SKALE-2003 Add entering back up key

SEKManager.cpp

@@ -33,6 +33,9 @@
 #include "common.h"
 #include "sgxwallet.h"
 
+#include "ServerDataChecker.h"
+#include "spdlog/spdlog.h"
+
 bool case_insensitive_match(string s1, string s2) {
   //convert s1 and s2 into lower case strings
   transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
@@ -40,7 +43,7 @@ bool case_insensitive_match(string s1, string s2) {
   return s1.compare(s2);
 }
 
-void generate_SEK(){
+void gen_SEK(){
 
   vector<char> errMsg(1024,0);
   int err_status = 0;
@@ -56,7 +59,7 @@ void generate_SEK(){
     throw RPCException(status, errMsg.data()) ;
   }
 
-  vector<char> hexEncrKey(2*enc_len + 1, 0);
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
   carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
 
@@ -103,3 +106,47 @@ void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
 //  for ( uint32_t i = 0; i < 1024; i++)
 //     printf("%d ", errMsg[i]);
 }
+
+void enter_SEK(){
+  vector<char> errMsg(1024,0);
+  int err_status = 0;
+  vector<uint8_t> encr_SEK(BUF_LEN, 0);
+  uint32_t enc_len;
+
+  std::string SEK;
+  std::cout << "ENTER BACKUP KEY" << std::endl;
+  std::cin >> SEK;
+  while (!checkHex(SEK, 16)){
+    std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
+    SEK = "";
+    std::cin >> SEK;
+  }
+  if (DEBUG_PRINT)
+    std::cerr << "your key is " << SEK << std::endl;
+
+  status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
+  if (status != SGX_SUCCESS){
+    cerr << "RPCException thrown with status " << status << endl;
+    throw RPCException(status, errMsg.data()) ;
+  }
+
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
+
+  carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
+
+  LevelDB::getLevelDb() -> deleteKey("SEK");
+  LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
+}
+
+void init_SEK(){
+  std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
+  if (encr_SEK_ptr == nullptr){
+    spdlog::info("SEK was not created yet. Going to create SEK");
+    gen_SEK();
+  }
+  else{
+    if (DEBUG_PRINT)
+      spdlog::info("going to set SEK from db" );
+    set_SEK(encr_SEK_ptr);
+  }
+}

SEKManager.h

@@ -24,11 +24,29 @@
 #ifndef SGXD_SEKMANAGER_H
 #define SGXD_SEKMANAGER_H
 
+
+#ifdef __cplusplus
 #include <string>
 #include <memory>
+#endif
+
 
-void generate_SEK();
 
+void gen_SEK();
+
+#ifdef __cplusplus
 void set_SEK(std::shared_ptr<std::string> hex_encr_SEK);
+#endif
+
+#ifdef __cplusplus
+#define EXTERNC extern "C"
+#else
+#define EXTERNC
+#endif
+
+EXTERNC void enter_SEK();
+
+EXTERNC void init_SEK();
+
 
 #endif //SGXD_SEKMANAGER_H

ServerDataChecker.cpp

@@ -72,8 +72,8 @@ bool checkECDSAKeyName(const string& keyName) {
 
 bool checkHex(const string& hex, const uint32_t sizeInBytes){
   if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
-    spdlog::error("public key is too long or zero - ", hex.length());
-    std::cerr << "public key length is " << hex.length() << std::endl;
+    spdlog::error("key is too long or zero - ", hex.length());
+    std::cerr << "key length is " << hex.length() << std::endl;
     return false;
   }
 
@@ -81,7 +81,7 @@ bool checkHex(const string& hex, const uint32_t sizeInBytes){
   mpz_init(num);
 
   if ( mpz_set_str(num, hex.c_str(), 16) == -1){
-    spdlog::error("public key is not hex {}", hex);
+    spdlog::error("key is not hex {}", hex);
     mpz_clear(num);
     return false;
   }

ServerInit.cpp

@@ -52,7 +52,7 @@
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
-#include "SEKManager.h"
+
 
 #include <iostream>
 
@@ -67,21 +67,13 @@
 
 //#include <system>
 
+
+
 void init_daemon() {
 
     libff::init_alt_bn128_params();
 
     LevelDB::initDataFolderAndDBs();
-
-    std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
-    if (encr_SEK_ptr == nullptr){
-      spdlog::info("SEK was not created yet");
-      generate_SEK();
-    }
-    else{
-      std::cerr << "going to set SEK from db" << std::endl;
-      set_SEK(encr_SEK_ptr);
-    }
 }
 
 
@@ -137,13 +129,14 @@ void init_enclave() {
 
 int sgxServerInited = 0;
 
-void init_all(bool check_cert, bool sign_automatically) {
+void init_all(bool check_cert, bool sign_automatically, void (*SEK_func)()) {
     //spdlog::set_pattern("%c");
     if (sgxServerInited == 1)
         return;
     init_enclave();
     init_daemon();
-
+    //init_SEK();
+    SEK_func();
 
     sgxServerInited = 1;
 

ServerInit.h

@@ -30,12 +30,12 @@
 #define EXTERNC
 #endif
 
-
-EXTERNC void init_all(bool check_cert, bool sign_automatically);
+EXTERNC void init_all(bool check_cert, bool sign_automatically, void (*func)());
 
 EXTERNC void init_daemon();
 
 EXTERNC void init_enclave();
 
 
+
 #endif //SGXWALLET_SERVERINIT_H

secure_enclave/secure_enclave.c

@@ -955,6 +955,26 @@ void set_SEK(int *err_status, char *err_string, uint8_t *encrypted_SEK, uint64_t
 
 }
 
+void set_SEK_backup(int *err_status, char *err_string,
+                    uint8_t *encrypted_SEK, uint32_t *enc_len, const char* SEK_hex){
+
+  uint64_t len;
+  hex2carray(SEK_hex, &len, (uint8_t* )AES_key);
+
+  uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(SEK_hex) + 1);
+
+  sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen,(sgx_sealed_data_t*)encrypted_SEK);
+  if( status !=  SGX_SUCCESS) {
+    snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status);
+    *err_status = status;
+    return;
+  }
+
+  //strncpy(SEK_hex, SEK, hex_aes_key_length);
+
+  *enc_len = sealedLen;
+}
+
 void generate_ecdsa_key_aes(int *err_status, char *err_string,
                         uint8_t *encrypted_key, uint32_t *enc_len, char * pub_key_x, char * pub_key_y) {
 

secure_enclave/secure_enclave.edl

@@ -178,6 +178,13 @@ enclave {
                                 [in, count = 1024] uint8_t *encrypted_SEK,
                                 uint64_t encr_len);
 
+                public void set_SEK_backup(
+                                [user_check] int *err_status,
+                                [out, count = 1024] char *err_string,
+                                [out, count = 1024] uint8_t *encrypted_SEK,
+                                [user_check] uint32_t *enc_len,
+                                [in, count = 65] const char* SEK_hex);
+
                 public void generate_ecdsa_key_aes (
                                 [user_check] int *err_status,
                                 [out, count = 1024] char* err_string,

sgxwallet.c

@@ -38,9 +38,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
+#include "SEKManager.h"
+
+
 #include <stdbool.h>
 
 
+
 void usage() {
   fprintf(stderr, "usage: sgxwallet\n");
   exit(1);
@@ -52,7 +56,8 @@ sgx_status_t status;
 int updated;
 
 int main(int argc, char *argv[]) {
-
+  void (*SEK_initializer)();
+  SEK_initializer = init_SEK;
   bool check_client_cert = true;
   bool sign_automatically = false;
   int opt;
@@ -62,7 +67,7 @@ int main(int argc, char *argv[]) {
     exit(1);
   }
 
-  while ((opt = getopt(argc, argv, "cshd0a")) != -1) {
+  while ((opt = getopt(argc, argv, "cshd0ab")) != -1) {
     switch (opt) {
     case 'h':
       if (strlen(argv[1]) == 2 ) {
@@ -70,6 +75,7 @@ int main(int argc, char *argv[]) {
         fprintf(stderr, "-s  client certificate will be signed automatically\n");
         fprintf(stderr, "-d  turn on debug output\n");
         fprintf(stderr, "-0  SGXWalletServer will be launched on http (not https)\n");
+        fprintf(stderr, "-b  Enter backup key\n");
         exit(0);
       } else {
         fprintf(stderr, "unknown flag %s\n", argv[1]);
@@ -90,13 +96,16 @@ int main(int argc, char *argv[]) {
     case 'a':
       is_aes = 1;
       break;
+    case 'b':
+      SEK_initializer = enter_SEK;
+      break;
     case '?': // fprintf(stderr, "unknown flag\n");
       exit(1);
     default:
       break;
     }
   }
-  init_all(check_client_cert, sign_automatically);
+  init_all(check_client_cert, sign_automatically, SEK_initializer);
 
   while (true) {
       sleep(10);

testw.cpp

@@ -78,6 +78,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include "BLSPublicKeyShare.h"
 #include "BLSPublicKey.h"
 
+#include "SEKManager.h"
+
 #include <thread>
 #include "common.h"
 
@@ -143,7 +145,7 @@ TEST_CASE("BLS key encrypt", "[bls-key-encrypt]") {
 
    DEBUG_PRINT = 1;
    is_sgx_https = 0;
-    init_all(false, false);
+    init_all(false, false, init_SEK);
     char* key = encryptTestKey();
     REQUIRE(key != nullptr);
 
@@ -156,7 +158,7 @@ TEST_CASE("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
       DEBUG_PRINT = 1;
       is_sgx_https = 0;
 
-      init_all(false, false);
+      init_all(false, false, init_SEK);
         //init_enclave();
 
         int errStatus =  -1;
@@ -680,7 +682,7 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
   is_sgx_https = 0;
   DEBUG_PRINT = 1;
   cerr<< "test started" << endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
   StubClient c(client, JSONRPC_CLIENT_V2);
@@ -810,7 +812,7 @@ TEST_CASE("API test", "[api_test]") {
     is_sgx_https = 0;
   //cerr << __GNUC__ << endl;
     cerr << "API test started" << endl;
-    init_all(false, false);
+    init_all(false, false, init_SEK);
     //HttpServer httpserver(1025);
     //SGXWalletServer s(httpserver,
     //                JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
@@ -910,7 +912,7 @@ TEST_CASE("API test", "[api_test]") {
 
 TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
   is_sgx_https = 0;
-  init_all( false, false );
+  init_all( false, false, init_SEK );
   HttpClient client("http://localhost:1029");
   StubClient c(client, JSONRPC_CLIENT_V2);
   REQUIRE(c.getServerStatus()["status"] == 0);
@@ -1035,7 +1037,7 @@ TEST_CASE("ManySimultaneousThreads", "[many_threads_test]") {
   DEBUG_PRINT = 1;
   is_aes = 1;
 
-  init_all( false, false );
+  init_all( false, false, init_SEK );
 
   vector<thread> threads;
   int num_threads = 4;
@@ -1056,7 +1058,7 @@ TEST_CASE("ecdsa API test", "[ecdsa_api_test]") {
   is_aes = 1;
 
   cerr << "ecdsa_api_test started" << endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
 
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
@@ -1105,7 +1107,7 @@ TEST_CASE("dkg API test", "[dkg_api_test]") {
   is_sgx_https = 0;
 
   cerr << "dkg_api_test started" << endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
 
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
@@ -1179,7 +1181,7 @@ TEST_CASE("isPolyExists test", "[is_poly_test]") {
   is_sgx_https = 0;
 
   cerr << "is_poly_test started" << endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
 
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
@@ -1211,7 +1213,7 @@ TEST_CASE("AES_DKG test", "[aes_dkg]") {
   reset_db();
 
   std::cerr << "test started" << std::endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
   StubClient c(client, JSONRPC_CLIENT_V2);
@@ -1339,7 +1341,7 @@ TEST_CASE("bls_sign_api test", "[bls_sign]") {
   is_aes = 1;
 
   std::cerr << "test started" << std::endl;
-  init_all(false, false);
+  init_all(false, false, init_SEK);
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1029");
   StubClient c(client, JSONRPC_CLIENT_V2);