Skip to content

S
sgxwallet
Unverified Commit 94616f97 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge branch 'develop' into bug/SKALE-2599-fix-test

parents 1d0a660d 48a895df
Show whitespace changes
Inline Side-by-side
Showing with 730 additions and 597 deletions
codacy.yml .codacy.yml
View file @ 94616f97
......@@ -2,3 +2,4 @@
exclude_paths:
- 'scripts/**'
- '.github/**'
- 'trusted_libff/**'
.gitignore
View file @ 94616f97
# Created by .ignore support plugin (hsz.mobi)
.idea/
sgx-gmp/
gmp-build
tgmp-build
install-sh
config.log
config.status
Makefile.in
Makefile
secure_enclave_u.h
secure_enclave_u.c
secure_enclave.edl
am--include-marker
*.o
aclocal.m4
missing
compile
depcomp
ltmain.sh
secure_enclave.signed.so
sgxgmpmath
sgxgmppi
.deps
CMakeCache.txt
cmake_install.cmake
sgxd.cbp
sgx-gmp
sgx-sdk-build
secure_enclave/Makefile
secure_enclave/secure_enclave.signed.so
secure_enclave/secure_enclave.so
secure_enclave/secure_enclave_t.c
secure_enclave/secure_enclave_t.h
sgxd
cert/SGXServerCertificate*
autom4te.cache
sgxwallet
testw
configure
jsonrpc/zlib
jsonrpc/argtable2
jsonrpc/jsoncpp
jsonrpc/libjson-rpc-cpp
jsonrpc/curl-from-git.tar.gz
jsonrpc/curl
jsonrpc/libmicrohttpd
secure_enclave/.deps
test-driver
/.idea/
/cmake-build-debug/
/build/
/sgx_data/
/jsonrpc/
/gmp-build/
/tgmp-build/
/install-sh
/config.log
/config.status
/Makefile.in
/Makefile
/secure_enclave_u.h
/secure_enclave_u.c
/secure_enclave.edl
/am--include-marker
/*.o
/*.m4
/missing
/compile
/depcomp
/ltmain.sh
/secure_enclave.signed.so
/sgxgmpmath
/sgxgmppi
/.deps
/CMakeCache.txt
/cmake_install.cmake
/sgxd.cbp
/sgx-gmp/
/sgx-sdk-build/
/secure_enclave/Makefile
/secure_enclave/secure_enclave.signed.so
/secure_enclave/secure_enclave.so
/secure_enclave/secure_enclave_t.c
/secure_enclave/secure_enclave_t.h
/sgxd
/cert/SGXServerCertificate*
/autom4te.cache
/sgxwallet
/testw
/configure
/secure_enclave/.deps
/test-driver
/intel-sgx-ssl/
/m4
/.testw.py.swp
/cert_util
Dockerfile
View file @ 94616f97
FROM skalenetwork/sgxwallet_base:latest
COPY . /usr/src/sdk
WORKDIR /usr/src/sdk
RUN ccache -sz
RUN touch /var/hwmode
COPY *.cpp ./
COPY *.h ./
COPY *.txt ./
COPY *.c ./
COPY *.am ./
COPY *.hpp ./
COPY *.gmp ./
COPY *.ac ./
COPY *.json ./
COPY docker ./docker
COPY build-aux ./build-aux
COPY cert ./cert
COPY jsonrpc ./jsonrpc
COPY autoconf.bash ./
COPY leveldb ./leveldb
COPY m4 ./m4
COPY scripts ./scripts
COPY secure_enclave ./secure_enclave
COPY spdlog ./spdlog
COPY SGXWALLET_VERSION ./
RUN ./autoconf.bash
RUN ./configure
......
ECDSACrypto.cpp
View file @ 94616f97
......@@ -32,13 +32,15 @@
#include <random>
#include "spdlog/spdlog.h"
#include "common.h"
#include "secure_enclave/Verify.h"
#include "BLSCrypto.h"
#include "ECDSACrypto.h"
#include "ECDSACrypto.h"
string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
......@@ -49,19 +51,19 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) {
}
void fillRandomBuffer(vector<unsigned char>& _buffer) {
ifstream devRandom("/dev/urandom", ios::in|ios::binary);
devRandom.exceptions(std::ifstream::failbit | std::ifstream::badbit);
devRandom.read((char*) _buffer.data(), _buffer.size());
void fillRandomBuffer(vector<unsigned char> &_buffer) {
ifstream devRandom("/dev/urandom", ios::in | ios::binary);
devRandom.exceptions(ifstream::failbit | ifstream::badbit);
devRandom.read((char *) _buffer.data(), _buffer.size());
devRandom.close();
}
std::vector<std::string> genECDSAKey() {
vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0);
int errStatus = 0;
vector<uint8_t> encr_pr_key(1024, 0);
vector<char>pub_key_x(1024, 0);
vector<char>pub_key_y(1024, 0);
vector <uint8_t> encr_pr_key(1024, 0);
vector<char> pub_key_x(1024, 0);
vector<char> pub_key_y(1024, 0);
uint32_t enc_len = 0;
......@@ -77,18 +79,18 @@ std::vector<std::string> genECDSAKey() {
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
std::vector<std::string> keys(3);
vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0);
carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data());
keys.at(0) = hexEncrKey.data();
keys.at(1) = std::string(pub_key_x.data()) + std::string(pub_key_y.data());
keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data());
vector<unsigned char> randBuffer(32,0);
vector<unsigned char> randBuffer(32, 0);
fillRandomBuffer(randBuffer);
vector<char> rand_str(64,0);
vector<char> rand_str(64, 0);
carray2Hex(randBuffer.data(), 32, rand_str.data());
......@@ -99,12 +101,12 @@ std::vector<std::string> genECDSAKey() {
return keys;
}
std::string getECDSAPubKey(const char *_encryptedKeyHex) {
string getECDSAPubKey(const char *_encryptedKeyHex) {
vector<char> errMsg(BUF_LEN, 0);
vector<char> pubKeyX(BUF_LEN, 0);
vector<char> pubKeyY(BUF_LEN, 0);
vector<uint8_t> encrPrKey(BUF_LEN, 0);
vector <uint8_t> encrPrKey(BUF_LEN, 0);
int errStatus = 0;
uint64_t enc_len = 0;
......@@ -116,76 +118,134 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) {
if (!encryptKeys)
status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(),
pubKeyY.data());
else status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
else
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (errStatus != 0) {
throw SGXException(-666, errMsg.data());
}
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//
spdlog::debug("enc_len is {}", enc_len);
spdlog::debug("pubkey is {}", pubKey);
spdlog::debug("pubkey length is {}", pubKey.length());
spdlog::debug("err str is {}", errMsg.data());
spdlog::debug("err status is {}", errStatus);
if (pubKey.size() != 128) {
spdlog::error("Incorrect pub key size", status);
throw SGXException(666, "Incorrect pub key size");
}
return pubKey;
}
vector<string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) {
vector<string> signature_vect(3);
bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
const char *signatureS) {
char *errMsg = (char *) calloc(1024, 1);
int errStatus = 0;
char *signature_r = (char *) calloc(1024, 1);
char *signature_s = (char *) calloc(1024, 1);
uint8_t signature_v = 0;
uint64_t dec_len = 0;
//uint8_t encr_key[BUF_LEN];
uint8_t *encr_key = (uint8_t *) calloc(1024, 1);
if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
bool result = false;
signature sig = signature_init();
auto r = pubKeyStr.substr(0, 64);
auto s = pubKeyStr.substr(64, 128);
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init();
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hashHex, 16) == -1) {
spdlog::error("invalid message hash {}", hashHex);
goto clean;
}
signature_set_str(sig, signatureR, signatureS, 16);
point_set_hex(publicKey, r.c_str(), s.c_str());
if (!signature_verify(msgMpz, sig, publicKey, curve)) {
spdlog::error("ECDSA sig not verified");
goto clean;
}
result = true;
spdlog::debug("encryptedKeyHex: {}", encryptedKeyHex);
spdlog::debug("HASH: {}", hashHex);
spdlog::debug("encrypted len: {}", dec_len);
clean:
mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey);
signature_free(sig);
if (!encryptKeys)
status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base);
else
status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r,
signature_s, &signature_v, base);
if (errStatus != 0) {
throw SGXException(-666, errMsg);
return result;
}
vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) {
vector <string> signatureVector(3);
vector<char> errMsg(1024, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
string pubKeyStr = "";
shared_ptr<SGXException> exception = NULL;
if (!hex2carray(encryptedKeyHex, &decLen, encryptedKey.data())) {
exception = make_shared<SGXException>(INVALID_HEX, "Invalid encryptedKeyHex");
goto clean;
}
pubKeyStr = getECDSAPubKey(encryptedKeyHex);
spdlog::debug("signature r in ecdsa_sign_hash: {}", signature_r);
spdlog::debug("signature s in ecdsa_sign_hash: {}", signature_s);
if (!encryptKeys) {
status = trustedEcdsaSign(eid, &errStatus, errMsg.data(),
encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
} else
status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (errStatus != 0) {
exception = make_shared<SGXException>(666, errMsg.data());
goto clean;
}
if (status != SGX_SUCCESS) {
spdlog::error(" failed to sign ");
spdlog::error("failed to sign {}", status);
exception = make_shared<SGXException>(666, "failed to sign");
goto clean;
}
signature_vect.at(0) = to_string(signature_v);
signatureVector.at(0) = to_string(signatureV);
if (base == 16) {
signature_vect.at(1) = "0x" + string(signature_r);
signature_vect.at(2) = "0x" + string(signature_s);
signatureVector.at(1) = "0x" + string(signatureR.data());
signatureVector.at(2) = "0x" + string(signatureS.data());
} else {
signature_vect.at(1) = string(signature_r);
signature_vect.at(2) = string(signature_s);
signatureVector.at(1) = string(signatureR.data());
signatureVector.at(2) = string(signatureS.data());
}
free(errMsg);
free(signature_r);
free(signature_s);
free(encr_key);
/* Now verify signature */
if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
exception = make_shared<SGXException>(667, "ECDSA did not verify");
goto clean;
}
clean:
if (exception)
throw *exception;
return signature_vect;
return signatureVector;
}
\ No newline at end of file
ECDSAImpl.c 0 → 100644
View file @ 94616f97
#include "secure_enclave/Point.c"
#include "secure_enclave/DomainParameters.c"
#include "secure_enclave/NumberTheory.c"
#include "secure_enclave/Signature.c"
#include "secure_enclave/Curves.c"
\ No newline at end of file
Makefile.am
View file @ 94616f97
......@@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am
##
## And a pattern rule for building prexoxy functions from EDL files:
##
## %_u.h %_u.c: %.edl
## %_u.h %_u.c: %.edl34
##
## And sets these Makefile variables:
##
......@@ -33,7 +33,7 @@ SUBDIRS=secure_enclave
##
## SGX_EDGER8R_FLAGS=
WALLET_VERSION := $(shell cat VERSION)
## Needed to make our pattern rule work.
......@@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
#AM_CPPFLAGS += -g -Og
AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault
AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include
## Additional targets to remove with 'make clean'. You must list
## any edger8r generated files here.
......@@ -67,9 +67,11 @@ bin_PROGRAMS = sgxwallet testw cert_util
## have to be explicitly listed.
COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp ECDSACrypto.cpp \
SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \
ECDSACrypto.cpp \
DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \
sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \
ECDSAImpl.c
COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC)
......
README.md
View file @ 94616f97
# sgxwallet: SKALE SGX-based hardware crypto wallet
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
[![Discord](https://img.shields.io/discord/534485763354787851.svg)](https://discord.gg/vvUtWJB)
## Intro
......
SGXWALLET_VERSION deleted 100644 → 0
View file @ 1d0a660d
#define SGXWALLET_VERSION "1.49.5"
SGXWalletServer.cpp
View file @ 94616f97
......@@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
if (!checkName(_keyShareName, "BLS_KEY")) {
throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name");
}
string cutHash = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
string hashTmp = _messageHash;
if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
}
while (cutHash[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
while (hashTmp[0] == '0') {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
}
if (!checkHex(cutHash)) {
if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
......@@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
throw SGXException(UNKNOWN_ERROR, "invalid key name");
}
shared_ptr <string> key_ptr = readFromDb(_tempKeyName);
shared_ptr <string> encryptedKey = readFromDb(_tempKeyName);
writeDataToDB(_keyName, *key_ptr);
writeDataToDB(_keyName, *encryptedKey);
LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName);
} HANDLE_SGX_EXCEPTION(result)
......@@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
result["signature_r"] = "";
result["signature_s"] = "";
vector <string> sign_vect(3);
vector <string> signatureVector(3);
try {
string cutHash = _messageHash;
if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) {
cutHash.erase(cutHash.begin(), cutHash.begin() + 2);
string hashTmp = _messageHash;
if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
}
while (cutHash[0] == '0') {
cutHash.erase(cutHash.begin(), cutHash.begin() + 1);
while (hashTmp[0] == '0') {
hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1);
}
if (!checkECDSAKeyName(_keyName)) {
throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
}
if (!checkHex(cutHash)) {
if (!checkHex(hashTmp)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
if (_base <= 0 || _base > 32) {
throw SGXException(-22, "Invalid base");
}
shared_ptr <string> key_ptr = readFromDb(_keyName, "");
shared_ptr <string> encryptedKey = readFromDb(_keyName, "");
sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base);
if (sign_vect.size() != 3) {
signatureVector = ecdsaSignHash(encryptedKey->c_str(), hashTmp.c_str(), _base);
if (signatureVector.size() != 3) {
throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature");
}
spdlog::debug("got signature_s {}", sign_vect.at(2));
spdlog::debug("got signature_s {}", signatureVector.at(2));
result["signature_v"] = sign_vect.at(0);
result["signature_r"] = sign_vect.at(1);
result["signature_s"] = sign_vect.at(2);
result["signature_v"] = signatureVector.at(0);
result["signature_r"] = signatureVector.at(1);
result["signature_s"] = signatureVector.at(2);
} HANDLE_SGX_EXCEPTION(result)
......@@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t ");
}
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
shared_ptr<string> encrPoly = readFromDb(_polyName);
verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n);
verifVector = get_verif_vect(encrPoly->c_str(), _t, _n);
for (int i = 0; i < _t; i++) {
vector <string> cur_coef = verifVector.at(i);
vector <string> currentCoef = verifVector.at(i);
for (int j = 0; j < 4; j++) {
result["verificationVector"][i][j] = cur_coef.at(j);
result["verificationVector"][i][j] = currentCoef.at(j);
}
}
......@@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
shared_ptr <string> encrPoly = readFromDb(_polyName);
vector <string> pubKeysStrs;
for (int i = 0; i < _n; i++) {
......@@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string s = trustedGetSecretShares(_polyName, encr_poly_ptr->c_str(), pubKeysStrs, _t, _n);
string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
//cerr << "result is " << s << endl;
result["secretShare"] = s;
......@@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() {
return result;
}
Json::Value SGXWalletServer::getServerVersionImpl() {
Json::Value SGXWalletServer::getServerVersionImpl() {
INIT_RESULT(result)
result["version"] = SGXWALLET_VERSION;
result["version"] = TOSTRING(SGXWALLET_VERSION);
return result;
}
......
SGXWalletServer.hpp
View file @ 94616f97
......@@ -33,8 +33,13 @@
using namespace jsonrpc;
using namespace std;
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
class SGXWalletServer : public AbstractStubServer {
recursive_mutex m;
static shared_ptr<SGXWalletServer> server;
......@@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer {
public:
static const char* getVersion() {
return TOSTRING(SGXWALLET_VERSION);
}
SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type);
virtual Json::Value
......
ServerInit.cpp
View file @ 94616f97
......@@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
static int sgxServerInited;
cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl;
cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl;
CHECK_STATE(sgxServerInited == 0)
sgxServerInited = 1;
......
ServerInit.h
View file @ 94616f97
......@@ -25,7 +25,6 @@
#define SGXWALLET_SERVERINIT_H
#include "stdint.h"
#include "SGXWALLET_VERSION"
#ifdef __cplusplus
#define EXTERNC extern "C"
......
VERSION
View file @ 94616f97
1.49
\ No newline at end of file
1.50.2
\ No newline at end of file
common.h
View file @ 94616f97
......@@ -16,7 +16,7 @@
You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file BLSEnclave.cpp
@file common.h
@author Stan Kladko
@date 2020
*/
......@@ -34,10 +34,13 @@ using namespace std;
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h"
#define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}}
inline std::string className(const std::string &prettyFunction) {
size_t colons = prettyFunction.find("::");
if (colons == std::string::npos)
......
docs/building.md
View file @ 94616f97
# Building SGX wallet from source
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
## Clone this repository and its submodules
`git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git`
......@@ -10,8 +12,6 @@
cd scripts; sudo ./install_packages.sh; cd ..
```
## Build dependencies
Dependencies only need to be built once.
......@@ -19,6 +19,7 @@ Dependencies only need to be built once.
```bash
cd scripts; ./build_deps.py; cd ..
```
## Set SGX environment variables
```bash
......@@ -47,7 +48,6 @@ make
The base container includes software common to hardware mode and simulation mode.
```bash
sudo docker build -t sgxwallet_base .
......@@ -66,7 +66,6 @@ sudo docker build -t sgxwalletsim -f ./DockerfileSimulation .
sudo docker build -t sgxwallet -f ./Dockerfile .
```
## Adding new source files
Note that `configure, Makefile` and `Makefile.in` files are created by `automake` tools on the fly.
......
docs/developer_guide.md
View file @ 94616f97
......@@ -9,7 +9,6 @@
- [Contributing source code](../.github/CONTRIBUTING.md)
- [Security Bug Reporting](../SECURITY.md)
## Community
- [SKALE Discord](http://skale.chat)
docs/enabling-sgx.md
View file @ 94616f97
# Enabling SGX
<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
### Verify Intel SGX is enabled in BIOS
......@@ -11,10 +10,11 @@ The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC.
Usually Intel SGX is disabled by default.
To enable:
* find the Intel SGX feature in BIOS Menu
(it is usually under the "Advanced" or "Security" menu)
* Set SGX in BIOS as `enabled` (preferrably) or `software-controlled`.
* save your BIOS settings and exit BIOS.
- find the Intel SGX feature in BIOS Menu
(it is usually under the "Advanced" or "Security" menu)
- Set SGX in BIOS as `enabled` (preferably) or `software-controlled`.
- save your BIOS settings and exit BIOS.
## Enable "software-controlled" SGX
......@@ -42,7 +42,6 @@ Install make and gcc if you do not have it
apt-get install build-essential
```
Run the following command:
```bash
......@@ -64,7 +63,6 @@ git clone https://github.com/intel/linux-sgx-driver
And then follow instructions in README.md
# Troubleshooting Installation
- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog`
......
docs/prerequisites.md
View file @ 94616f97
......@@ -7,7 +7,6 @@ software components. These must be installed and configured before
running sgxwallet.
This document describes how to install and configure these required components.
## Recommended host system
sgxwallet should be ran on Ubuntu 18.04. Sgxwallet has been tested on Ubuntu 18.04.
......@@ -16,8 +15,7 @@ Sgxwallet may run on other Linux distributions,
but the installation process is likely to be more complicated,
and the use of other distributions is not supported by their respective communities at this time.
### Install Docker engine ngine:
### Install Docker engine
Docker engine is pre-installed on Ubuntu 18.04. You can re-install it as
described below
......@@ -28,7 +26,7 @@ sudo apt-get install -y docker-io
To verify a correct installation, run `sudo docker run hello-world`
### Install Docker Compose:
### Install Docker Compose
```bash
sudo apt-get install -y docker-compose
......@@ -38,8 +36,7 @@ To verify a correct installation, run `docker-compose version`
For details on Docker installation, see <https://docs.docker.com/engine/installation/linux/ubuntu> and <https://docs.docker.com/compose/install/#install-compose>
### Verify thatyour machine supports SGX
### Verify SGX support
Install cpuid and libelf-dev packages:
......@@ -47,16 +44,10 @@ Install cpuid and libelf-dev packages:
sudo apt-get install -y libelf-dev cpuid
```
Verify your processor supports Intel SGX with:
Verify processor support of Intel SGX:
```bash
cpuid | grep SGX:
```
The printout shoud read `SGX: Software Guard Extensions supported = true`
The printout should read `SGX: Software Guard Extensions supported = true`
docs/run_in_hardware_mode.md
View file @ 94616f97
......@@ -54,7 +54,6 @@ Note: sgxwallet operates on network ports 1026 (https) and 1027 (http for initia
If you have a firewall on your network, please make sure these ports are open so clients are able to
connect to the server.
## Logging
By default, sgxwallet will log into default Docker logs, which are rotated into four files 10M each.
......
scripts/build_deps.py
View file @ 94616f97
#!/usr/bin/env python
# ------------------------------------------------------------------------------
# Bash script to build cpp-ethereum within TravisCI.
# Copyright (C) 2018-Present SKALE Labs
#
# The documentation for cpp-ethereum is hosted at http://cpp-ethereum.org
# This file is part of sgxwallet.
#
# ------------------------------------------------------------------------------
# This file is part of cpp-ethereum.
#
# cpp-ethereum is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cpp-ethereum is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>
#
# (c) 2016 cpp-ethereum contributors.
# ------------------------------------------------------------------------------
#
# Copyright (C) 2018-2019 SKALE Labs
#
# This file is part of skale-consensus.
#
# skale-consensus is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, eithe r version 3 of the License, or
# libBLS is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# skale-consensus is distributed in the hope that it will be useful,
# sgxwallet is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with skale-consensus. If not, see <http://www.gnu.org/licenses/>.
# You should have received a copy of the GNU Affero General Public License
# along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
#
# @file build.py
# @file build_deps.py
# @author Stan Kladko
# @date 2018
#
......
scripts/docker_build.py
View file @ 94616f97
#!/usr/bin/env python
# ------------------------------------------------------------------------------
# Bash script to build cpp-ethereum within TravisCI.
#
# The documentation for cpp-ethereum is hosted at http://cpp-ethereum.org
#
# ------------------------------------------------------------------------------
# This file is part of cpp-ethereum.
#
# cpp-ethereum is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cpp-ethereum is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>
#
# (c) 2016 cpp-ethereum contributors.
# ------------------------------------------------------------------------------
#
# Copyright (C) 2019-Present SKALE Labs
#
# This file is part of sgxwallet.
#
# sgxwallet is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# sgxwallet is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
#
......
secure_enclave/Curves.c
View file @ 94616f97
......@@ -24,7 +24,13 @@
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Curves.h"
#include "Point.h"
......
secure_enclave/Curves.h
View file @ 94616f97
......@@ -25,6 +25,12 @@
#ifndef SGXWALLET_CURVES_H
#define SGXWALLET_CURVES_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Curves that can be loaded using domain_parameters_load_curve()*/
typedef enum { secp112r1 = 0,
......@@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0,
#define NUMBER_OF_CURVES (secp521r1+1)
/*Load a curve depending on it's curve number, defined by the enum*/
void domain_parameters_load_curve(domain_parameters out, curve_list curve);
EXTERNC void domain_parameters_load_curve(domain_parameters out, curve_list curve);
/* REMARK:
For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes!
......
secure_enclave/DHDkg.c
View file @ 94616f97
......@@ -23,7 +23,11 @@
#include <stdlib.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Curves.h"
......
secure_enclave/DKGUtils.cpp
View file @ 94616f97
......@@ -23,7 +23,12 @@
#include "DKGUtils.h"
#include <sgx_tgmp.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
#include <../trusted_libff/libff/algebra/fields/fp.hpp>
......
secure_enclave/DKGUtils.h
View file @ 94616f97
......@@ -30,7 +30,12 @@
#define EXTERNC
#endif
#include <sgx_tgmp.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
EXTERNC int gen_dkg_poly( char* secret, unsigned _t);
......
secure_enclave/DomainParameters.c
View file @ 94616f97
......@@ -21,7 +21,12 @@
@date 2019
*/
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
......
secure_enclave/DomainParameters.h
View file @ 94616f97
......@@ -23,6 +23,11 @@
#ifndef SGXWALLET_DOMAINPARAMETERS_H
#define SGXWALLET_DOMAINPARAMETERS_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type that represents a point*/
typedef struct point_s* point;
......@@ -48,13 +53,13 @@ struct domain_parameters_s
};
/*Initialize a curve*/
domain_parameters domain_parameters_init();
EXTERNC domain_parameters domain_parameters_init();
/*Sets the name of a curve*/
void domain_parameters_set_name(domain_parameters curve, char* name);
EXTERNC void domain_parameters_set_name(domain_parameters curve, char* name);
/*Set domain parameters from decimal unsigned long ints*/
void domain_parameters_set_ui(domain_parameters curve,
EXTERNC void domain_parameters_set_ui(domain_parameters curve,
char* name,
unsigned long int p,
unsigned long int a,
......@@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve,
unsigned long int h);
/*Set domain parameters from hexadecimal string*/
void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h);
EXTERNC void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h);
/*Release memory*/
void domain_parameters_clear(domain_parameters curve);
EXTERNC void domain_parameters_clear(domain_parameters curve);
#endif
\ No newline at end of file
secure_enclave/EnclaveCommon.cpp
View file @ 94616f97
......@@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) {
EXTERNC void LOG_INFO(char* _msg) {
logMsg(L_INFO, _msg);
};
EXTERNC void LOG_WARNING(char* _msg) {
EXTERNC void LOG_WARN(char* _msg) {
logMsg(L_WARNING, _msg);
};
......
secure_enclave/EnclaveCommon.h
View file @ 94616f97
......@@ -53,7 +53,7 @@ EXTERNC void enclave_init();
EXTERNC void LOG_INFO(char* msg);
EXTERNC void LOG_WARNING(char* _msg);
EXTERNC void LOG_WARN(char* _msg);
EXTERNC void LOG_ERROR(char* _msg);
EXTERNC void LOG_DEBUG(char* _msg);
EXTERNC void LOG_TRACE(char* _msg);
......
secure_enclave/NumberTheory.c
View file @ 94616f97
......@@ -23,8 +23,14 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h"
/*Calculate R = a^k mod P, using repeated square-and-multiply algorithm
......
secure_enclave/Point.c
View file @ 94616f97
......@@ -23,11 +23,16 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <string.h>
#include <assert.h>
#include <stdbool.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "NumberTheory.h"
#include "DomainParameters.h"
......@@ -77,14 +82,14 @@ void point_set(point R, point P)
}
/*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base)
void point_set_str(point p, const char *x, const char *y, int base)
{
mpz_set_str(p->x, x, base);
mpz_set_str(p->y, y, base);
}
/*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y)
void point_set_hex(point p, const char *x, const char *y)
{
point_set_str(p,x,y,16);
}
......
secure_enclave/Point.h
View file @ 94616f97
......@@ -26,56 +26,58 @@
#define SGXWALLET_POINT_H
#include "DomainParameters.h"
/*Initialize a point*/
point point_init();
EXTERNC point point_init();
/*Release point*/
void point_clear(point p);
EXTERNC void point_clear(point p);
/*Set point to be a infinity*/
void point_at_infinity(point p);
EXTERNC void point_at_infinity(point p);
/*Set R to the additive inverse of P, in the curve curve*/
void point_inverse(point R, point P, domain_parameters curve);
EXTERNC void point_inverse(point R, point P, domain_parameters curve);
/*Print point to standart output stream*/
void point_print(point p);
EXTERNC void point_print(point p);
/*Set point from hexadecimal strings*/
void point_set_hex(point p, char *x, char *y);
EXTERNC void point_set_hex(point p, const char *x, const char *y);
/*Set point from decimal unsigned long ints*/
void point_set_ui(point p, unsigned long int x, unsigned long int y);
EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y);
/*Addition of point P + Q = result*/
void point_addition(point result, point P, point Q, domain_parameters curve);
EXTERNC void point_addition(point result, point P, point Q, domain_parameters curve);
/*Set point R = 2P*/
void point_doubling(point R, point P, domain_parameters curve);
EXTERNC void point_doubling(point R, point P, domain_parameters curve);
/*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/
void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve);
EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve);
/*Set point from strings of a base from 2-62*/
void point_set_str(point p, char *x, char *y, int base);
EXTERNC void point_set_str(point p, const char *x, const char *y, int base);
/*Compare two points return 1 if not the same, returns 0 if they are the same*/
bool point_cmp(point P, point Q);
EXTERNC bool point_cmp(point P, point Q);
/*Decompress a point from hexadecimal representation
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/
void point_decompress(point P, char* zPoint, domain_parameters curve);
EXTERNC void point_decompress(point P, char* zPoint, domain_parameters curve);
/*Compress a point to hexadecimal string
*This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/
char* point_compress(point P);
EXTERNC char* point_compress(point P);
/*Make R a copy of P*/
void point_copy(point R, point P);
EXTERNC void point_copy(point R, point P);
/*Set a point from another point*/
void point_set(point R, point P);
EXTERNC void point_set(point R, point P);
#endif
\ No newline at end of file
secure_enclave/Signature.c
View file @ 94616f97
......@@ -23,9 +23,17 @@
#include <stdlib.h>
#include <stdio.h>
#include <../tgmp-build/include/sgx_tgmp.h>
#include <stdbool.h>
#include <assert.h>
#ifdef USER_SPACE
#include <gmp.h>
#else
#include <../tgmp-build/include/sgx_tgmp.h>
#endif
#include "DomainParameters.h"
#include "Point.h"
#include "NumberTheory.h"
......@@ -51,13 +59,13 @@ void signature_print(signature sig) {
}
/*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base) {
void signature_set_str(signature sig, const char *r, const char *s, int base) {
mpz_set_str(sig->r, r, base);
mpz_set_str(sig->s, s, base);
}
/*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s) {
void signature_set_hex(signature sig, const char *r, const char *s) {
signature_set_str(sig, r, s, 16);
}
......@@ -84,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa
point_multiplication(public_key, private_key, curve->G, curve);
}
#ifndef USER_SPACE
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) {
//message must not have a bit length longer than that of n
......@@ -171,13 +180,26 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
}
#endif
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {
//Initialize variables
mpz_t one, w, u1, u2, t, tt2;
mpz_init(one); mpz_init(w); mpz_init(u1);
mpz_init(u2); mpz_init(t); mpz_init(tt2);
mpz_init(one);
mpz_init(w);
mpz_init(u1);
mpz_init(u2);
mpz_init(t);
mpz_init(tt2);
mpz_set_ui(one, 1);
......@@ -224,15 +246,15 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par
point_clear(t1);
point_clear(t2);
mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t);
mpz_clear(one);
mpz_clear(w);
mpz_clear(u1);
mpz_clear(u2);
mpz_clear(t);
mpz_clear(tt2);
return result;
}
/*Release signature*/
void signature_free(signature sig) {
mpz_clear(sig->r);
mpz_clear(sig->s);
free(sig);
}
secure_enclave/Signature.h
View file @ 94616f97
......@@ -24,6 +24,12 @@
#ifndef SGXWALLET_SIGNATURE_H
#define SGXWALLET_SIGNATURE_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
/*Type for representing a signature*/
struct signature_s
{
......@@ -35,36 +41,36 @@ struct signature_s
typedef struct signature_s* signature;
/*Initialize a signature*/
signature signature_init();
EXTERNC signature signature_init();
/*Set signature from strings of a base from 2-62*/
void signature_set_str(signature sig, char *r, char *s, int base);
EXTERNC void signature_set_str(signature sig, const char *r, const char *s, int base);
/*Set signature from hexadecimal strings*/
void signature_set_hex(signature sig, char *r, char *s);
EXTERNC void signature_set_hex(signature sig, const char *r, const char *s);
/*Set signature from decimal unsigned long ints*/
void signature_set_ui(signature sig, unsigned long int r, unsigned long int s);
EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s);
/*Print signature to standart output stream*/
void signature_print(signature sig);
EXTERNC void signature_print(signature sig);
/*Make R a copy of P*/
void signature_copy(signature R, signature sig);
EXTERNC void signature_copy(signature R, signature sig);
/*Compare two signatures return 1 if not the same, returns 0 if they are the same*/
bool signature_cmp(signature sig1, signature sig2);
EXTERNC bool signature_cmp(signature sig1, signature sig2);
/*Release signature*/
void signature_free(signature sig);
EXTERNC void signature_free(signature sig);
/*Generates a public key for a private key*/
void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve);
EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve);
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve);
EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve);
/*Verify the integrity of a message using it's signature*/
bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve);
EXTERNC bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve);
#endif
secure_enclave/Verify.h 0 → 100644
View file @ 94616f97
/*
Copyright (C) 2019-Present SKALE Labs
This file is part of sgxwallet.
sgxwallet is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
sgxwallet is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with sgxwallet. If not, see <https://www.gnu.org/licenses/>.
@file Verify.h
@author Stan Kladko
@date 2020
*/
#ifndef SGXWALLET_VERIFY_H
#define SGXWALLET_VERIFY_H
#define USER_SPACE 1
#include "secure_enclave/Point.h"
#include "secure_enclave/DomainParameters.h"
#include "secure_enclave/NumberTheory.h"
#include "secure_enclave/Signature.h"
#include "secure_enclave/Curves.h"
#endif //SGXWALLET_VERIFY_H
secure_enclave/secure_enclave.c
View file @ 94616f97
......@@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGenerateEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen,
(sgx_sealed_data_t *) encrypted_key);
(sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal ecsdsa private key failed");
snprintf(errString, BUF_LEN, "seal ecsdsa private key failed");
*errStatus = status;
return;
}
......@@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string,
}
void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &dec_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
*errStatus = status;
return;
}
//strncpy(err_string, skey, 1024);
//strncpy(errString, skey, 1024);
mpz_t skey_mpz;
mpz_init(skey_mpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key");
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key");
*errStatus = -10;
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
return;
}
//Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve);
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal");
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
return;
}
......@@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
int base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -281,104 +281,130 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string,
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) {
void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
char* arr_m = NULL;
char* arr_r = NULL;
char* arr_s;
char* arrM = NULL;
char* arrR = NULL;
char* arrS = NULL;
char* privateKey = calloc(ECDSA_SKEY_LEN,1);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
mpz_t msgMpz;
mpz_t skey_mpz;
mpz_init(skey_mpz);
mpz_t msg_mpz;
mpz_init(msg_mpz);
signature sign = signature_init();
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
point publicKey = point_init();
char* secretKey = calloc(ECDSA_SKEY_LEN,1);
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len);
if (!hash) {
*errStatus = 1;
char* msg = "NULL message hash";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_key with status %d", status);
if (strnlen(hash, 64 ) > 64) {
*errStatus = 2;
char* msg = "Hash too long";
LOG_ERROR(msg);
snprintf(errString, BUF_LEN, msg);
goto clean;
}
//snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_init(msgMpz);
if (mpz_set_str(skey_mpz, secretKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid secret key");
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "invalid message hash %s", hash);
LOG_WARN(errString);
goto clean;
}
if (mpz_set_str(msg_mpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid message hash");
if (!encryptedPrivateKey) {
*errStatus = 3;
snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key");
LOG_ERROR(errString);
goto clean;
}
//mpz_set_str(msg_mpz,"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a", 16);
signature_sign(sign, msg_mpz, skey_mpz, curve);
signature_extract_public_key(publicKey, skey_mpz, curve);
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len);
if (!signature_verify(msg_mpz, sign, publicKey, curve)) {
*errStatus = -2;
snprintf(err_string, BUF_LEN, "signature is not verified");
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(errString, BUF_LEN,
"sgx_unseal_data failed for encryptedPrivateKey:status %d", status);
LOG_ERROR(errString);
goto clean;
}
if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed");
LOG_ERROR(errString);
goto clean;
}
//char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2];
//char* px = mpz_get_str(arr_x, 16, Pkey->x);
//snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x);
arr_m = calloc(mpz_sizeinbase(msg_mpz, 16) + 2 ,1);
mpz_get_str(arr_m, 16, msg_mpz);
//snprintf(err_string, BUF_LEN, "message is %s ", arr_m);
arr_r = calloc(mpz_sizeinbase(sign->r, base) + 2,1);
mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024);
signature_sign(sign, msgMpz, privateKeyMpz, curve);
signature_extract_public_key(publicKey, privateKeyMpz, curve);
arr_s = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arr_s, base, sign->s);
strncpy(sig_s, arr_s, 1024);
if (!signature_verify(msgMpz, sign, publicKey, curve)) {
*errStatus = 2;
snprintf(errString, BUF_LEN, "ECDSA sig not verified");
LOG_WARN(errString);
goto clean;
}
arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1);
mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1);
mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v;
clean:
mpz_clear(skey_mpz);
mpz_clear(msg_mpz);
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
point_clear(publicKey);
free(secretKey);
signature_free(sign);
if (arr_m != NULL) {
free(arr_m);
}
if (arr_r != NULL) {
free(arr_r);
if (privateKey)
free(privateKey);
if (arrR) {
free(arrR);
}
if (arr_s != NULL) {
free(arr_s);
if (arrS) {
free(arrS);
}
return;
......@@ -386,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key,
}
void trustedEncryptKey(int *errStatus, char *err_string, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
void trustedEncryptKey(int *errStatus, char *errString, char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN);
memset(errString, 0, BUF_LEN);
checkKey(errStatus, err_string, key);
checkKey(errStatus, errString, key);
if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
return;
}
......@@ -407,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
if (sealedLen > BUF_LEN) {
*errStatus = ENCRYPTED_KEY_TOO_LONG;
snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return;
}
memset(encrypted_key, 0, BUF_LEN);
memset(encryptedPrivateKey, 0, BUF_LEN);
sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen,
(sgx_sealed_data_t *) encrypted_key);
(sgx_sealed_data_t *) encryptedPrivateKey);
if (status != SGX_SUCCESS) {
*errStatus = SEAL_KEY_FAILED;
snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status);
snprintf(errString, BUF_LEN, "SGX seal data failed with status %d", status);
return;
}
......@@ -427,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
trustedDecryptKey(errStatus, err_string, encrypted_key, sealedLen, decryptedKey);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey);
if (*errStatus != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, ":trustedDecryptKey failed");
snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed");
return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return;
}
......@@ -445,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key,
*errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return;
}
*errStatus = 0;
}
void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
LOG_DEBUG (__FUNCTION__);
......@@ -462,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
*errStatus = -9;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return;
}
//snprintf(err_string, BUF_LEN, "decr key is %s", key);
//snprintf(errString, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
......@@ -484,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated");
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
}
......@@ -494,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key,
}
void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
......@@ -507,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
trustedDecryptKey(errStatus, err_string, encrypted_key, enc_len, key);
trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key);
if (*errStatus != 0) {
strncpy(signature, err_string, BUF_LEN);
strncpy(signature, errString, BUF_LEN);
return;
}
......@@ -526,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_
free(sig);
}
void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
......@@ -537,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
return;
}
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
uint32_t sealedLen = sgx_calc_sealed_data_size(0,
DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret);
......@@ -546,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
(sgx_sealed_data_t *) encrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX seal data failed");
snprintf(errString, BUF_LEN, "SGX seal data failed");
*errStatus = status;
return;
}
......@@ -555,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk
//free(dkg_secret);
}
void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -566,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
(const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
......@@ -574,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte
*dec_len = decr_len;
}
void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
char *secret_shares,
unsigned _t, unsigned _n) {
......@@ -583,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return;
}
*dec_len = decr_len;
// strncpy(err_string, decrypted_dkg_secret, 1024);
// strncpy(errString, decrypted_dkg_secret, 1024);
calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
//free(decrypted_dkg_secret);
}
void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
......@@ -605,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
return;
}
//strncpy(err_string, decrypted_dkg_secret, 1024);
// strncpy(err_string, "before calc_public_shares ", 1024);
//strncpy(errString, decrypted_dkg_secret, 1024);
// strncpy(errString, "before calc_public_shares ", 1024);
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db");
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return;
}
free(decrypted_dkg_secret);
}
void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encrypted_poly) {
void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
uint32_t decr_len;
sgx_status_t status = sgx_unseal_data(
......@@ -629,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len,
void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
LOG_DEBUG (__FUNCTION__);
......@@ -648,7 +674,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
uint32_t enc_len;
trustedGenerateEcdsaKey(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) {
return;
}
......@@ -659,11 +685,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
(const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status);
*errStatus = status;
return;
}
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey);
snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
char *common_key[ECDSA_SKEY_LEN];
gen_session_key(skey, pub_keyB, common_key);
......@@ -672,14 +698,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "\nt does not match poly degree\n");
snprintf(errString, BUF_LEN, "\nt does not match poly degree\n");
return;
}
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share);
snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share\n");
snprintf(errString, BUF_LEN, "invalid decr secret share\n");
return;
}
......@@ -687,7 +713,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -698,7 +724,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e
}
void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret,
uint32_t *dec_len,
char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) {
......@@ -709,9 +735,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
char decrypted_dkg_secret[DKG_BUFER_LENGTH];
uint32_t decr_len;
trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len);
if (*errStatus != 0) {
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus);
return;
}
......@@ -719,18 +745,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt
}
void trustedDkgVerify(int *errStatus, char *err_string, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t key_len, unsigned _t, int _ind, int *result) {
void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return;
}
......@@ -744,14 +770,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
common_key[ECDSA_SKEY_LEN - 1] = 0;
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -763,28 +789,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s);
return;
}
*result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "common_key in verification is %s", common_key);
snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
}
void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status);
return;
}
......@@ -810,7 +836,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -820,7 +846,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -829,7 +855,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decrypted secret share");
snprintf(errString, BUF_LEN, "invalid decrypted secret share");
mpz_clear(decr_secret_share);
return;
}
......@@ -849,7 +875,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
......@@ -857,7 +883,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
(sgx_sealed_data_t *) encr_bls_key);
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "seal bls private key failed with status %d ", status);
snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status);
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
......@@ -871,7 +897,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares,
mpz_clear(q);
}
void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) {
void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
......@@ -880,21 +906,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke
uint32_t len = key_len;
sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey_hex, &len);
(const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey_hex, &len);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return;
}
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key");
snprintf(errString, BUF_LEN, "could not calculate bls public key");
return;
}
}
void trustedGenerateSEK(int *errStatus, char *err_string,
void trustedGenerateSEK(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
......@@ -915,7 +941,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed");
snprintf(errString, BUF_LEN, "seal SEK failed");
*errStatus = status;
return;
}
......@@ -925,7 +951,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string,
}
void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len) {
void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -936,7 +962,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
(const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "sgx unseal SEK failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status);
return;
}
......@@ -945,7 +971,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin
}
void trustedSetSEK_backup(int *errStatus, char *err_string,
void trustedSetSEK_backup(int *errStatus, char *errString,
uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
LOG_DEBUG (__FUNCTION__);
......@@ -958,7 +984,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,
(sgx_sealed_data_t *) encrypted_SEK);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status);
snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
*errStatus = status;
return;
}
......@@ -966,8 +992,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string,
*enc_len = sealedLen;
}
void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -996,10 +1022,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t base = 16;
int len = mpz_sizeinbase(Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
//snprintf(errString, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char *px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
//snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for (int i = 0; i < n_zeroes; i++) {
pub_key_x[i] = '0';
......@@ -1016,21 +1042,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encrypted_key);
int stat = AES_encrypt(skey_str, encryptedPrivateKey);
if (stat != 0) {
snprintf(err_string, BUF_LEN, "ecdsa private key encryption failed");
snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
*errStatus = stat;
return;
}
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encrypted_key, *enc_len, skey_str);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
if (stat != 0) {
snprintf(err_string + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
//*errStatus = stat;
return;
}
......@@ -1040,8 +1066,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string,
point_clear(Pkey);
}
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
uint8_t *encrypted_key, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
LOG_DEBUG (__FUNCTION__);
......@@ -1050,38 +1076,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
*errStatus = status;
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(err_string, skey, 1024);
strncpy(errString, skey, 1024);
mpz_t skey_mpz;
mpz_init(skey_mpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey);
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
// mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey);
*errStatus = -10;
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
return;
}
//Public key
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve);
point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)) {
snprintf(err_string, BUF_LEN, "Points are not equal");
snprintf(errString, BUF_LEN, "Points are not equal");
*errStatus = -11;
return;
}
......@@ -1108,13 +1134,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string,
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz);
mpz_clear(privateKeyMpz);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len,
unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) {
void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
LOG_DEBUG (__FUNCTION__);
......@@ -1123,88 +1149,88 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != 0) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0';
snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t skey_mpz;
mpz_init(skey_mpz);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) {
snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey));
mpz_t privateKeyMpz;
mpz_init(privateKeyMpz);
if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid secret key");
mpz_clear(skey_mpz);
snprintf(errString, BUF_LEN, "invalid secret key");
mpz_clear(privateKeyMpz);
return;
}
mpz_t msg_mpz;
mpz_init(msg_mpz);
if (mpz_set_str(msg_mpz, hash, 16) == -1) {
mpz_t msgMpz;
mpz_init(msgMpz);
if (mpz_set_str(msgMpz, hash, 16) == -1) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid message hash");
mpz_clear(msg_mpz);
snprintf(errString, BUF_LEN, "invalid message hash");
mpz_clear(msgMpz);
return;
}
signature sign = signature_init();
signature_sign(sign, msg_mpz, skey_mpz, curve);
signature_sign(sign, msgMpz, privateKeyMpz, curve);
point Pkey = point_init();
signature_extract_public_key(Pkey, skey_mpz, curve);
signature_extract_public_key(Pkey, privateKeyMpz, curve);
if (!signature_verify(msg_mpz, sign, Pkey, curve)) {
if (!signature_verify(msgMpz, sign, Pkey, curve)) {
*errStatus = -2;
snprintf(err_string, BUF_LEN, "signature is not verified! ");
snprintf(errString, BUF_LEN, "signature is not verified! ");
return;
}
char arr_m[mpz_sizeinbase(msg_mpz, 16) + 2];
char *msg = mpz_get_str(arr_m, 16, msg_mpz);
snprintf(err_string, BUF_LEN, "message is %s ", arr_m);
char arrM[mpz_sizeinbase(msgMpz, 16) + 2];
char *msg = mpz_get_str(arrM, 16, msgMpz);
snprintf(errString, BUF_LEN, "message is %s ", arrM);
char arr_r[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024);
char arrR[mpz_sizeinbase(sign->r, base) + 2];
char *r = mpz_get_str(arrR, base, sign->r);
strncpy(sigR, arrR, 1024);
char arr_s[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arr_s, base, sign->s);
strncpy(sig_s, arr_s, 1024);
char arrS[mpz_sizeinbase(sign->s, base) + 2];
char *s = mpz_get_str(arrS, base, sign->s);
strncpy(sigS, arrS, 1024);
*sig_v = sign->v;
mpz_clear(skey_mpz);
mpz_clear(msg_mpz);
mpz_clear(privateKeyMpz);
mpz_clear(msgMpz);
domain_parameters_clear(curve);
signature_free(sign);
point_clear(Pkey);
}
void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
*errStatus = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN);
memset(errString, 0, BUF_LEN);
memset(encrypted_key, 0, BUF_LEN);
memset(encryptedPrivateKey, 0, BUF_LEN);
int stat = AES_encrypt(key, encrypted_key);
int stat = AES_encrypt(key, encryptedPrivateKey);
if (stat != 0) {
*errStatus = stat;
snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat);
snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
return;
}
......@@ -1213,18 +1239,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey);
if (stat != 0) {
*errStatus = stat;
snprintf(err_string, BUF_LEN, ":trustedDecryptKey failed with status %d", stat);
snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat);
return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
snprintf(errString, BUF_LEN, "Decrypted key is not null terminated");
return;
}
......@@ -1232,32 +1258,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key,
*errStatus = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
return;
}
*errStatus = 0;
}
void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *key) {
uint32_t decLen;
*errStatus = -9;
int status = AES_decrypt(encrypted_key, enc_len, key);
int status = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (status != 0) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
if (decLen > MAX_KEY_LENGTH) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
......@@ -1268,16 +1294,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated");
snprintf(errString, BUF_LEN, "Key is not null terminated");
return;
}
*errStatus = 0;
memcpy(err_string, AES_key, 1024);
memcpy(errString, AES_key, 1024);
}
void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
......@@ -1288,11 +1314,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
char sig[BUF_LEN];
memset(sig, 0, BUF_LEN);
int stat = AES_decrypt(encrypted_key, enc_len, key);
int stat = AES_decrypt(encryptedPrivateKey, enc_len, key);
if (stat != 0) {
*errStatus = stat;
strncpy(signature, err_string, BUF_LEN);
strncpy(signature, errString, BUF_LEN);
return;
}
......@@ -1308,7 +1334,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt
}
void
trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
LOG_DEBUG (__FUNCTION__);
......@@ -1320,12 +1346,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
return;
}
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
int status = AES_encrypt(dkg_secret, encrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "SGX AES encrypt DKG poly failed");
snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
*errStatus = status;
return;
}
......@@ -1338,14 +1364,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt dkg poly failed");
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
*errStatus = status;
return;
}
if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,
snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8,
"encrypted poly is not equal to decrypted poly");
*errStatus = -333;
}
......@@ -1354,7 +1380,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_
}
void
trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret,
uint32_t *dec_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -1362,14 +1388,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
}
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *encrypted_poly, uint64_t *enc_len) {
void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
LOG_DEBUG (__FUNCTION__);
......@@ -1378,12 +1404,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len,
void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) {
char skey[ECDSA_SKEY_LEN];
......@@ -1395,7 +1421,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
uint32_t enc_len;
trustedGenerateEcdsaKeyAES(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
if (*errStatus != 0) {
return;
}
......@@ -1405,11 +1431,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status);
*errStatus = status;
return;
}
snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey);
snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
*dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
......@@ -1422,14 +1448,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, decryptedDkgPoly);
snprintf(errString, BUF_LEN, decryptedDkgPoly);
return;
}
snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share);
snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share);
if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
return;
}
......@@ -1437,7 +1463,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
xor_encrypt(common_key, s_share, cypher);
if (cypher == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1449,7 +1475,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t
}
void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
char *public_shares,
unsigned _t, unsigned _n) {
......@@ -1463,33 +1489,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*errStatus = status;
return;
}
if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "t does not match polynomial in db");
snprintf(errString, BUF_LEN, "t does not match polynomial in db");
return;
}
}
void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_shares, const char *s_share,
uint8_t *encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int *result) {
void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN);
int status = AES_decrypt(encrypted_key, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
*errStatus = status;
return;
}
......@@ -1506,7 +1532,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
if (common_key == NULL || strlen(common_key) == 0) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1515,7 +1541,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
return;
}
......@@ -1523,27 +1549,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh
mpz_init(s);
if (mpz_set_str(s, decr_sshare, 16) == -1) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid decr secret share");
snprintf(errString, BUF_LEN, "invalid decr secret share");
mpz_clear(s);
return;
}
*result = Verification(public_shares, s, _t, _ind);
snprintf(err_string, BUF_LEN, "secret share dec %s", public_shares);
snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
}
void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shares,
uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) {
LOG_DEBUG (__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, key_len, skey);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
skey[ECDSA_SKEY_LEN - 1] = 0;
......@@ -1571,7 +1597,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (common_key == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -1581,7 +1607,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
xor_decrypt(common_key, encr_sshare, decr_sshare);
if (decr_sshare == NULL) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "invalid common_key");
snprintf(errString, BUF_LEN, "invalid common_key");
mpz_clear(sum);
return;
}
......@@ -1591,8 +1617,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
mpz_init(decr_secret_share);
if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
*errStatus = 111;
//snprintf(err_string, BUF_LEN ,"invalid decrypted secret share");
snprintf(err_string, BUF_LEN, decr_sshare);
//snprintf(errString, BUF_LEN ,"invalid decrypted secret share");
snprintf(errString, BUF_LEN, decr_sshare);
mpz_clear(decr_secret_share);
return;
}
......@@ -1612,7 +1638,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
char key_share[mpz_sizeinbase(bls_key, 16) + 2];
char *key = mpz_get_str(key_share, 16, bls_key);
snprintf(err_string, BUF_LEN, " bls private key is %s", key_share);
snprintf(errString, BUF_LEN, " bls private key is %s", key_share);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
......@@ -1620,7 +1646,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
if (status != SGX_SUCCESS) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
mpz_clear(bls_key);
mpz_clear(sum);
mpz_clear(q);
......@@ -1634,7 +1660,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar
}
void
trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) {
trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) {
LOG_DEBUG (__FUNCTION__);
......@@ -1642,10 +1668,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
uint32_t len = key_len;
int status = AES_decrypt(encrypted_key, key_len, skey_hex);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(err_string, BUF_LEN, "aes_decrypt failed with status %d", status);
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
return;
}
......@@ -1653,7 +1679,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key,
if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
*errStatus = -1;
snprintf(err_string, BUF_LEN, "could not calculate bls public key");
snprintf(errString, BUF_LEN, "could not calculate bls public key");
return;
}
}
......
testw.cpp
View file @ 94616f97
......@@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
REQUIRE(c.getServerVersion()["version"] == SGXWALLET_VERSION);
REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment