Skip to content

S
sgxwallet
Unverified Commit 964dac2b authored by svetaro's avatar svetaro
Browse files
Options

SKALE-2003 Add backup key to ECDSA procedures

parent 3fb4836a
Show whitespace changes
Inline Side-by-side
Showing with 623 additions and 71 deletions
BLSCrypto.cpp
View file @ 964dac2b
......@@ -185,10 +185,12 @@ char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key)
unsigned int encryptedLen = 0;
status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
//status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
status = encrypt_key_aes(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
if (DEBUG_PRINT) {
spdlog::info("errStatus is {}",*errStatus, " errMsg is ", errMsg );
spdlog::info("errStatus is {}",*errStatus);
spdlog::info(" errMsg is ", errMsg );
}
if (status != SGX_SUCCESS) {
......@@ -224,7 +226,8 @@ char *decryptBLSKeyShareFromHex(int *errStatus, char *errMsg, const char *_encry
char *plaintextKey = (char *) calloc(BUF_LEN, 1);
status = decrypt_key(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
//status = decrypt_key(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
status = decrypt_key_aes(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
if (status != SGX_SUCCESS) {
return nullptr;
......
ECDSACrypto.cpp
View file @ 964dac2b
......@@ -51,14 +51,21 @@ std::vector<std::string> gen_ecdsa_key(){
char *pub_key_y = (char *)calloc(1024, 1);
uint32_t enc_len = 0;
status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
//status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
if ( err_status != 0 ){
std::cerr << "RPCException thrown" << std::endl;
throw RPCException(-666, errMsg) ;
}
std::vector<std::string> keys(3);
//std::cerr << "account key is " << errMsg << std::endl;
char *hexEncrKey = (char *) calloc(2*BUF_LEN, 1);
if (DEBUG_PRINT) {
std::cerr << "account key is " << errMsg << std::endl;
std::cerr << "enc_len is " << enc_len << std::endl;
std::cerr << "enc_key is " << std::endl;
for(int i = 0 ; i < 1024; i++)
std::cerr << (int)encr_pr_key[i] << " " ;
}
char *hexEncrKey = (char *) calloc(BUF_LEN, 1);
carray2Hex(encr_pr_key, enc_len, hexEncrKey);
keys.at(0) = hexEncrKey;
keys.at(1) = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
......@@ -69,6 +76,7 @@ std::vector<std::string> gen_ecdsa_key(){
unsigned long seed = rand_gen();
if (DEBUG_PRINT) {
spdlog::info("seed is {}", seed);
std::cerr << "strlen is " << strlen(hexEncrKey) << std::endl;
}
gmp_randstate_t state;
gmp_randinit_default(state);
......@@ -105,26 +113,38 @@ std::string get_ecdsa_pubkey(const char* encryptedKeyHex){
char *pub_key_y = (char *)calloc(1024, 1);
uint64_t enc_len = 0;
uint8_t encr_pr_key[BUF_LEN];
//uint8_t encr_pr_key[BUF_LEN];
uint8_t* encr_pr_key = (uint8_t*)calloc(1024, 1);
if (!hex2carray(encryptedKeyHex, &enc_len, encr_pr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
spdlog::info("encr_hex_key is {}", encryptedKeyHex);
std::cerr << "enc_key is " << std::endl;
for(int i = 0 ; i < BUF_LEN; i++)
std::cerr << (int)encr_pr_key[i] << " " ;
//status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
status = get_public_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
if (err_status != 0){
throw RPCException(-666, errMsg) ;
}
std::string pubKey = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
if (DEBUG_PRINT) {
spdlog::info("enc_len is {}", enc_len);
spdlog::info("pubkey is {}", pubKey);
spdlog::info("pubkey length is {}", pubKey.length());
spdlog::info("err str is {}", errMsg);
spdlog::info("err status is {}", err_status);
}
free(errMsg);
free(pub_key_x);
free(pub_key_y);
free(encr_pr_key);
return pubKey;
}
......@@ -134,12 +154,13 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
char *errMsg = (char *)calloc(1024, 1);
int err_status = 0;
char* signature_r = (char*)malloc(1024);
char* signature_s = (char*)malloc(1024);
char* signature_r = (char *)calloc(1024, 1);
char* signature_s = (char *)calloc(1024, 1);
uint8_t signature_v = 0;
uint64_t dec_len = 0;
uint8_t encr_key[BUF_LEN];
//uint8_t encr_key[BUF_LEN];
uint8_t* encr_key = (uint8_t*)calloc(1024, 1);
if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)){
throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
}
......@@ -150,7 +171,8 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
spdlog::info("encrypted len: {}", dec_len);
}
status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
//status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
status = ecdsa_sign_aes(eid, &err_status, errMsg, encr_key, dec_len, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
if ( err_status != 0){
throw RPCException(-666, errMsg ) ;
}
......@@ -176,6 +198,7 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
free(errMsg);
free(signature_r);
free(signature_s);
free(encr_key);
return signature_vect;
}
\ No newline at end of file
SEKManager.cpp
View file @ 964dac2b
......@@ -35,23 +35,23 @@ void generate_SEK(){
char *errMsg = (char *)calloc(1024, 1);
int err_status = 0;
uint8_t* encr_pr_key = (uint8_t *)calloc(1024, 1);
uint8_t* encr_SEK = (uint8_t *)calloc(1024, 1);
uint32_t enc_len = 0;
status = generate_SEK(eid, &err_status, errMsg, encr_pr_key, &enc_len);
status = generate_SEK(eid, &err_status, errMsg, encr_SEK, &enc_len);
if ( err_status != 0 ){
std::cerr << "RPCException thrown" << std::endl;
throw RPCException(-666, errMsg) ;
}
char *hexEncrKey = (char *) calloc(BUF_LEN, 1);
//carray2Hex(encr_pr_key, enc_len, hexEncrKey);
char *hexEncrKey = (char *) calloc(2*enc_len + 1, 1);
carray2Hex(encr_SEK, enc_len, hexEncrKey);
std::cerr << "key is " << errMsg << std::endl;
//levelDb->writeDataUnique("SEK", hexEncrKey);
levelDb->writeDataUnique("SEK", hexEncrKey);
free(errMsg);
free(encr_pr_key);
free(encr_SEK);
free(hexEncrKey);
}
SGXWalletServer.cpp
View file @ 964dac2b
......@@ -275,7 +275,6 @@ Json::Value generateECDSAKeyImpl() {
spdlog::info("key name generated: {}", keyName);
}
//writeECDSAKey(keyName, keys.at(0));
writeDataToDB(keyName, keys.at(0));
result["encryptedKey"] = keys.at(0);
......
secure_enclave/AESUtils.c 0 → 100644
View file @ 964dac2b
//
// Created by kladko on 1/22/20.
//
#include "sgx_trts.h"
#include "sgx_tcrypto.h"
#include "stdlib.h"
#include <string.h>
#include "AESUtils.h"
int AES_encrypt(char *message, uint8_t *encr_message){
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
return status;
}
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message){
uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);
return status;
}
\ No newline at end of file
secure_enclave/AESUtils.h 0 → 100644
View file @ 964dac2b
//
// Created by kladko on 1/22/20.
//
#ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t AES_key;
int AES_encrypt(char *message, uint8_t *encr_message);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message);
#endif //SGXD_AESUTILS_H
secure_enclave/Makefile.am
View file @ 964dac2b
......@@ -85,7 +85,7 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c \
curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c AESUtils.c \
DKGUtils.cpp BLSEnclave.cpp ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......
secure_enclave/Makefile.in
View file @ 964dac2b
......@@ -110,7 +110,7 @@ am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \
secure_enclave.$(OBJEXT) curves.$(OBJEXT) \
domain_parameters.$(OBJEXT) numbertheory.$(OBJEXT) \
point.$(OBJEXT) signature.$(OBJEXT) DH_dkg.$(OBJEXT) \
DKGUtils.$(OBJEXT) BLSEnclave.$(OBJEXT) \
AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) BLSEnclave.$(OBJEXT) \
alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \
alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1)
secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS)
......@@ -138,7 +138,8 @@ am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
am__depfiles_remade = ./$(DEPDIR)/AESUtils.Po \
./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
./$(DEPDIR)/DKGUtils.Po ./$(DEPDIR)/alt_bn128_g1.Po \
./$(DEPDIR)/alt_bn128_g2.Po ./$(DEPDIR)/alt_bn128_init.Po \
./$(DEPDIR)/curves.Po ./$(DEPDIR)/domain_parameters.Po \
......@@ -346,7 +347,7 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml
ENCLAVE_KEY = test_insecure_private_key.pem #$(ENCLAVE)_private.pem
secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
secure_enclave.c \
curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c \
curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c AESUtils.c \
DKGUtils.cpp BLSEnclave.cpp ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
......@@ -440,6 +441,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AESUtils.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@ # am--include-marker
......@@ -660,6 +662,7 @@ clean: clean-am
clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
distclean: distclean-am
-rm -f ./$(DEPDIR)/AESUtils.Po
-rm -f ./$(DEPDIR)/BLSEnclave.Po
-rm -f ./$(DEPDIR)/DH_dkg.Po
-rm -f ./$(DEPDIR)/DKGUtils.Po
......@@ -720,6 +723,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/AESUtils.Po
-rm -f ./$(DEPDIR)/BLSEnclave.Po
-rm -f ./$(DEPDIR)/DH_dkg.Po
-rm -f ./$(DEPDIR)/DKGUtils.Po
......
secure_enclave/enclave_common.h 0 → 100644
View file @ 964dac2b
//
// Created by kladko on 1/24/20.
//
#ifndef SGXD_ENCLAVE_COMMON_H
#define SGXD_ENCLAVE_COMMON_H
#define BUF_LEN 1024
#define MAX_KEY_LENGTH 128
#define MAX_COMPONENT_LENGTH 80
#define MAX_COMPONENT_HEX_LENGTH MAX_COMPONENT_LENGTH * 2
#define MAX_ENCRYPTED_KEY_LENGTH 1024
#define MAX_SIG_LEN 1024
#define MAX_ERR_LEN 1024
#define SHA_256_LEN 32
#define ADD_ENTROPY_SIZE 32
#define DKG_BUFER_LENGTH 2490//3060
#define DKG_MAX_SEALED_LEN 3050
#define SECRET_SHARE_NUM_BYTES 96
#define ECDSA_SKEY_LEN 65
#define ECDSA_SKEY_BASE 16
#define ECDSA_ENCR_LEN 93
#define ECDSA_BIN_LEN 33
#define UNKNOWN_ERROR -1
#define PLAINTEXT_KEY_TOO_LONG -2
#define UNPADDED_KEY -3
#define NULL_KEY -4
#define INCORRECT_STRING_CONVERSION -5
#define ENCRYPTED_KEY_TOO_LONG -6
#define SEAL_KEY_FAILED -7
#endif //SGXD_ENCLAVE_COMMON_H
secure_enclave/secure_enclave.c
View file @ 964dac2b
......@@ -51,10 +51,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <sgx_tcrypto.h>
#include "../sgxwallet_common.h"
#include "AESUtils.h"
//#include "../sgxwallet_common.h"
#include "enclave_common.h"
uint8_t Decrypted_dkg_poly[DKG_BUFER_LENGTH];
uint8_t SEK[32];
void *(*gmp_realloc_func)(void *, size_t, size_t);
......@@ -896,26 +899,387 @@ void get_bls_pub_key(int *err_status, char* err_string, uint8_t* encrypted_key,
void generate_SEK(int *err_status, char *err_string,
uint8_t *encrypted_SEK, uint32_t *enc_len){
uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
//unsigned char* rand_char = (unsigned char*)malloc(16);
sgx_read_rand( SEK_raw, SGX_AESGCM_KEY_SIZE);
uint32_t hex_aes_key_length = SGX_AESGCM_KEY_SIZE * 2;
uint8_t SEK[hex_aes_key_length];
carray2Hex(SEK_raw, SGX_AESGCM_KEY_SIZE, SEK);
unsigned char* rand_char = (unsigned char*)malloc(16);
sgx_read_rand( rand_char, 16);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, hex_aes_key_length + 1);
memcpy(err_string, SEK, BUF_LEN);
for ( uint8_t i = 0; i < SGX_AESGCM_KEY_SIZE; i++){
AES_key[i] = SEK_raw[i];
}
carray2Hex(rand_char, 16, SEK);
uint32_t sealedLen = sgx_calc_sealed_data_size(0, 32);
memcpy(err_string, 32, SEK);
sgx_status_t status = sgx_seal_data(0, NULL, 32, (uint8_t *)SEK, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
if( status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"seal SEK failed");
snprintf(err_string, BUF_LEN, "seal SEK failed");
*err_status = status;
return;
}
*enc_len = sealedLen;
//free(rand_char);
}
void generate_ecdsa_key_aes(int *err_status, char *err_string,
uint8_t *encrypted_key, uint32_t *enc_len, char * pub_key_x, char * pub_key_y) {
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
unsigned char* rand_char = (unsigned char*)malloc(32);
sgx_read_rand( rand_char, 32);
mpz_t seed;
mpz_init(seed);
mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
free(rand_char);
mpz_t skey;
mpz_init(skey);
mpz_mod(skey, seed, curve->p);
mpz_clear(seed);
//Public key
point Pkey = point_init();
signature_generate_key(Pkey, skey, curve);
uint8_t base = 16;
int len = mpz_sizeinbase (Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char* px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){
pub_key_x[i] = '0';
}
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase (Pkey->y, base) + 2];
char* py = mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for ( int i = 0; i < n_zeroes; i++){
pub_key_y[i] = '0';
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[mpz_sizeinbase (skey, ECDSA_SKEY_BASE) + 2];
char* s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
int stat = AES_encrypt(skey_str, encrypted_key);
if( stat != 0) {
snprintf(err_string, BUF_LEN,"ecdsa private key encryption failed");
*err_status = stat;
return;
}
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encrypted_key, *enc_len, skey_str);
if( stat != 0) {
snprintf(err_string + 19 + strlen(skey_str), BUF_LEN,"ecdsa private key decr failed with status %d", stat);
//*err_status = stat;
return;
}
mpz_clear(skey);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void get_public_ecdsa_key_aes(int *err_status, char *err_string,
uint8_t *encrypted_key, uint32_t enc_len, char * pub_key_x, char * pub_key_y) {
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
if (status != 0) {
snprintf(err_string, BUF_LEN,"AES_decrypt failed with status %d", status);
*err_status = status;
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
strncpy(err_string, skey, 1024);
mpz_t skey_mpz;
mpz_init(skey_mpz);
// mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1){
snprintf(err_string, BUF_LEN,"wrong string to init private key - %s", skey);
*err_status = -10;
mpz_clear(skey_mpz);
return;
}
//Public key
point Pkey = point_init();
signature_generate_key(Pkey, skey_mpz, curve);
point Pkey_test = point_init();
point_multiplication(Pkey_test, skey_mpz, curve->G, curve);
if (!point_cmp(Pkey, Pkey_test)){
snprintf(err_string, BUF_LEN,"Points are not equal");
*err_status = -11;
return;
}
int base = 16;
int len = mpz_sizeinbase (Pkey->x, base) + 2;
//snprintf(err_string, BUF_LEN, "len = %d\n", len);
char arr_x[len];
char* px = mpz_get_str(arr_x, base, Pkey->x);
//snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
int n_zeroes = 64 - strlen(arr_x);
for ( int i = 0; i < n_zeroes; i++){
pub_key_x[i] = '0';
}
strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
char arr_y[mpz_sizeinbase (Pkey->y, base) + 2];
char* py = mpz_get_str(arr_y, base, Pkey->y);
n_zeroes = 64 - strlen(arr_y);
for ( int i = 0; i < n_zeroes; i++){
pub_key_y[i] = '0';
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
mpz_clear(skey_mpz);
domain_parameters_clear(curve);
point_clear(Pkey);
}
void ecdsa_sign_aes(int *err_status, char *err_string, uint8_t *encrypted_key, uint32_t enc_len,
unsigned char* hash, char * sig_r, char * sig_s, uint8_t* sig_v, int base) {
domain_parameters curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encrypted_key, enc_len, skey);
if (status != 0) {
*err_status = status;
snprintf(err_string, BUF_LEN,"aes decrypt failed with status %d", status);
return;
}
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0';
snprintf(err_string, BUF_LEN,"pr key is %s length %d ", skey, strlen(skey));
mpz_t skey_mpz;
mpz_init(skey_mpz);
if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1){
*err_status = -1;
snprintf(err_string, BUF_LEN ,"invalid secret key");
mpz_clear(skey_mpz);
return;
}
mpz_t msg_mpz;
mpz_init(msg_mpz);
if (mpz_set_str(msg_mpz, hash, 16) == -1){
*err_status = -1;
snprintf(err_string, BUF_LEN ,"invalid message hash");
mpz_clear(msg_mpz);
return;
}
signature sign = signature_init();
signature_sign( sign, msg_mpz, skey_mpz, curve);
point Pkey = point_init();
signature_generate_key(Pkey, skey_mpz, curve);
if ( !signature_verify(msg_mpz, sign, Pkey, curve) ){
*err_status = -2;
snprintf(err_string, BUF_LEN,"signature is not verified! ");
return;
}
//char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2];
//char* px = mpz_get_str(arr_x, 16, Pkey->x);
//snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x);
char arr_m[mpz_sizeinbase (msg_mpz, 16) + 2];
char* msg = mpz_get_str(arr_m, 16, msg_mpz);
snprintf(err_string, BUF_LEN,"message is %s ", arr_m);
char arr_r[mpz_sizeinbase (sign->r, base) + 2];
char* r = mpz_get_str(arr_r, base, sign->r);
strncpy(sig_r, arr_r, 1024);
char arr_s[mpz_sizeinbase (sign->s, base) + 2];
char* s = mpz_get_str(arr_s, base, sign->s);
strncpy(sig_s, arr_s, 1024);
*sig_v = sign->v;
mpz_clear(skey_mpz);
mpz_clear(msg_mpz);
domain_parameters_clear(curve);
signature_clear(sign);
point_clear(Pkey);
}
void encrypt_key_aes(int *err_status, char *err_string, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) {
//init();
*err_status = UNKNOWN_ERROR;
memset(err_string, 0, BUF_LEN);
checkKey(err_status, err_string, key);
if (*err_status != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
return;
}
memset(encrypted_key, 0, BUF_LEN);
int stat = AES_encrypt(key, encrypted_key);
if ( stat != 0) {
*err_status = stat;
snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat);
return;
}
*enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey);
if (stat != 0) {
*err_status = stat;
snprintf(err_string, BUF_LEN, ":decrypt_key failed with status %d", stat);
return;
}
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
return;
}
*err_status = -8;
if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
return;
}
*err_status = 0;
}
void decrypt_key_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char *key) {
init();
uint32_t decLen;
*err_status = -9;
int status = AES_decrypt(encrypted_key, enc_len, key);
if (status != 0) {
*err_status = status;
snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status);
return;
}
//snprintf(err_string, BUF_LEN, "decr key is %s", key);
if (decLen > MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
return;
}
*err_status = -10;
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, BUF_LEN, "Key is not null terminated");
return;
}
*err_status = 0;
return;
}
void bls_sign_message_aes(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char *_hashX,
char *_hashY, char *signature) {
char key[BUF_LEN];
char* sig = (char*) calloc(BUF_LEN, 1);
init();
int stat = AES_decrypt(encrypted_key, enc_len, key);
if ( stat != 0) {
*err_status = stat;
strncpy(signature, err_string, BUF_LEN);
return;
}
enclave_sign(key, _hashX, _hashY, sig);
strncpy(signature, sig, BUF_LEN);
if (strnlen(signature, BUF_LEN) < 10) {
*err_status = -1;
return;
}
}
secure_enclave/secure_enclave.edl
View file @ 964dac2b
#define ECDSA_SKEY_LEN 65
#define ECDSA_SKEY_BASE 16
#define ECDSA_ENCR_LEN 93
#define ECDSA_BIN_LEN 33
enclave {
trusted {
include "sgx_tgmp.h"
public void tgmp_init();
public void e_mpz_add(
......@@ -163,6 +170,57 @@ enclave {
[out, count = 1024] char *err_string,
[in, count = 1024] uint8_t *encrypted_SEK,
[user_check] uint32_t *enc_len);
public void generate_ecdsa_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[out, count = ECDSA_ENCR_LEN] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void get_public_ecdsa_key_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t dec_len,
[out, count = 1024] char * pub_key_x,
[out, count = 1024] char * pub_key_y);
public void ecdsa_sign_aes(
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[in, count = 1024] unsigned char* hash,
[out, count = 1024] char* sig_r,
[out, count = 1024] char* sig_s,
[user_check] uint8_t* sig_v,
int base);
public void encrypt_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] char* key,
[out, count = 1024] uint8_t* encrypted_key,
[user_check] uint32_t *enc_len);
public void decrypt_key_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[out, count = 1024] char* key );
public void bls_sign_message_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len,
[in, count = 1024] char* hashX ,
[in, count = 1024] char* hashY ,
[out, count = 1024] char* signature);
};
......
sgxwallet_common.h
View file @ 964dac2b
......@@ -57,7 +57,7 @@ extern int is_sgx_https;
#define ECDSA_SKEY_LEN 65
#define ECDSA_SKEY_BASE 16
#define ECDSA_ENCR_LEN 625
#define ECDSA_ENCR_LEN 93
#define ECDSA_BIN_LEN 33
#define UNKNOWN_ERROR -1
......
testw.cpp
View file @ 964dac2b
......@@ -139,7 +139,8 @@ char* encryptTestKey() {
TEST_CASE("BLS key encrypt", "[bls-key-encrypt]") {
DEBUG_PRINT = 1;
is_sgx_https = 0;
init_all(false, false);
char* key = encryptTestKey();
REQUIRE(key != nullptr);
......@@ -150,8 +151,11 @@ TEST_CASE("BLS key encrypt", "[bls-key-encrypt]") {
TEST_CASE("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
{
DEBUG_PRINT = 1;
is_sgx_https = 0;
init_all(false, false);
//init_enclave();
int errStatus = -1;
char* errMsg = (char*) calloc(BUF_LEN, 1);
......@@ -171,6 +175,8 @@ TEST_CASE("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
printf("Decrypted key len %d\n", (int) strlen(plaintextKey));
printf("Decrypted key: %s\n", plaintextKey);
sgx_destroy_enclave(eid);
}
}
......@@ -1076,32 +1082,37 @@ TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
cerr << "Client inited" << endl;
Json::Value genKey = c.generateECDSAKey();
REQUIRE(genKey["status"].asInt() == 0);
cout << genKey << endl;
Json::Value ecdsaSign = c.ecdsaSignMessageHash(16, genKey["KeyName"].asString(), "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
REQUIRE(ecdsaSign["status"].asInt() == 0);
cout << ecdsaSign << std::endl;
REQUIRE(genKey["status"].asInt() == 0);
Json::Value getPubKey = c.getPublicECDSAKey(genKey["KeyName"].asString());
REQUIRE(getPubKey["status"].asInt() == 0);
cout << getPubKey << std::endl;
REQUIRE(getPubKey["status"].asInt() == 0);
REQUIRE(getPubKey["PublicKey"].asString() == genKey["PublicKey"].asString());
//wrong base
Json::Value ecdsaSignWrongBase = c.ecdsaSignMessageHash(0, genKey["KeyName"].asString(), "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
cout << ecdsaSignWrongBase << std::endl;
REQUIRE(ecdsaSignWrongBase["status"].asInt() != 0);
//wrong keyName
Json::Value ecdsaSignWrongKeyName = c.ecdsaSignMessageHash(0, "", "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
cout << ecdsaSignWrongKeyName << std::endl;
REQUIRE(ecdsaSignWrongKeyName["status"].asInt() != 0);
Json::Value getPubKeyWrongKeyName = c.getPublicECDSAKey("keyName");
REQUIRE(getPubKeyWrongKeyName["status"].asInt() != 0);
cout << getPubKeyWrongKeyName << std::endl;
//wrong hash
Json::Value ecdsaSignWrongHash = c.ecdsaSignMessageHash(16, genKey["KeyName"].asString(), "");
cout << ecdsaSignWrongHash << std::endl;
REQUIRE(ecdsaSignWrongHash["status"].asInt() != 0);
Json::Value ecdsaSign = c.ecdsaSignMessageHash(16, genKey["KeyName"].asString(), "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
cout << ecdsaSign << std::endl;
REQUIRE(ecdsaSign["status"].asInt() == 0);
// //wrong base
// Json::Value ecdsaSignWrongBase = c.ecdsaSignMessageHash(0, genKey["KeyName"].asString(), "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
// cout << ecdsaSignWrongBase << std::endl;
// REQUIRE(ecdsaSignWrongBase["status"].asInt() != 0);
//
// //wrong keyName
// Json::Value ecdsaSignWrongKeyName = c.ecdsaSignMessageHash(0, "", "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db");
// cout << ecdsaSignWrongKeyName << std::endl;
// REQUIRE(ecdsaSignWrongKeyName["status"].asInt() != 0);
// Json::Value getPubKeyWrongKeyName = c.getPublicECDSAKey("keyName");
// REQUIRE(getPubKeyWrongKeyName["status"].asInt() != 0);
// cout << getPubKeyWrongKeyName << std::endl;
//
// //wrong hash
// Json::Value ecdsaSignWrongHash = c.ecdsaSignMessageHash(16, genKey["KeyName"].asString(), "");
// cout << ecdsaSignWrongHash << std::endl;
// REQUIRE(ecdsaSignWrongHash["status"].asInt() != 0);
sgx_destroy_enclave(eid);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment