .
...@@ -66,7 +66,6 @@ sudo docker build -t sgxwalletsim -f ./DockerfileSimulation . ...@@ -66,7 +66,6 @@ sudo docker build -t sgxwalletsim -f ./DockerfileSimulation .
sudo docker build -t sgxwallet -f ./Dockerfile . sudo docker build -t sgxwallet -f ./Dockerfile .
``` ```
## Adding new source files ## Adding new source files
Note that `configure, Makefile` and `Makefile.in` files are created by `automake` tools on the fly. Note that `configure, Makefile` and `Makefile.in` files are created by `automake` tools on the fly.
......
docs/developer_guide.md
View file @ 94616f97
...@@ -9,7 +9,6 @@ ...@@ -9,7 +9,6 @@
- [Contributing source code](../.github/CONTRIBUTING.md) - [Contributing source code](../.github/CONTRIBUTING.md)
- [Security Bug Reporting](../SECURITY.md) - [Security Bug Reporting](../SECURITY.md)
## Community ## Community
- [SKALE Discord](http://skale.chat) - [SKALE Discord](http://skale.chat)
docs/enabling-sgx.md
View file @ 94616f97
# Enabling SGX # Enabling SGX
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) --> <!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
### Verify Intel SGX is enabled in BIOS ### Verify Intel SGX is enabled in BIOS
...@@ -11,10 +10,11 @@ The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC. ...@@ -11,10 +10,11 @@ The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC.
Usually Intel SGX is disabled by default. Usually Intel SGX is disabled by default.
To enable: To enable:
* find the Intel SGX feature in BIOS Menu
(it is usually under the "Advanced" or "Security" menu) - find the Intel SGX feature in BIOS Menu
* Set SGX in BIOS as `enabled` (preferrably) or `software-controlled`. (it is usually under the "Advanced" or "Security" menu)
* save your BIOS settings and exit BIOS. - Set SGX in BIOS as `enabled` (preferably) or `software-controlled`.
- save your BIOS settings and exit BIOS.
## Enable "software-controlled" SGX ## Enable "software-controlled" SGX
...@@ -42,7 +42,6 @@ Install make and gcc if you do not have it ...@@ -42,7 +42,6 @@ Install make and gcc if you do not have it
apt-get install build-essential apt-get install build-essential
``` ```
Run the following command: Run the following command:
```bash ```bash
...@@ -64,7 +63,6 @@ git clone https://github.com/intel/linux-sgx-driver ...@@ -64,7 +63,6 @@ git clone https://github.com/intel/linux-sgx-driver
And then follow instructions in README.md And then follow instructions in README.md
# Troubleshooting Installation # Troubleshooting Installation
- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog` - If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
......
docs/prerequisites.md
View file @ 94616f97
...@@ -7,7 +7,6 @@ software components. These must be installed and configured before ...@@ -7,7 +7,6 @@ software components. These must be installed and configured before
running sgxwallet. running sgxwallet.
This document describes how to install and configure these required components. This document describes how to install and configure these required components.
## Recommended host system ## Recommended host system
sgxwallet should be ran on Ubuntu 18.04. Sgxwallet has been tested on Ubuntu 18.04. sgxwallet should be ran on Ubuntu 18.04. Sgxwallet has been tested on Ubuntu 18.04.
...@@ -16,8 +15,7 @@ Sgxwallet may run on other Linux distributions, ...@@ -16,8 +15,7 @@ Sgxwallet may run on other Linux distributions,
but the installation process is likely to be more complicated, but the installation process is likely to be more complicated,
and the use of other distributions is not supported by their respective communities at this time. and the use of other distributions is not supported by their respective communities at this time.
### Install Docker engine
### Install Docker engine ngine:
Docker engine is pre-installed on Ubuntu 18.04. You can re-install it as Docker engine is pre-installed on Ubuntu 18.04. You can re-install it as
described below described below
...@@ -28,7 +26,7 @@ sudo apt-get install -y docker-io ...@@ -28,7 +26,7 @@ sudo apt-get install -y docker-io
To verify a correct installation, run `sudo docker run hello-world` To verify a correct installation, run `sudo docker run hello-world`
### Install Docker Compose: ### Install Docker Compose
```bash ```bash
sudo apt-get install -y docker-compose sudo apt-get install -y docker-compose
...@@ -38,8 +36,7 @@ To verify a correct installation, run `docker-compose version` ...@@ -38,8 +36,7 @@ To verify a correct installation, run `docker-compose version`
For details on Docker installation, see <https://docs.docker.com/engine/installation/linux/ubuntu> and <https://docs.docker.com/compose/install/#install-compose> For details on Docker installation, see <https://docs.docker.com/engine/installation/linux/ubuntu> and <https://docs.docker.com/compose/install/#install-compose>
### Verify SGX support
### Verify thatyour machine supports SGX
Install cpuid and libelf-dev packages: Install cpuid and libelf-dev packages:
...@@ -47,16 +44,10 @@ Install cpuid and libelf-dev packages: ...@@ -47,16 +44,10 @@ Install cpuid and libelf-dev packages:
sudo apt-get install -y libelf-dev cpuid sudo apt-get install -y libelf-dev cpuid
``` ```
Verify your processor supports Intel SGX with: Verify processor support of Intel SGX:
```bash ```bash
cpuid | grep SGX: cpuid | grep SGX:
``` ```
The printout shoud read `SGX: Software Guard Extensions supported = true` The printout should read `SGX: Software Guard Extensions supported = true`
docs/run_in_hardware_mode.md
View file @ 94616f97
...@@ -54,7 +54,6 @@ Note: sgxwallet operates on network ports 1026 (https) and 1027 (http for initia ...@@ -54,7 +54,6 @@ Note: sgxwallet operates on network ports 1026 (https) and 1027 (http for initia
If you have a firewall on your network, please make sure these ports are open so clients are able to If you have a firewall on your network, please make sure these ports are open so clients are able to
connect to the server. connect to the server.
## Logging ## Logging
By default, sgxwallet will log into default Docker logs, which are rotated into four files 10M each. By default, sgxwallet will log into default Docker logs, which are rotated into four files 10M each.
......
scripts/build_deps.py
View file @ 94616f97
#!/usr/bin/env python #!/usr/bin/env python
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Bash script to build cpp-ethereum within TravisCI. # Copyright (C) 2018-Present SKALE Labs
# #
# The documentation for cpp-ethereum is hosted at http://cpp-ethereum.org # This file is part of sgxwallet.
# #
# ------------------------------------------------------------------------------ # libBLS is free software: you can redistribute it and/or modify
# This file is part of cpp-ethereum. # it under the terms of the GNU Affero General Public License as published
# # by the Free Software Foundation, either version 3 of the License, or
# cpp-ethereum is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cpp-ethereum is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>
#
# (c) 2016 cpp-ethereum contributors.
# ------------------------------------------------------------------------------
#
# Copyright (C) 2018-2019 SKALE Labs
#
# This file is part of skale-consensus.
#
# skale-consensus is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, eithe r version 3 of the License, or
# (at your option) any later version. # (at your option) any later version.
# #
# skale-consensus is distributed in the hope that it will be useful, # sgxwallet is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU Affero General Public License for more details.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU Affero General Public License
# along with skale-consensus. If not, see <http://www.gnu.org/licenses/>. # along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
# #
# @file build.py # @file build_deps.py
# @author Stan Kladko # @author Stan Kladko
# @date 2018 # @date 2018
# #
......
scripts/docker_build.py
View file @ 94616f97
#!/usr/bin/env python #!/usr/bin/env python
# ------------------------------------------------------------------------------
# Bash script to build cpp-ethereum within TravisCI.
#
# The documentation for cpp-ethereum is hosted at http://cpp-ethereum.org
#
# ------------------------------------------------------------------------------
# This file is part of cpp-ethereum.
#
# cpp-ethereum is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cpp-ethereum is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>
#
# (c) 2016 cpp-ethereum contributors.
# ------------------------------------------------------------------------------
#
# Copyright (C) 2019-Present SKALE Labs # Copyright (C) 2019-Present SKALE Labs
#
# This file is part of sgxwallet. # This file is part of sgxwallet.
#
# sgxwallet is free software: you can redistribute it and/or modify # sgxwallet is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published # it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or # by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version. # (at your option) any later version.
#
# sgxwallet is distributed in the hope that it will be useful, # sgxwallet is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details. # GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with sgxwallet. If not, see <https://www.gnu.org/licenses/>. # along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
# #
......
secure_enclave/Curves.c
View file @ 94616f97
...@@ -24,7 +24,13 @@ ...@@ -24,7 +24,13 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h> #include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h" #include "DomainParameters.h"
#include "Curves.h" #include "Curves.h"
#include "Point.h" #include "Point.h"
......
secure_enclave/Curves.h
View file @ 94616f97
...@@ -25,6 +25,12 @@ ...@@ -25,6 +25,12 @@
#ifndef SGXWALLET_CURVES_H #ifndef SGXWALLET_CURVES_H
#define SGXWALLET_CURVES_H #define SGXWALLET_CURVES_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Curves that can be loaded using domain_parameters_load_curve()*/ /*Curves that can be loaded using domain_parameters_load_curve()*/
typedef enum { secp112r1 = 0, typedef enum { secp112r1 = 0,
...@@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0, ...@@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0,
#define NUMBER_OF_CURVES (secp521r1+1) #define NUMBER_OF_CURVES (secp521r1+1)
/*Load a curve depending on it's curve number, defined by the enum*/ /*Load a curve depending on it's curve number, defined by the enum*/
void domain_parameters_load_curve(domain_parameters out, curve_list curve); EXTERNC void domain_parameters_load_curve(domain_parameters out, curve_list curve);
/* REMARK: /* REMARK:
For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes! For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes!
......
secure_enclave/DHDkg.c
View file @ 94616f97
...@@ -23,7 +23,11 @@ ...@@ -23,7 +23,11 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h> #include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h" #include "DomainParameters.h"
#include "Curves.h" #include "Curves.h"
......
secure_enclave/DKGUtils.cpp
View file @ 94616f97
...@@ -23,7 +23,12 @@ ...@@ -23,7 +23,12 @@
#include "DKGUtils.h" #include "DKGUtils.h"
#include <sgx_tgmp.h> #ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp> #include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
#include <../trusted_libff/libff/algebra/fields/fp.hpp> #include <../trusted_libff/libff/algebra/fields/fp.hpp>
......
secure_enclave/DKGUtils.h
View file @ 94616f97
...@@ -30,7 +30,12 @@ ...@@ -30,7 +30,12 @@
#define EXTERNC #define EXTERNC
#endif #endif
#include <sgx_tgmp.h> #ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
EXTERNC int gen_dkg_poly( char* secret, unsigned _t); EXTERNC int gen_dkg_poly( char* secret, unsigned _t);
......
secure_enclave/DomainParameters.c
View file @ 94616f97
...@@ -21,7 +21,12 @@ ...@@ -21,7 +21,12 @@
@date 2019 @date 2019
*/ */
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h> #include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h> #include <stdbool.h>
#include <string.h> #include <string.h>
......
secure_enclave/DomainParameters.h
View file @ 94616f97
...@@ -23,6 +23,11 @@ ...@@ -23,6 +23,11 @@
#ifndef SGXWALLET_DOMAINPARAMETERS_H #ifndef SGXWALLET_DOMAINPARAMETERS_H
#define SGXWALLET_DOMAINPARAMETERS_H #define SGXWALLET_DOMAINPARAMETERS_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type that represents a point*/ /*Type that represents a point*/
typedef struct point_s* point; typedef struct point_s* point;
...@@ -48,13 +53,13 @@ struct domain_parameters_s ...@@ -48,13 +53,13 @@ struct domain_parameters_s
}; };
/*Initialize a curve*/ /*Initialize a curve*/
domain_parameters domain_parameters_init(); EXTERNC domain_parameters domain_parameters_init();
/*Sets the name of a curve*/ /*Sets the name of a curve*/
void domain_parameters_set_name(domain_parameters curve, char* name); EXTERNC void domain_parameters_set_name(domain_parameters curve, char* name);
/*Set domain parameters from decimal unsigned long ints*/ /*Set domain parameters from decimal unsigned long ints*/
void domain_parameters_set_ui(domain_parameters curve, EXTERNC void domain_parameters_set_ui(domain_parameters curve,
char* name, char* name,
unsigned long int p, unsigned long int p,
unsigned long int a, unsigned long int a,
...@@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve, ...@@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve,
unsigned long int h); unsigned long int h);
/*Set domain parameters from hexadecimal string*/ /*Set domain parameters from hexadecimal string*/
void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h); EXTERNC void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h);
/*Release memory*/ /*Release memory*/
void domain_parameters_clear(domain_parameters curve); EXTERNC void domain_parameters_clear(domain_parameters curve);
#endif #endif
\ No newline at end of file
secure_enclave/EnclaveCommon.cpp
View file @ 94616f97
...@@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) { ...@@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) {
EXTERNC void LOG_INFO(char* _msg) { EXTERNC void LOG_INFO(char* _msg) {
logMsg(L_INFO, _msg); logMsg(L_INFO, _msg);
}; };
EXTERNC void LOG_WARNING(char* _msg) { EXTERNC void LOG_WARN(char* _msg) {
logMsg(L_WARNING, _msg); logMsg(L_WARNING, _msg);
}; };
......
secure_enclave/EnclaveCommon.h
View file @ 94616f97
...@@ -53,7 +53,7 @@ EXTERNC void enclave_init(); ...@@ -53,7 +53,7 @@ EXTERNC void enclave_init();
EXTERNC void LOG_INFO(char* msg); EXTERNC void LOG_INFO(char* msg);
EXTERNC void LOG_WARNING(char* _msg); EXTERNC void LOG_WARN(char* _msg);
EXTERNC void LOG_ERROR(char* _msg); EXTERNC void LOG_ERROR(char* _msg);
EXTERNC void LOG_DEBUG(char* _msg); EXTERNC void LOG_DEBUG(char* _msg);
EXTERNC void LOG_TRACE(char* _msg); EXTERNC void LOG_TRACE(char* _msg);
......
secure_enclave/NumberTheory.c
View file @ 94616f97
...@@ -23,8 +23,14 @@ ...@@ -23,8 +23,14 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h" #include "NumberTheory.h"
/*Calculate R = a^k mod P, using repeated square-and-multiply algorithm /*Calculate R = a^k mod P, using repeated square-and-multiply algorithm
......
secure_enclave/Point.c
View file @ 94616f97
...@@ -23,11 +23,16 @@ ...@@ -23,11 +23,16 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <string.h> #include <string.h>
#include <assert.h> #include <assert.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h" #include "NumberTheory.h"
#include "DomainParameters.h" #include "DomainParameters.h"
...@@ -77,14 +82,14 @@ void point_set(point R, point P) ...@@ -77,14 +82,14 @@ void point_set(point R, point P)
} }
/*Set point from strings of a base from 2-62*/ /*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base) void point_set_str(point p, const char *x, const char *y, int base)
{ {
mpz_set_str(p->x, x, base); mpz_set_str(p->x, x, base);
mpz_set_str(p->y, y, base); mpz_set_str(p->y, y, base);
} }
/*Set point from hexadecimal strings*/ /*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y) void point_set_hex(point p, const char *x, const char *y)
{ {
point_set_str(p,x,y,16); point_set_str(p,x,y,16);
} }
......
secure_enclave/Point.h
View file @ 94616f97
...@@ -26,56 +26,58 @@ ...@@ -26,56 +26,58 @@
#define SGXWALLET_POINT_H #define SGXWALLET_POINT_H
#include "DomainParameters.h" #include "DomainParameters.h"
/*Initialize a point*/ /*Initialize a point*/
point point_init(); EXTERNC point point_init();
/*Release point*/ /*Release point*/
void point_clear(point p); EXTERNC void point_clear(point p);
/*Set point to be a infinity*/ /*Set point to be a infinity*/
void point_at_infinity(point p); EXTERNC void point_at_infinity(point p);
/*Set R to the additive inverse of P, in the curve curve*/ /*Set R to the additive inverse of P, in the curve curve*/
void point_inverse(point R, point P, domain_parameters curve); EXTERNC void point_inverse(point R, point P, domain_parameters curve);
/*Print point to standart output stream*/ /*Print point to standart output stream*/
void point_print(point p); EXTERNC void point_print(point p);
/*Set point from hexadecimal strings*/ /*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y); EXTERNC void point_set_hex(point p, const char *x, const char *y);
/*Set point from decimal unsigned long ints*/ /*Set point from decimal unsigned long ints*/
void point_set_ui(point p, unsigned long int x, unsigned long int y); EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y);
/*Addition of point P + Q = result*/ /*Addition of point P + Q = result*/
void point_addition(point result, point P, point Q, domain_parameters curve); EXTERNC void point_addition(point result, point P, point Q, domain_parameters curve);
/*Set point R = 2P*/ /*Set point R = 2P*/
void point_doubling(point R, point P, domain_parameters curve); EXTERNC void point_doubling(point R, point P, domain_parameters curve);
/*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ /*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/
void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve);
/*Set point from strings of a base from 2-62*/ /*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base); EXTERNC void point_set_str(point p, const char *x, const char *y, int base);
/*Compare two points return 1 if not the same, returns 0 if they are the same*/ /*Compare two points return 1 if not the same, returns 0 if they are the same*/
bool point_cmp(point P, point Q); EXTERNC bool point_cmp(point P, point Q);
/*Decompress a point from hexadecimal representation /*Decompress a point from hexadecimal representation
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/
void point_decompress(point P, char* zPoint, domain_parameters curve); EXTERNC void point_decompress(point P, char* zPoint, domain_parameters curve);
/*Compress a point to hexadecimal string /*Compress a point to hexadecimal string
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/
char* point_compress(point P); EXTERNC char* point_compress(point P);
/*Make R a copy of P*/ /*Make R a copy of P*/
void point_copy(point R, point P); EXTERNC void point_copy(point R, point P);
/*Set a point from another point*/ /*Set a point from another point*/
void point_set(point R, point P); EXTERNC void point_set(point R, point P);
#endif #endif
\ No newline at end of file
secure_enclave/Signature.c
View file @ 94616f97
...@@ -23,9 +23,17 @@ ...@@ -23,9 +23,17 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h> #include <stdbool.h>
#include <assert.h> #include <assert.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h" #include "DomainParameters.h"
#include "Point.h" #include "Point.h"
#include "NumberTheory.h" #include "NumberTheory.h"
...@@ -51,13 +59,13 @@ void signature_print(signature sig) { ...@@ -51,13 +59,13 @@ void signature_print(signature sig) {
} }
/*Set signature from strings of a base from 2-62*/ /*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base) { void signature_set_str(signature sig, const char *r, const char *s, int base) {
mpz_set_str(sig->r, r, base); mpz_set_str(sig->r, r, base);
mpz_set_str(sig->s, s, base); mpz_set_str(sig->s, s, base);
} }
/*Set signature from hexadecimal strings*/ /*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s) { void signature_set_hex(signature sig, const char *r, const char *s) {
signature_set_str(sig, r, s, 16); signature_set_str(sig, r, s, 16);
} }
...@@ -84,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa ...@@ -84,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa
point_multiplication(public_key, private_key, curve->G, curve); point_multiplication(public_key, private_key, curve->G, curve);
} }
#ifndef USER_SPACE
/*Generate signature for a message*/ /*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) { void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) {
//message must not have a bit length longer than that of n //message must not have a bit length longer than that of n
...@@ -171,13 +180,26 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para ...@@ -171,13 +180,26 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
} }
#endif
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Verify the integrity of a message using it's signature*/ /*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {
//Initialize variables //Initialize variables
mpz_t one, w, u1, u2, t, tt2; mpz_t one, w, u1, u2, t, tt2;
mpz_init(one); mpz_init(w); mpz_init(u1); mpz_init(one);
mpz_init(u2); mpz_init(t); mpz_init(tt2); mpz_init(w);
mpz_init(u1);
mpz_init(u2);
mpz_init(t);
mpz_init(tt2);
mpz_set_ui(one, 1); mpz_set_ui(one, 1);
...@@ -224,15 +246,15 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par ...@@ -224,15 +246,15 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par
point_clear(t1); point_clear(t1);
point_clear(t2); point_clear(t2);
mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t); mpz_clear(one);
mpz_clear(w);
mpz_clear(u1);
mpz_clear(u2);
mpz_clear(t);
mpz_clear(tt2); mpz_clear(tt2);
return result; return result;
}
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
} }
secure_enclave/Signature.h
View file @ 94616f97
...@@ -24,6 +24,12 @@ ...@@ -24,6 +24,12 @@
#ifndef SGXWALLET_SIGNATURE_H #ifndef SGXWALLET_SIGNATURE_H
#define SGXWALLET_SIGNATURE_H #define SGXWALLET_SIGNATURE_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type for representing a signature*/ /*Type for representing a signature*/
struct signature_s struct signature_s
{ {
...@@ -35,36 +41,36 @@ struct signature_s ...@@ -35,36 +41,36 @@ struct signature_s
typedef struct signature_s* signature; typedef struct signature_s* signature;
/*Initialize a signature*/ /*Initialize a signature*/
signature signature_init(); EXTERNC signature signature_init();
/*Set signature from strings of a base from 2-62*/ /*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base); EXTERNC void signature_set_str(signature sig, const char *r, const char *s, int base);
/*Set signature from hexadecimal strings*/ /*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s); EXTERNC void signature_set_hex(signature sig, const char *r, const char *s);
/*Set signature from decimal unsigned long ints*/ /*Set signature from decimal unsigned long ints*/
void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s);
/*Print signature to standart output stream*/ /*Print signature to standart output stream*/
void signature_print(signature sig); EXTERNC void signature_print(signature sig);
/*Make R a copy of P*/ /*Make R a copy of P*/
void signature_copy(signature R, signature sig); EXTERNC void signature_copy(signature R, signature sig);
/*Compare two signatures return 1 if not the same, returns 0 if they are the same*/ /*Compare two signatures return 1 if not the same, returns 0 if they are the same*/
bool signature_cmp(signature sig1, signature sig2); EXTERNC bool signature_cmp(signature sig1, signature sig2);
/*Release signature*/ /*Release signature*/
void signature_free(signature sig); EXTERNC void signature_free(signature sig);
/*Generates a public key for a private key*/ /*Generates a public key for a private key*/
void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve); EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve);
/*Generate signature for a message*/ /*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve);
/*Verify the integrity of a message using it's signature*/ /*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve); EXTERNC bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve);
#endif #endif
secure_enclave/Verify.h 0 → 100644
View file @ 94616f97
/*
Copyright (C) 2019-Present SKALE Labs
This file is part of sgxwallet.
sgxwallet is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
sgxwallet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file Verify.h
@author Stan Kladko
@date 2020
*/
#ifndef SGXWALLET_VERIFY_H
#define SGXWALLET_VERIFY_H
#define USER_SPACE 1
#include "secure_enclave/Point.h"
#include "secure_enclave/DomainParameters.h"
#include "secure_enclave/NumberTheory.h"
#include "secure_enclave/Signature.h"
#include "secure_enclave/Curves.h"
#endif //SGXWALLET_VERIFY_H
secure_enclave/secure_enclave.c
View file @ 94616f97
...@@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} ...@@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *err_string, void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, ...@@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
uint8_t base = 16; uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len); //snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, ...@@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen,
(sgx_sealed_data_t *) encrypted_key); (sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal ecsdsa private key failed"); snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, ...@@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
} }
void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encrypted_key, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, ...@@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &dec_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
//strncpy(err_string, skey, 1024); //strncpy(errString, skey, 1024);
mpz_t skey_mpz; mpz_t privateKeyMpz;
mpz_init(skey_mpz); mpz_init(privateKeyMpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key"); snprintf(errString, BUF_LEN, "wrong string to init private key");
*errStatus = -10; *errStatus = -10;
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
return; return;
} }
//Public key //Public key
point Pkey = point_init(); point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init(); point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve); point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11; *errStatus = -11;
return; return;
} }
...@@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, ...@@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
int base = 16; int base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len); //snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -281,104 +281,130 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, ...@@ -281,104 +281,130 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
} }
void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len, void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char* arr_m = NULL; char* arrM = NULL;
char* arr_r = NULL; char* arrR = NULL;
char* arr_s; char* arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
mpz_t skey_mpz;
mpz_init(skey_mpz);
mpz_t msg_mpz;
mpz_init(msg_mpz);
signature sign = signature_init(); signature sign = signature_init();
domain_parameters curve = domain_parameters_init(); domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1); domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init(); point publicKey = point_init();
char* secretKey = calloc(ECDSA_SKEY_LEN,1);
sgx_status_t status = sgx_unseal_data( if (!hash) {
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len); *errStatus = 1;
char* msg = "NULL message hash";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
if (status != SGX_SUCCESS) { if (strnlen(hash, 64 ) > 64) {
*errStatus = status; *errStatus = 2;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_key with status %d", status); char* msg = "Hash too long";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean; goto clean;
} }
//snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); mpz_init(msgMpz);
if (mpz_set_str(skey_mpz, secretKey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
LOG_WARN(errString);
goto clean; goto clean;
} }
if (mpz_set_str(msg_mpz, hash, 16) == -1) { if (!encryptedPrivateKey) {
*errStatus = -1; *errStatus = 3;
snprintf(err_string, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
LOG_ERROR(errString);
goto clean; goto clean;
} }
//mpz_set_str(msg_mpz,"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a", 16);
signature_sign(sign, msg_mpz, skey_mpz, curve);
signature_extract_public_key(publicKey, skey_mpz, curve); sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);
if (!signature_verify(msg_mpz, sign, publicKey, curve)) { if (status != SGX_SUCCESS) {
*errStatus = -2; *errStatus = status;
snprintf(err_string, BUF_LEN, "signature is not verified"); snprintf(errString, BUF_LEN,
"sgx_unseal_data failed for encryptedPrivateKey:status %d", status);
LOG_ERROR(errString);
goto clean;
}
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed");
LOG_ERROR(errString);
goto clean; goto clean;
} }
//char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2];
//char* px = mpz_get_str(arr_x, 16, Pkey->x);
//snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x);
arr_m = calloc(mpz_sizeinbase(msg_mpz, 16) + 2 ,1);
mpz_get_str(arr_m, 16, msg_mpz);
//snprintf(err_string, BUF_LEN, "message is %s ", arr_m);
arr_r = calloc(mpz_sizeinbase(sign->r, base) + 2,1); signature_sign(sign, msgMpz, privateKeyMpz, curve);
mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024); signature_extract_public_key(publicKey, privateKeyMpz, curve);
arr_s = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arr_s, base, sign->s); if (!signature_verify(msgMpz, sign, publicKey, curve)) {
strncpy(sig_s, arr_s, 1024); *errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified");
LOG_WARN(errString);
goto clean;
}
arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1);
mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v; *sig_v = sign->v;
clean: clean:
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
mpz_clear(msg_mpz); mpz_clear(msgMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
point_clear(publicKey); point_clear(publicKey);
free(secretKey);
signature_free(sign); signature_free(sign);
if (arr_m != NULL) { if (privateKey)
free(arr_m); free(privateKey);
}
if (arr_r != NULL) {
free(arr_r); if (arrR) {
free(arrR);
} }
if (arr_s != NULL) { if (arrS) {
free(arr_s); free(arrS);
} }
return; return;
...@@ -386,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -386,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key,
} }
void trustedEncryptKey(int *errStatus, char *err_string, char *key, void trustedEncryptKey(int *errStatus, char *errString, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN); memset(errString, 0, BUF_LEN);
checkKey(errStatus, err_string, key); checkKey(errStatus, errString, key);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed"); snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
return; return;
} }
...@@ -407,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, ...@@ -407,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG; *errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; return;
} }
memset(encrypted_key, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen,
(sgx_sealed_data_t *) encrypted_key); (sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = SEAL_KEY_FAILED; *errStatus = SEAL_KEY_FAILED;
snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status); snprintf(errString, BUF_LEN, "SGX seal data failed with status %d", status);
return; return;
} }
...@@ -427,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, ...@@ -427,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
char decryptedKey[BUF_LEN]; char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN); memset(decryptedKey, 0, BUF_LEN);
trustedDecryptKey(errStatus, err_string, encrypted_key, sealedLen, decryptedKey); trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, ":trustedDecryptKey failed"); snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed");
return; return;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) { if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return; return;
} }
...@@ -445,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, ...@@ -445,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return; return;
} }
*errStatus = 0; *errStatus = 0;
} }
void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -462,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -462,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
*errStatus = -9; *errStatus = -9;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; return;
} }
//snprintf(err_string, BUF_LEN, "decr key is %s", key); //snprintf(errString, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return; return;
} }
...@@ -484,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -484,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; return;
} }
...@@ -494,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -494,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
} }
void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_key, void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
...@@ -507,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ ...@@ -507,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
trustedDecryptKey(errStatus, err_string, encrypted_key, enc_len, key); trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) { if (*errStatus != 0) {
strncpy(signature, err_string, BUF_LEN); strncpy(signature, errString, BUF_LEN);
return; return;
} }
...@@ -526,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ ...@@ -526,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
free(sig); free(sig);
} }
void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -537,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk ...@@ -537,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
return; return;
} }
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, uint32_t sealedLen = sgx_calc_sealed_data_size(0,
DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret); DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret);
...@@ -546,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk ...@@ -546,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
(sgx_sealed_data_t *) encrypted_dkg_secret); (sgx_sealed_data_t *) encrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX seal data failed"); snprintf(errString, BUF_LEN, "SGX seal data failed");
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -555,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk ...@@ -555,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
//free(dkg_secret); //free(dkg_secret);
} }
void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -566,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte ...@@ -566,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len); (const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -574,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte ...@@ -574,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
*dec_len = decr_len; *dec_len = decr_len;
} }
void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares, char *secret_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
...@@ -583,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted ...@@ -583,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return; return;
} }
*dec_len = decr_len; *dec_len = decr_len;
// strncpy(err_string, decrypted_dkg_secret, 1024); // strncpy(errString, decrypted_dkg_secret, 1024);
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n); calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
//free(decrypted_dkg_secret); //free(decrypted_dkg_secret);
} }
void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
...@@ -605,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted ...@@ -605,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
return; return;
} }
//strncpy(err_string, decrypted_dkg_secret, 1024); //strncpy(errString, decrypted_dkg_secret, 1024);
// strncpy(err_string, "before calc_public_shares ", 1024); // strncpy(errString, "before calc_public_shares ", 1024);
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return; return;
} }
free(decrypted_dkg_secret); free(decrypted_dkg_secret);
} }
void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encrypted_poly) { void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len; uint32_t decr_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
...@@ -629,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry ...@@ -629,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return; return;
} }
} }
void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -648,7 +674,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e ...@@ -648,7 +674,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
uint32_t enc_len; uint32_t enc_len;
trustedGenerateEcdsaKey(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) { if (*errStatus != 0) {
return; return;
} }
...@@ -659,11 +685,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e ...@@ -659,11 +685,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
(const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len); (const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
char *common_key[ECDSA_SKEY_LEN]; char *common_key[ECDSA_SKEY_LEN];
gen_session_key(skey, pub_keyB, common_key); gen_session_key(skey, pub_keyB, common_key);
...@@ -672,14 +698,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e ...@@ -672,14 +698,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "\nt does not match poly degree\n"); snprintf(errString, BUF_LEN, "\nt does not match poly degree\n");
return; return;
} }
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) { if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share\n"); snprintf(errString, BUF_LEN, "invalid decr secret share\n");
return; return;
} }
...@@ -687,7 +713,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e ...@@ -687,7 +713,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
xor_encrypt(common_key, s_share, cypher); xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) { if (cypher == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
...@@ -698,7 +724,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e ...@@ -698,7 +724,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
} }
void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len, uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) { char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
...@@ -709,9 +735,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt ...@@ -709,9 +735,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
char decrypted_dkg_secret[DKG_BUFER_LENGTH]; char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len; uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) { if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return; return;
} }
...@@ -719,18 +745,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt ...@@ -719,18 +745,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
} }
void trustedDkgVerify(int *errStatus, char *err_string, const char *public_shares, const char *s_share, void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t key_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return; return;
} }
...@@ -744,14 +770,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share ...@@ -744,14 +770,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
common_key[ECDSA_SKEY_LEN - 1] = 0; common_key[ECDSA_SKEY_LEN - 1] = 0;
if (common_key == NULL) { if (common_key == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
...@@ -763,28 +789,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share ...@@ -763,28 +789,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
mpz_init(s); mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) { if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s); mpz_clear(s);
return; return;
} }
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "common_key in verification is %s", common_key); snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
} }
void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return; return;
} }
...@@ -810,7 +836,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -810,7 +836,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
if (common_key == NULL) { if (common_key == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum); mpz_clear(sum);
return; return;
} }
...@@ -820,7 +846,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -820,7 +846,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum); mpz_clear(sum);
return; return;
} }
...@@ -829,7 +855,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -829,7 +855,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_init(decr_secret_share); mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decrypted secret share"); snprintf(errString, BUF_LEN, "invalid decrypted secret share");
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
return; return;
} }
...@@ -849,7 +875,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -849,7 +875,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key); char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
...@@ -857,7 +883,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -857,7 +883,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
(sgx_sealed_data_t *) encr_bls_key); (sgx_sealed_data_t *) encr_bls_key);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "seal bls private key failed with status %d ", status); snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status);
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
...@@ -871,7 +897,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, ...@@ -871,7 +897,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_clear(q); mpz_clear(q);
} }
void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -880,21 +906,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke ...@@ -880,21 +906,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke
uint32_t len = key_len; uint32_t len = key_len;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey_hex, &len); (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey_hex, &len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; return;
} }
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key"); snprintf(errString, BUF_LEN, "could not calculate bls public key");
return; return;
} }
} }
void trustedGenerateSEK(int *errStatus, char *err_string, void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -915,7 +941,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, ...@@ -915,7 +941,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed"); snprintf(errString, BUF_LEN, "seal SEK failed");
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -925,7 +951,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, ...@@ -925,7 +951,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
} }
void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len) { void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -936,7 +962,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin ...@@ -936,7 +962,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len); (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "sgx unseal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status);
return; return;
} }
...@@ -945,7 +971,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin ...@@ -945,7 +971,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
} }
void trustedSetSEK_backup(int *errStatus, char *err_string, void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -958,7 +984,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, ...@@ -958,7 +984,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK); (sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status); snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -966,8 +992,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, ...@@ -966,8 +992,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
*enc_len = sealedLen; *enc_len = sealedLen;
} }
void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -996,10 +1022,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, ...@@ -996,10 +1022,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t base = 16; uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2; int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len); //snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len]; char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x); char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x); int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) { for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0'; pub_key_x[i] = '0';
...@@ -1016,21 +1042,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, ...@@ -1016,21 +1042,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encrypted_key); int stat = AES_encrypt(skey_str, encryptedPrivateKey);
if (stat != 0) { if (stat != 0) {
snprintf(err_string, BUF_LEN, "ecdsa private key encryption failed"); snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat; *errStatus = stat;
return; return;
} }
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encrypted_key, *enc_len, skey_str); stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) { if (stat != 0) {
snprintf(err_string + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
//*errStatus = stat; //*errStatus = stat;
return; return;
} }
...@@ -1040,8 +1066,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, ...@@ -1040,8 +1066,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
point_clear(Pkey); point_clear(Pkey);
} }
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encrypted_key, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1050,38 +1076,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, ...@@ -1050,38 +1076,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) { if (status != 0) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(err_string, skey, 1024); strncpy(errString, skey, 1024);
mpz_t skey_mpz; mpz_t privateKeyMpz;
mpz_init(skey_mpz); mpz_init(privateKeyMpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey); snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey);
*errStatus = -10; *errStatus = -10;
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
return; return;
} }
//Public key //Public key
point Pkey = point_init(); point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init(); point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve); point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) { if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal"); snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11; *errStatus = -11;
return; return;
} }
...@@ -1108,13 +1134,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, ...@@ -1108,13 +1134,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
} }
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
point_clear(Pkey); point_clear(Pkey);
} }
void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len, void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1123,88 +1149,88 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke ...@@ -1123,88 +1149,88 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; return;
} }
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0'; skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0';
snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t skey_mpz; mpz_t privateKeyMpz;
mpz_init(skey_mpz); mpz_init(privateKeyMpz);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid secret key"); snprintf(errString, BUF_LEN, "invalid secret key");
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
return; return;
} }
mpz_t msg_mpz; mpz_t msgMpz;
mpz_init(msg_mpz); mpz_init(msgMpz);
if (mpz_set_str(msg_mpz, hash, 16) == -1) { if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid message hash"); snprintf(errString, BUF_LEN, "invalid message hash");
mpz_clear(msg_mpz); mpz_clear(msgMpz);
return; return;
} }
signature sign = signature_init(); signature sign = signature_init();
signature_sign(sign, msg_mpz, skey_mpz, curve); signature_sign(sign, msgMpz, privateKeyMpz, curve);
point Pkey = point_init(); point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve); signature_extract_public_key(Pkey, privateKeyMpz, curve);
if (!signature_verify(msg_mpz, sign, Pkey, curve)) { if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2; *errStatus = -2;
snprintf(err_string, BUF_LEN, "signature is not verified! "); snprintf(errString, BUF_LEN, "signature is not verified! ");
return; return;
} }
char arr_m[mpz_sizeinbase(msg_mpz, 16) + 2]; char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
char *msg = mpz_get_str(arr_m, 16, msg_mpz); char *msg = mpz_get_str(arrM, 16, msgMpz);
snprintf(err_string, BUF_LEN, "message is %s ", arr_m); snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arr_r[mpz_sizeinbase(sign->r, base) + 2]; char arrR[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arr_r, base, sign->r); char *r = mpz_get_str(arrR, base, sign->r);
strncpy(sig_r, arr_r, 1024); strncpy(sigR, arrR, 1024);
char arr_s[mpz_sizeinbase(sign->s, base) + 2]; char arrS[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arr_s, base, sign->s); char *s = mpz_get_str(arrS, base, sign->s);
strncpy(sig_s, arr_s, 1024); strncpy(sigS, arrS, 1024);
*sig_v = sign->v; *sig_v = sign->v;
mpz_clear(skey_mpz); mpz_clear(privateKeyMpz);
mpz_clear(msg_mpz); mpz_clear(msgMpz);
domain_parameters_clear(curve); domain_parameters_clear(curve);
signature_free(sign); signature_free(sign);
point_clear(Pkey); point_clear(Pkey);
} }
void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encrypted_key, uint32_t *enc_len) { uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN); memset(errString, 0, BUF_LEN);
memset(encrypted_key, 0, BUF_LEN); memset(encryptedPrivateKey, 0, BUF_LEN);
int stat = AES_encrypt(key, encrypted_key); int stat = AES_encrypt(key, encryptedPrivateKey);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat); snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
return; return;
} }
...@@ -1213,18 +1239,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, ...@@ -1213,18 +1239,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
char decryptedKey[BUF_LEN]; char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN); memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey); stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
snprintf(err_string, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat);
return; return;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) { if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return; return;
} }
...@@ -1232,32 +1258,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, ...@@ -1232,32 +1258,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
*errStatus = -8; *errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return; return;
} }
*errStatus = 0; *errStatus = 0;
} }
void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) { uint32_t enc_len, char *key) {
uint32_t decLen; uint32_t decLen;
*errStatus = -9; *errStatus = -9;
int status = AES_decrypt(encrypted_key, enc_len, key); int status = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; return;
} }
if (decLen > MAX_KEY_LENGTH) { if (decLen > MAX_KEY_LENGTH) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return; return;
} }
...@@ -1268,16 +1294,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k ...@@ -1268,16 +1294,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k
if (keyLen == MAX_KEY_LENGTH) { if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated"); snprintf(errString, BUF_LEN, "Key is not null terminated");
return; return;
} }
*errStatus = 0; *errStatus = 0;
memcpy(err_string, AES_key, 1024); memcpy(errString, AES_key, 1024);
} }
void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypted_key, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) { char *_hashY, char *signature) {
...@@ -1288,11 +1314,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt ...@@ -1288,11 +1314,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
char sig[BUF_LEN]; char sig[BUF_LEN];
memset(sig, 0, BUF_LEN); memset(sig, 0, BUF_LEN);
int stat = AES_decrypt(encrypted_key, enc_len, key); int stat = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (stat != 0) { if (stat != 0) {
*errStatus = stat; *errStatus = stat;
strncpy(signature, err_string, BUF_LEN); strncpy(signature, errString, BUF_LEN);
return; return;
} }
...@@ -1308,7 +1334,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt ...@@ -1308,7 +1334,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
} }
void void
trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1320,12 +1346,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ ...@@ -1320,12 +1346,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
return; return;
} }
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret); int status = AES_encrypt(dkg_secret, encrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX AES encrypt DKG poly failed"); snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -1338,14 +1364,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ ...@@ -1338,14 +1364,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret); status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt dkg poly failed"); snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
*errStatus = status; *errStatus = status;
return; return;
} }
if (strcmp(dkg_secret, decr_dkg_secret) != 0) { if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,
"encrypted poly is not equal to decrypted poly"); "encrypted poly is not equal to decrypted poly");
*errStatus = -333; *errStatus = -333;
} }
...@@ -1354,7 +1380,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ ...@@ -1354,7 +1380,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
} }
void void
trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) { uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1362,14 +1388,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_ ...@@ -1362,14 +1388,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret); int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
} }
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *encrypted_poly, uint64_t *enc_len) { void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1378,12 +1404,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en ...@@ -1378,12 +1404,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return; return;
} }
} }
void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
...@@ -1395,7 +1421,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t ...@@ -1395,7 +1421,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
uint32_t enc_len; uint32_t enc_len;
trustedGenerateEcdsaKeyAES(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) { if (*errStatus != 0) {
return; return;
} }
...@@ -1405,11 +1431,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t ...@@ -1405,11 +1431,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
*dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; *dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
...@@ -1422,14 +1448,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t ...@@ -1422,14 +1448,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, decryptedDkgPoly); snprintf(errString, BUF_LEN, decryptedDkgPoly);
return; return;
} }
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) { if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
return; return;
} }
...@@ -1437,7 +1463,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t ...@@ -1437,7 +1463,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
xor_encrypt(common_key, s_share, cypher); xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) { if (cypher == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
...@@ -1449,7 +1475,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t ...@@ -1449,7 +1475,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
} }
void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
...@@ -1463,33 +1489,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp ...@@ -1463,33 +1489,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return; return;
} }
} }
void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_shares, const char *s_share, void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int *result) { uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN); memset(skey, 0, ECDSA_SKEY_LEN);
int status = AES_decrypt(encrypted_key, enc_len, skey); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status; *errStatus = status;
return; return;
} }
...@@ -1506,7 +1532,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh ...@@ -1506,7 +1532,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
if (common_key == NULL || strlen(common_key) == 0) { if (common_key == NULL || strlen(common_key) == 0) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
...@@ -1515,7 +1541,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh ...@@ -1515,7 +1541,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
return; return;
} }
...@@ -1523,27 +1549,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh ...@@ -1523,27 +1549,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
mpz_init(s); mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) { if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share"); snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s); mpz_clear(s);
return; return;
} }
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "secret share dec %s", public_shares); snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
} }
void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shares, void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN]; char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, key_len, skey); int status = AES_decrypt(encryptedPrivateKey, key_len, skey);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = status; *errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return; return;
} }
skey[ECDSA_SKEY_LEN - 1] = 0; skey[ECDSA_SKEY_LEN - 1] = 0;
...@@ -1571,7 +1597,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1571,7 +1597,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (common_key == NULL) { if (common_key == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum); mpz_clear(sum);
return; return;
} }
...@@ -1581,7 +1607,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1581,7 +1607,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
xor_decrypt(common_key, encr_sshare, decr_sshare); xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) { if (decr_sshare == NULL) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key"); snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum); mpz_clear(sum);
return; return;
} }
...@@ -1591,8 +1617,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1591,8 +1617,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
mpz_init(decr_secret_share); mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 111; *errStatus = 111;
//snprintf(err_string, BUF_LEN ,"invalid decrypted secret share"); //snprintf(errString, BUF_LEN ,"invalid decrypted secret share");
snprintf(err_string, BUF_LEN, decr_sshare); snprintf(errString, BUF_LEN, decr_sshare);
mpz_clear(decr_secret_share); mpz_clear(decr_secret_share);
return; return;
} }
...@@ -1612,7 +1638,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1612,7 +1638,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key); char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
...@@ -1620,7 +1646,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1620,7 +1646,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
mpz_clear(bls_key); mpz_clear(bls_key);
mpz_clear(sum); mpz_clear(sum);
mpz_clear(q); mpz_clear(q);
...@@ -1634,7 +1660,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar ...@@ -1634,7 +1660,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
} }
void void
trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__); LOG_DEBUG (__FUNCTION__);
...@@ -1642,10 +1668,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -1642,10 +1668,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
uint32_t len = key_len; uint32_t len = key_len;
int status = AES_decrypt(encrypted_key, key_len, skey_hex); int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
*errStatus = 1; *errStatus = 1;
snprintf(err_string, BUF_LEN, "aes_decrypt failed with status %d", status); snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
return; return;
} }
...@@ -1653,7 +1679,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, ...@@ -1653,7 +1679,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1; *errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key"); snprintf(errString, BUF_LEN, "could not calculate bls public key");
return; return;
} }
} }
......
testw.cpp
View file @ 94616f97
...@@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") { ...@@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") { TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
HttpClient client(RPC_ENDPOINT); HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2); StubClient c(client, JSONRPC_CLIENT_V2);
REQUIRE(c.getServerVersion()["version"] == SGXWALLET_VERSION); REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion());
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment