Skip to content

S
sgxwallet
Unverified Commit cd76e551 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge branch 'develop' into bug/SKALE-3481-nightly

parents ef0ef550 e9c0e3e9
Hide whitespace changes
Inline Side-by-side
Showing with 1084 additions and 13 deletions
.gitmodules
View file @ cd76e551
...@@ -16,7 +16,3 @@ ...@@ -16,7 +16,3 @@
[submodule "sgx-software-enable"] [submodule "sgx-software-enable"]
path = sgx-software-enable path = sgx-software-enable
url = https://github.com/intel/sgx-software-enable url = https://github.com/intel/sgx-software-enable
[submodule "secure_enclave/secp256k1-sgx"]
path = secure_enclave/secp256k1-sgx
url = https://github.com/bl4ck5un/secp256k1-sgx
branch = master
DKGCrypto.cpp
View file @ cd76e551
...@@ -284,6 +284,68 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve ...@@ -284,6 +284,68 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
return result; return result;
} }
string getSecretSharesV2(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n) {
CHECK_STATE(_encryptedPolyHex);
vector<char> hexEncrKey(BUF_LEN, 0);
vector<char> errMsg(BUF_LEN, 0);
vector <uint8_t> encrDKGPoly(BUF_LEN, 0);
int errStatus = 0;
uint64_t encLen = 0;
if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
sgx_status_t status = SGX_SUCCESS;
READ_LOCK(sgxInitMutex);
string result;
for (int i = 0; i < _n; i++) {
vector <uint8_t> encryptedSkey(BUF_LEN, 0);
uint64_t decLen;
vector<char> currentShare(193, 0);
vector<char> sShareG2(320, 0);
string pub_keyB = _publicKeys.at(i);
vector<char> pubKeyB(129, 0);
strncpy(pubKeyB.data(), pub_keyB.c_str(), 128);
pubKeyB.at(128) = 0;
spdlog::debug("pubKeyB is {}", pub_keyB);
sgx_status_t status = SGX_SUCCESS;
status = trustedGetEncryptedSecretShareV2(eid, &errStatus,
errMsg.data(),
encrDKGPoly.data(), encLen,
encryptedSkey.data(), &decLen,
currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
i + 1);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
result += string(currentShare.data());
hexEncrKey = carray2Hex(encryptedSkey.data(), decLen);
string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":";
string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
}
string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
SGXWalletServer::writeDataToDB(encryptedSecretShareName, result);
return result;
}
bool bool
verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) { verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
...@@ -320,6 +382,42 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr ...@@ -320,6 +382,42 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
return result; return result;
} }
bool
verifySharesV2(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
CHECK_STATE(publicShares);
CHECK_STATE(encr_sshare);
CHECK_STATE(encryptedKeyHex);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint64_t decKeyLen = 0;
int result = 0;
SAFE_UINT8_BUF(encr_key, BUF_LEN);
if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
}
SAFE_CHAR_BUF(pshares, 8193);
strncpy(pshares, publicShares, strlen(publicShares));
sgx_status_t status = SGX_SUCCESS;
RESTART_BEGIN
status = trustedDkgVerifyV2(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
ind, &result);
RESTART_END
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (result == 2) {
throw SGXException(INVALID_HEX, "Invalid public shares");
}
return result;
}
bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
CHECK_STATE(s_shares); CHECK_STATE(s_shares);
......
DKGCrypto.h
View file @ cd76e551
...@@ -41,8 +41,12 @@ vector<string> splitString(const char* coeffs, const char symbol); ...@@ -41,8 +41,12 @@ vector<string> splitString(const char* coeffs, const char symbol);
string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n); string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
string getSecretSharesV2(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind); bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
bool verifySharesV2(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
string decryptDHKey(const string& polyName, int ind); string decryptDHKey(const string& polyName, int ind);
bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex); bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
......
SGXWalletServer.cpp
View file @ cd76e551
...@@ -744,6 +744,76 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) { ...@@ -744,6 +744,76 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) {
RETURN_SUCCESS(result) RETURN_SUCCESS(result)
} }
Json::Value SGXWalletServer::getSecretShareV2Impl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["secretShare"] = "";
try {
if (_pubKeys.size() != (uint64_t) _n) {
throw SGXException(INVALID_DKG_PARAMS, "invalid number of public keys");
}
if (!checkName(_polyName, "POLY")) {
throw SGXException(INVALID_POLY_NAME, "Invalid polynomial name");
}
if (!check_n_t(_t, _n)) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
shared_ptr <string> encrPoly = readFromDb(_polyName);
vector <string> pubKeysStrs;
for (int i = 0; i < _n; i++) {
if (!checkHex(_pubKeys[i].asString(), 64)) {
throw SGXException(INVALID_HEX, "Invalid public key");
}
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string secret_share_name = "encryptedSecretShare:" + _polyName;
shared_ptr <string> encryptedSecretShare = checkDataFromDb(secret_share_name);
if (encryptedSecretShare != nullptr) {
result["secretShare"] = *encryptedSecretShare.get();
} else {
string s = getSecretSharesV2(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
}
Json::Value SGXWalletServer::dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName,
const string &_secretShare, int _t, int _n, int _index) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["result"] = false;
try {
if (!checkECDSAKeyName(_ethKeyName)) {
throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
}
if (!check_n_t(_t, _n) || _index >= _n || _index < 0) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
}
if (!checkHex(_secretShare, SECRET_SHARE_NUM_BYTES)) {
throw SGXException(INVALID_HEX, "Invalid Secret share");
}
if (_publicShares.length() != (uint64_t) 256 * _t) {
throw SGXException(INVALID_DKG_PARAMS, "Invalid length of public shares");
}
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
if (verifySharesV2(_publicShares.c_str(), _secretShare.c_str(), encryptedKeyHex_ptr->c_str(), _t, _n, _index)) {
result["result"] = true;
}
} HANDLE_SGX_EXCEPTION(result)
RETURN_SUCCESS(result)
}
Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) { Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
return generateDKGPolyImpl(_polyName, _t); return generateDKGPolyImpl(_polyName, _t);
} }
...@@ -827,6 +897,17 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) { ...@@ -827,6 +897,17 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) {
return deleteBlsKeyImpl(name); return deleteBlsKeyImpl(name);
} }
Json::Value SGXWalletServer::getSecretShareV2(const string &_polyName, const Json::Value &_publicKeys, int t, int n) {
return getSecretShareV2Impl(_polyName, _publicKeys, t, n);
}
Json::Value
SGXWalletServer::dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare,
int t,
int n, int index) {
return dkgVerificationV2Impl(_publicShares, ethKeyName, SecretShare, t, n, index);
}
shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) { shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
auto dataStr = checkDataFromDb(prefix + name); auto dataStr = checkDataFromDb(prefix + name);
......
SGXWalletServer.hpp
View file @ cd76e551
...@@ -91,6 +91,10 @@ public: ...@@ -91,6 +91,10 @@ public:
virtual Json::Value deleteBlsKey( const std::string& name ); virtual Json::Value deleteBlsKey( const std::string& name );
virtual Json::Value getSecretShareV2(const string &_polyName, const Json::Value &_publicKeys, int t, int n);
virtual Json::Value dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare, int t, int n, int index);
static shared_ptr<string> readFromDb(const string &name, const string &prefix = ""); static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = ""); static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
...@@ -143,6 +147,10 @@ public: ...@@ -143,6 +147,10 @@ public:
static Json::Value deleteBlsKeyImpl(const std::string& name); static Json::Value deleteBlsKeyImpl(const std::string& name);
static Json::Value getSecretShareV2Impl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n);
static Json::Value dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName, const string &_secretShare, int _t, int _n, int _index);
static void printDB(); static void printDB();
static int initHttpServer(); static int initHttpServer();
......
TestUtils.cpp
View file @ cd76e551
...@@ -296,6 +296,110 @@ void TestUtils::sendRPCRequest() { ...@@ -296,6 +296,110 @@ void TestUtils::sendRPCRequest() {
sigShareSet.merge(); sigShareSet.merge();
} }
void TestUtils::sendRPCRequestV2() {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
int n = 16, t = 16;
Json::Value ethKeys[n];
Json::Value verifVects[n];
Json::Value pubEthKeys;
Json::Value secretShares[n];
Json::Value pubBLSKeys[n];
Json::Value blsSigShares[n];
vector <string> pubShares(n);
vector <string> polyNames(n);
static atomic<int> counter(1);
int schainID = counter.fetch_add(1);
int dkgID = counter.fetch_add(1);
for (uint8_t i = 0; i < n; i++) {
ethKeys[i] = c.generateECDSAKey();
CHECK_STATE(ethKeys[i]["status"] == 0);
string polyName =
"POLY:SCHAIN_ID:" + to_string(schainID) + ":NODE_ID:" + to_string(i) + ":DKG_ID:" + to_string(dkgID);
auto response = c.generateDKGPoly(polyName, t);
CHECK_STATE(response["status"] == 0);
polyNames[i] = polyName;
verifVects[i] = c.getVerificationVector(polyName, t, n);
CHECK_STATE(verifVects[i]["status"] == 0);
pubEthKeys.append(ethKeys[i]["publicKey"]);
}
for (uint8_t i = 0; i < n; i++) {
secretShares[i] = c.getSecretShareV2(polyNames[i], pubEthKeys, t, n);
for (uint8_t k = 0; k < t; k++) {
for (uint8_t j = 0; j < 4; j++) {
string pubShare = verifVects[i]["verificationVector"][k][j].asString();
pubShares[i] += convertDecToHex(pubShare);
}
}
}
vector <string> secShares(n);
for (int i = 0; i < n; i++)
for (int j = 0; j < n; j++) {
string secretShare = secretShares[i]["secretShare"].asString().substr(192 * j, 192);
secShares[i] += secretShares[j]["secretShare"].asString().substr(192 * i, 192);
Json::Value verif = c.dkgVerificationV2(pubShares[i], ethKeys[j]["keyName"].asString(), secretShare, t, n, j);
CHECK_STATE(verif["status"] == 0);
}
BLSSigShareSet sigShareSet(t, n);
string hash = SAMPLE_HASH;
auto hash_arr = make_shared < array < uint8_t, 32 >> ();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
map <size_t, shared_ptr<BLSPublicKeyShare>> coeffs_pkeys_map;
Json::Value publicShares;
for (int i = 0; i < n; ++i) {
publicShares["publicShares"][i] = pubShares[i];
}
Json::Value blsPublicKeys = c.calculateAllBLSPublicKeys(publicShares, t, n);
CHECK_STATE(blsPublicKeys["status"] == 0);
for (int i = 0; i < t; i++) {
string endName = polyNames[i].substr(4);
string blsName = "BLS_KEY" + polyNames[i].substr(4);
string secretShare = secretShares[i]["secretShare"].asString();
auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t, n);
CHECK_STATE(response["status"] == 0);
pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
CHECK_STATE(pubBLSKeys[i]["status"] == 0);
libff::alt_bn128_G2 publicKey(libff::alt_bn128_Fq2(libff::alt_bn128_Fq(pubBLSKeys[i]["blsPublicKeyShare"][0].asCString()),
libff::alt_bn128_Fq(pubBLSKeys[i]["blsPublicKeyShare"][1].asCString())),
libff::alt_bn128_Fq2(libff::alt_bn128_Fq(pubBLSKeys[i]["blsPublicKeyShare"][2].asCString()),
libff::alt_bn128_Fq(pubBLSKeys[i]["blsPublicKeyShare"][3].asCString())),
libff::alt_bn128_Fq2::one());
string public_key_str = convertG2ToString(publicKey);
CHECK_STATE(public_key_str == blsPublicKeys["publicKeys"][i].asString());
string hash = SAMPLE_HASH;
blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n);
CHECK_STATE(blsSigShares[i]["status"] == 0);
shared_ptr <string> sig_share_ptr = make_shared<string>(blsSigShares[i]["signatureShare"].asString());
BLSSigShare sig(sig_share_ptr, i + 1, t, n);
sigShareSet.addSigShare(make_shared<BLSSigShare>(sig));
}
sigShareSet.merge();
}
void TestUtils::destroyEnclave() { void TestUtils::destroyEnclave() {
if (eid != 0) { if (eid != 0) {
sgx_destroy_enclave(eid); sgx_destroy_enclave(eid);
...@@ -444,6 +548,147 @@ void TestUtils::doDKG(StubClient &c, int n, int t, ...@@ -444,6 +548,147 @@ void TestUtils::doDKG(StubClient &c, int n, int t,
cerr << i << endl; cerr << i << endl;
} }
void TestUtils::doDKGV2(StubClient &c, int n, int t,
vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames,
int schainID, int dkgID) {
Json::Value ethKeys[n];
Json::Value verifVects[n];
Json::Value pubEthKeys;
Json::Value secretShares[n];
Json::Value pubBLSKeys[n];
Json::Value blsSigShares[n];
vector<string> pubShares(n);
vector<string> polyNames(n);
_ecdsaKeyNames.clear();
_blsKeyNames.clear();
for (uint8_t i = 0; i < n; i++) {
ethKeys[i] = c.generateECDSAKey();
CHECK_STATE(ethKeys[i]["status"] == 0);
auto keyName = ethKeys[i]["keyName"].asString();
CHECK_STATE(keyName.size() == ECDSA_KEY_NAME_SIZE);
_ecdsaKeyNames.push_back(keyName);
string polyName =
"POLY:SCHAIN_ID:" + to_string(schainID) + ":NODE_ID:" + to_string(i) + ":DKG_ID:" + to_string(dkgID);
Json::Value response = c.generateDKGPoly(polyName, t);
CHECK_STATE(response["status"] == 0);
polyNames[i] = polyName;
verifVects[i] = c.getVerificationVector(polyName, t, n);
CHECK_STATE(verifVects[i]["status"] == 0);
pubEthKeys.append(ethKeys[i]["publicKey"]);
}
for (uint8_t i = 0; i < n; i++) {
secretShares[i] = c.getSecretShareV2(polyNames[i], pubEthKeys, t, n);
CHECK_STATE(secretShares[i]["status"] == 0);
for (uint8_t k = 0; k < t; k++) {
for (uint8_t j = 0; j < 4; j++) {
string pubShare = verifVects[i]["verificationVector"][k][j].asString();
CHECK_STATE(pubShare.length() > 60);
pubShares[i] += TestUtils::convertDecToHex(pubShare);
}
}
}
int k = 0;
vector<string> secShares(n);
vector<string> pSharesBad(pubShares);
for (int i = 0; i < n; i++)
for (int j = 0; j < n; j++) {
string secretShare = secretShares[i]["secretShare"].asString().substr(192 * j, 192);
secShares[i] += secretShares[j]["secretShare"].asString().substr(192 * i, 192);
Json::Value response = c.dkgVerificationV2(pubShares[i], ethKeys[j]["keyName"].asString(), secretShare, t, n,
j);
CHECK_STATE(response["status"] == 0);
bool res = response["result"].asBool();
CHECK_STATE(res);
k++;
pSharesBad[i][0] = 'q';
Json::Value wrongVerif = c.dkgVerificationV2(pSharesBad[i], ethKeys[j]["keyName"].asString(), secretShare, t,
n, j);
res = wrongVerif["result"].asBool();
CHECK_STATE(!res);
}
BLSSigShareSet sigShareSet(t, n);
string hash = SAMPLE_HASH;
auto hash_arr = make_shared<array<uint8_t, 32 >>();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
map<size_t, shared_ptr<BLSPublicKeyShare>> pubKeyShares;
for (int i = 0; i < n; i++) {
string endName = polyNames[i].substr(4);
string blsName = "BLS_KEY" + polyNames[i].substr(4);
_blsKeyNames.push_back(blsName);
string secretShare = secretShares[i]["secretShare"].asString();
auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
n);
CHECK_STATE(response["status"] == 0);
pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
CHECK_STATE(pubBLSKeys[i]["status"] == 0);
}
for (int i = 0; i < t; i++) {
vector<string> pubKeyVect;
for (uint8_t j = 0; j < 4; j++) {
pubKeyVect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString());
}
BLSPublicKeyShare pubKey(make_shared<vector<string >>(pubKeyVect), t, n);
pubKeyShares[i + 1] = make_shared<BLSPublicKeyShare>(pubKey);
}
// create pub key
BLSPublicKey blsPublicKey(make_shared<map<size_t, shared_ptr<BLSPublicKeyShare >>>(pubKeyShares), t,
n);
// sign verify a sample sig
for (int i = 0; i < t; i++) {
string blsName = "BLS_KEY" + polyNames[i].substr(4);
blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n);
CHECK_STATE(blsSigShares[i]["status"] == 0);
shared_ptr<string> sig_share_ptr = make_shared<string>(blsSigShares[i]["signatureShare"].asString());
BLSSigShare sig(sig_share_ptr, i + 1, t, n);
sigShareSet.addSigShare(make_shared<BLSSigShare>(sig));
auto pubKey = pubKeyShares[i+1];
CHECK_STATE(pubKey->VerifySigWithHelper(hash_arr, make_shared<BLSSigShare>(sig), t, n));
}
shared_ptr<BLSSignature> commonSig = sigShareSet.merge();
CHECK_STATE(blsPublicKey.VerifySigWithHelper(hash_arr, commonSig, t, n));
for (auto&& i : _ecdsaKeyNames)
cerr << i << endl;
for (auto&& i : _blsKeyNames)
cerr << i << endl;
}
int sessionKeyRecoverDH(const char *skey_str, const char *sshare, char *common_key) { int sessionKeyRecoverDH(const char *skey_str, const char *sshare, char *common_key) {
int ret = -1; int ret = -1;
...@@ -566,3 +811,39 @@ int xorDecryptDH(char *key, const char *cypher, vector<char>& message) { ...@@ -566,3 +811,39 @@ int xorDecryptDH(char *key, const char *cypher, vector<char>& message) {
return ret; return ret;
} }
int xorDecryptDHV2(char *key, const char *cypher, vector<char>& message) {
int ret = -1;
if (!cypher) {
return ret;
}
if (!key) {
return ret;
}
if (!message.data()) {
return ret;
}
SAFE_CHAR_BUF(msg_bin,33)
uint64_t cypher_length;
SAFE_CHAR_BUF(cypher_bin, 33);
if (!hex2carray(cypher, &cypher_length, (uint8_t *) cypher_bin, 33)) {
return ret;
}
for (int i = 0; i < 32; i++) {
msg_bin[i] = cypher_bin[i] ^ (uint8_t)key[i];
}
message = carray2Hex((unsigned char*) msg_bin, 32);
ret = 0;
return ret;
}
TestUtils.h
View file @ cd76e551
...@@ -70,15 +70,23 @@ public: ...@@ -70,15 +70,23 @@ public:
static void sendRPCRequest(); static void sendRPCRequest();
static void sendRPCRequestV2();
static void destroyEnclave(); static void destroyEnclave();
static void doDKG(StubClient &c, int n, int t, static void doDKG(StubClient &c, int n, int t,
vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames, vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames,
int schainID, int dkgID); int schainID, int dkgID);
static void doDKGV2(StubClient &c, int n, int t,
vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames,
int schainID, int dkgID);
}; };
int sessionKeyRecoverDH(const char *skey_str, const char *sshare, char *common_key); int sessionKeyRecoverDH(const char *skey_str, const char *sshare, char *common_key);
int xorDecryptDH(char *key, const char *cypher, vector<char>& message); int xorDecryptDH(char *key, const char *cypher, vector<char>& message);
int xorDecryptDHV2(char *key, const char *cypher, vector<char>& message);
#endif //SGXWALLET_TESTW_H #endif //SGXWALLET_TESTW_H
abstractstubserver.h
View file @ cd76e551
...@@ -58,6 +58,9 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer> ...@@ -58,6 +58,9 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
this->bindAndAddMethod(jsonrpc::Procedure("getServerStatus", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractStubServer::getServerStatusI); this->bindAndAddMethod(jsonrpc::Procedure("getServerStatus", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractStubServer::getServerStatusI);
this->bindAndAddMethod(jsonrpc::Procedure("getServerVersion", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractStubServer::getServerVersionI); this->bindAndAddMethod(jsonrpc::Procedure("getServerVersion", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractStubServer::getServerVersionI);
this->bindAndAddMethod(jsonrpc::Procedure("deleteBlsKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "blsKeyName", jsonrpc::JSON_STRING, NULL), &AbstractStubServer::deleteBlsKeyI); this->bindAndAddMethod(jsonrpc::Procedure("deleteBlsKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "blsKeyName", jsonrpc::JSON_STRING, NULL), &AbstractStubServer::deleteBlsKeyI);
this->bindAndAddMethod(jsonrpc::Procedure("getSecretShareV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "polyName",jsonrpc::JSON_STRING,"publicKeys",jsonrpc::JSON_ARRAY, "n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::getSecretShareV2I);
this->bindAndAddMethod(jsonrpc::Procedure("dkgVerificationV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "publicShares",jsonrpc::JSON_STRING, "ethKeyName",jsonrpc::JSON_STRING, "secretShare",jsonrpc::JSON_STRING,"t",jsonrpc::JSON_INTEGER, "n",jsonrpc::JSON_INTEGER, "index",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::dkgVerificationV2I);
} }
inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response) inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
...@@ -144,6 +147,15 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer> ...@@ -144,6 +147,15 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
response = this->deleteBlsKey(request["blsKeyName"].asString()); response = this->deleteBlsKey(request["blsKeyName"].asString());
} }
inline virtual void getSecretShareV2I(const Json::Value &request, Json::Value &response)
{
response = this->getSecretShareV2(request["polyName"].asString(), request["publicKeys"], request["t"].asInt(),request["n"].asInt());
}
inline virtual void dkgVerificationV2I(const Json::Value &request, Json::Value &response)
{
response = this->dkgVerificationV2(request["publicShares"].asString(), request["ethKeyName"].asString(), request["secretShare"].asString(), request["t"].asInt(), request["n"].asInt(), request["index"].asInt());
}
virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName) = 0; virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName) = 0;
virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int t, int n ) = 0; virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int t, int n ) = 0;
virtual Json::Value importECDSAKey(const std::string& keyShare, const std::string& keyShareName) = 0; virtual Json::Value importECDSAKey(const std::string& keyShare, const std::string& keyShareName) = 0;
...@@ -165,6 +177,9 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer> ...@@ -165,6 +177,9 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
virtual Json::Value getServerStatus() = 0; virtual Json::Value getServerStatus() = 0;
virtual Json::Value getServerVersion() = 0; virtual Json::Value getServerVersion() = 0;
virtual Json::Value deleteBlsKey(const std::string& name) = 0; virtual Json::Value deleteBlsKey(const std::string& name) = 0;
virtual Json::Value getSecretShareV2(const std::string& polyName, const Json::Value& publicKeys, int t, int n) = 0;
virtual Json::Value dkgVerificationV2( const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
}; };
#endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_ #endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_
secure_enclave/DHDkg.c
View file @ cd76e551
...@@ -161,7 +161,7 @@ int session_key_recover(const char *skey_str, const char *sshare, char *common_k ...@@ -161,7 +161,7 @@ int session_key_recover(const char *skey_str, const char *sshare, char *common_k
point_clear(pub_keyB); point_clear(pub_keyB);
point_clear(session_key); point_clear(session_key);
return ret; return ret;
} }
int xor_encrypt(char *key, char *message, char *cypher) { int xor_encrypt(char *key, char *message, char *cypher) {
...@@ -209,6 +209,44 @@ int xor_encrypt(char *key, char *message, char *cypher) { ...@@ -209,6 +209,44 @@ int xor_encrypt(char *key, char *message, char *cypher) {
return ret; return ret;
} }
int xor_encrypt_v2(char *key, char *message, char *cypher) {
int ret = -1;
if (!cypher) {
LOG_ERROR("xor_encrypt: null cypher");
return ret;
}
if (!key) {
LOG_ERROR("xor_encrypt: null key");
return ret;
}
if (!message) {
LOG_ERROR("xor_encrypt: null message");
return ret;
}
SAFE_CHAR_BUF(cypher_bin, 33);
uint64_t msg_length;
uint8_t msg_bin[33];
if (!hex2carray(message, &msg_length, msg_bin)) {
return ret;
}
for (int i = 0; i < 32; i++) {
cypher_bin[i] = msg_bin[i] ^ (uint8_t)key[i];
}
carray2Hex((unsigned char*) cypher_bin, 32, cypher);
ret = 0;
return ret;
}
int xor_decrypt(char *key, char *cypher, char *message) { int xor_decrypt(char *key, char *cypher, char *message) {
int ret = -1; int ret = -1;
...@@ -254,3 +292,60 @@ int xor_decrypt(char *key, char *cypher, char *message) { ...@@ -254,3 +292,60 @@ int xor_decrypt(char *key, char *cypher, char *message) {
return ret; return ret;
} }
int xor_decrypt_v2(char *key, char *cypher, char *message) {
int ret = -1;
if (!cypher) {
LOG_ERROR("xor_encrypt: null cypher");
return ret;
}
if (!key) {
LOG_ERROR("xor_encrypt: null key");
return ret;
}
if (!message) {
LOG_ERROR("xor_encrypt: null message");
return ret;
}
SAFE_CHAR_BUF(msg_bin,33);
uint64_t cypher_length;
SAFE_CHAR_BUF(cypher_bin, 33);
if (!hex2carray(cypher, &cypher_length, (uint8_t *) cypher_bin)) {
return ret;
}
for (int i = 0; i < 32; i++) {
msg_bin[i] = cypher_bin[i] ^ (uint8_t)key[i];
}
carray2Hex((unsigned char*) msg_bin, 32, message);
ret = 0;
return ret;
}
int hash_key(char* key, char* hashed_key) {
int ret = -1;
if (!key) {
LOG_ERROR("hash_key: null key");
return ret;
}
if (!hashed_key) {
LOG_ERROR("hash_key: null hashed_key");
return ret;
}
ret = sgx_sha256_msg((uint8_t*)key, ECDSA_SKEY_LEN - 1, (uint8_t*)hashed_key);
return ret;
}
secure_enclave/DHDkg.h
View file @ cd76e551
...@@ -30,6 +30,12 @@ int session_key_recover(const char *skey_str, const char* sshare, char* common_k ...@@ -30,6 +30,12 @@ int session_key_recover(const char *skey_str, const char* sshare, char* common_k
int xor_encrypt(char* key, char* message, char* cypher); int xor_encrypt(char* key, char* message, char* cypher);
int xor_encrypt_v2(char* key, char* message, char* cypher);
int xor_decrypt(char* key, char* cypher, char* message); int xor_decrypt(char* key, char* cypher, char* message);
int xor_decrypt_v2(char* key, char* cypher, char* message);
int hash_key(char* key, char* hashed_key);
#endif //SGXD_DRIVE_KEY_DKG_H #endif //SGXD_DRIVE_KEY_DKG_H
secp256k1-sgx @ 5f235e8e
Subproject commit 5f235e8e9e821cd972c4a57afdfe47a7fe83acd0
secure_enclave/secure_enclave.c
View file @ cd76e551
...@@ -917,6 +917,86 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, ...@@ -917,6 +917,86 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString,
LOG_INFO("SGX call completed"); LOG_INFO("SGX call completed");
} }
void trustedGetEncryptedSecretShareV2(int *errStatus, char *errString,
uint8_t *_encrypted_poly, uint64_t _enc_len,
uint8_t *encrypted_skey, uint64_t *dec_len,
char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
uint8_t ind) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
uint64_t enc_len;
int status;
CHECK_STATE(encrypted_skey);
CHECK_STATE(result_str);
CHECK_STATE(s_shareG2);
CHECK_STATE(pub_keyB);
LOG_DEBUG(__FUNCTION__);
trustedSetEncryptedDkgPoly(&status, errString, _encrypted_poly, _enc_len);
CHECK_STATUS2("trustedSetEncryptedDkgPoly failed with status %d ");
SAFE_CHAR_BUF(skey, BUF_LEN);
SAFE_CHAR_BUF(pub_key_x, BUF_LEN);
SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
CHECK_STATUS("trustedGenerateEcdsaKey failed");
uint8_t type = 0;
uint8_t exportable = 0;
status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable);
skey[ECDSA_SKEY_LEN - 1] = 0;
CHECK_STATUS2("AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d");
*dec_len = enc_len;
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = gen_session_key(skey, pub_keyB, common_key);
CHECK_STATUS("gen_session_key failed")
SAFE_CHAR_BUF(s_share, BUF_LEN);
status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
CHECK_STATUS("calc secret share failed")
status = calc_secret_shareG2(s_share, s_shareG2);
CHECK_STATUS("invalid decr secret share");
SAFE_CHAR_BUF(derived_key, BUF_LEN);
status = hash_key(common_key, derived_key);
CHECK_STATUS("hash key failed")
derived_key[ECDSA_BIN_LEN - 1] = 0;
SAFE_CHAR_BUF(cypher, BUF_LEN);
status = xor_encrypt_v2(derived_key, s_share, cypher);
CHECK_STATUS("xor_encrypt failed")
strncpy(result_str, cypher, strlen(cypher));
strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
SET_SUCCESS
clean:
;
LOG_INFO(__FUNCTION__ );
LOG_INFO("SGX call completed");
}
void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
char *public_shares, char *public_shares,
unsigned _t, unsigned _n) { unsigned _t, unsigned _n) {
...@@ -983,12 +1063,68 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares ...@@ -983,12 +1063,68 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
SAFE_CHAR_BUF(decr_sshare, BUF_LEN); SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
status=xor_decrypt(common_key, encr_sshare, decr_sshare); status = xor_decrypt(common_key, encr_sshare, decr_sshare);
CHECK_STATUS("xor_decrypt failed") CHECK_STATUS("xor_decrypt failed")
status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind);
SET_SUCCESS
clean:
mpz_clear(s);
LOG_INFO(__FUNCTION__ );
LOG_INFO("SGX call completed");
}
void trustedDkgVerifyV2(int *errStatus, char *errString, const char *public_shares, const char *s_share,
uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
LOG_INFO(__FUNCTION__);
INIT_ERROR_STATE
CHECK_STATE(public_shares);
CHECK_STATE(s_share);
CHECK_STATE(encryptedPrivateKey);
SAFE_CHAR_BUF(skey,BUF_LEN);
mpz_t s;
mpz_init(s);
uint8_t type = 0;
uint8_t exportable = 0;
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
&type, &exportable);
CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
SAFE_CHAR_BUF(encr_sshare, BUF_LEN);
strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
SAFE_CHAR_BUF(common_key, BUF_LEN);
status = session_key_recover(skey, s_share, common_key);
CHECK_STATUS("session_key_recover failed");
SAFE_CHAR_BUF(derived_key, BUF_LEN);
status = hash_key(common_key, derived_key);
CHECK_STATUS("hash key failed")
derived_key[ECDSA_BIN_LEN - 1] = 0;
SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
status = xor_decrypt_v2(derived_key, encr_sshare, decr_sshare);
CHECK_STATUS("xor_decrypt failed")
status = mpz_set_str(s, decr_sshare, 16); status = mpz_set_str(s, decr_sshare, 16);
CHECK_STATUS("invalid decr secret share"); CHECK_STATUS("invalid decr secret share");
*result = Verification(public_shares, s, _t, _ind); *result = Verification(public_shares, s, _t, _ind);
......
secure_enclave/secure_enclave.edl
View file @ cd76e551
...@@ -88,10 +88,6 @@ enclave { ...@@ -88,10 +88,6 @@ enclave {
[out, count = 3072] uint8_t* decrypted_dkg_secret [out, count = 3072] uint8_t* decrypted_dkg_secret
); );
public void trustedGetEncryptedSecretShare( public void trustedGetEncryptedSecretShare(
[out]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] char *err_string,
...@@ -106,6 +102,20 @@ enclave { ...@@ -106,6 +102,20 @@ enclave {
uint8_t _n, uint8_t _n,
uint8_t ind); uint8_t ind);
public void trustedGetEncryptedSecretShareV2(
[out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char *err_string,
[in, count = 3050] uint8_t* encrypted_poly,
uint64_t enc_len,
[out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
[out] uint64_t* dec_len,
[out, count = 193] char* result_str,
[out, count = 320] char* s_shareG2,
[in, string] char* pub_keyB,
uint8_t _t,
uint8_t _n,
uint8_t ind);
public void trustedGetPublicShares( public void trustedGetPublicShares(
[out] int *errStatus, [out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
...@@ -126,6 +136,17 @@ enclave { ...@@ -126,6 +136,17 @@ enclave {
int _ind, int _ind,
[out] int* result); [out] int* result);
public void trustedDkgVerifyV2(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, string] const char* public_shares,
[in, string] const char* s_share,
[in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
uint64_t key_len,
unsigned _t,
int _ind,
[out] int* result);
public void trustedCreateBlsKey( public void trustedCreateBlsKey(
[out]int *errStatus, [out]int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] char* err_string,
......
stubclient.h
View file @ cd76e551
...@@ -125,6 +125,20 @@ class StubClient : public jsonrpc::Client ...@@ -125,6 +125,20 @@ class StubClient : public jsonrpc::Client
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
Json::Value getSecretShareV2(const std::string& polyName, const Json::Value& publicKeys, int t, int n)
{
Json::Value p;
p["polyName"] = polyName;
p["publicKeys"] = publicKeys;
p["n"] = n;
p["t"] = t;
Json::Value result = this->CallMethod("getSecretShareV2",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value dkgVerification(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) Json::Value dkgVerification(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index)
{ {
Json::Value p; Json::Value p;
...@@ -141,6 +155,22 @@ class StubClient : public jsonrpc::Client ...@@ -141,6 +155,22 @@ class StubClient : public jsonrpc::Client
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
Json::Value dkgVerificationV2(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index)
{
Json::Value p;
p["ethKeyName"] = ethKeyName;
p["secretShare"] = SecretShare;
p["index"] = index;
p["n"] = n;
p["publicShares"] = publicShares;
p["t"] = t;
Json::Value result = this->CallMethod("dkgVerificationV2",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n) Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n)
{ {
Json::Value p; Json::Value p;
......
testw.cpp
View file @ cd76e551
...@@ -387,6 +387,36 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- ...@@ -387,6 +387,36 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
REQUIRE(errStatus == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS);
} }
TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares version 2 test", "[dkg-aes-encr-sshares-v2]") {
vector<char> errMsg(BUF_LEN, 0);
vector<char> result(BUF_LEN, 0);
int errStatus = 0;
uint64_t encLen = 0;
vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
PRINT_SRC_LINE
auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
vector <uint8_t> encrPRDHKey(BUF_LEN, 0);
string pub_keyB = SAMPLE_PUBLIC_KEY_B;
vector<char> s_shareG2(BUF_LEN, 0);
PRINT_SRC_LINE
status = trustedGetEncryptedSecretShareV2(eid, &errStatus,errMsg.data(),
encryptedDKGSecret.data(), encLen,
encrPRDHKey.data(), &encLen,
result.data(),
s_shareG2.data(),
(char *) pub_keyB.data(), 2, 2, 1);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
/* /*
* ( "verification test", "[verify]" ) { * ( "verification test", "[verify]" ) {
...@@ -429,6 +459,27 @@ TEST_CASE_METHOD(TestFixture, "DKG_BLS test", "[dkg-bls]") { ...@@ -429,6 +459,27 @@ TEST_CASE_METHOD(TestFixture, "DKG_BLS test", "[dkg-bls]") {
TestUtils::doDKG(c, 16, 5, ecdsaKeyNames, blsKeyNames, schainID, dkgID); TestUtils::doDKG(c, 16, 5, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
} }
TEST_CASE_METHOD(TestFixture, "DKG_BLS V2 test", "[dkg-bls-v2]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
vector <string> ecdsaKeyNames;
vector <string> blsKeyNames;
int schainID = TestUtils::randGen();
int dkgID = TestUtils::randGen();
PRINT_SRC_LINE
TestUtils::doDKGV2(c, 4, 1, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
REQUIRE(blsKeyNames.size() == 4);
schainID = TestUtils::randGen();
dkgID = TestUtils::randGen();
TestUtils::doDKGV2(c, 16, 5, ecdsaKeyNames, blsKeyNames, schainID, dkgID);
}
TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") { TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") {
HttpClient client(RPC_ENDPOINT); HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2); StubClient c(client, JSONRPC_CLIENT_V2);
...@@ -578,6 +629,66 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") { ...@@ -578,6 +629,66 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") {
REQUIRE(verificationWrongSkeys["status"].asInt() != 0); REQUIRE(verificationWrongSkeys["status"].asInt() != 0);
} }
TEST_CASE_METHOD(TestFixture, "DKG API V2 test", "[dkg-api-v2]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
string polyName = SAMPLE_POLY_NAME;
PRINT_SRC_LINE
Json::Value genPoly = c.generateDKGPoly(polyName, 2);
REQUIRE(genPoly["status"].asInt() == 0);
Json::Value publicKeys;
publicKeys.append(SAMPLE_DKG_PUB_KEY_1);
publicKeys.append(SAMPLE_DKG_PUB_KEY_2);
// wrongName
Json::Value genPolyWrongName = c.generateDKGPoly("poly", 2);
REQUIRE(genPolyWrongName["status"].asInt() != 0);
Json::Value verifVectWrongName = c.getVerificationVector("poly", 2, 2);
REQUIRE(verifVectWrongName["status"].asInt() != 0);
Json::Value secretSharesWrongName = c.getSecretShareV2("poly", publicKeys, 2, 2);
REQUIRE(secretSharesWrongName["status"].asInt() != 0);
// wrong_t
Json::Value genPolyWrong_t = c.generateDKGPoly(polyName, 33);
REQUIRE(genPolyWrong_t["status"].asInt() != 0);
Json::Value verifVectWrong_t = c.getVerificationVector(polyName, 1, 2);
REQUIRE(verifVectWrong_t["status"].asInt() != 0);
Json::Value secretSharesWrong_t = c.getSecretShareV2(polyName, publicKeys, 3, 3);
REQUIRE(secretSharesWrong_t["status"].asInt() != 0);
// wrong_n
Json::Value verifVectWrong_n = c.getVerificationVector(polyName, 2, 1);
REQUIRE(verifVectWrong_n["status"].asInt() != 0);
Json::Value publicKeys1;
publicKeys1.append(SAMPLE_DKG_PUB_KEY_1);
Json::Value secretSharesWrong_n = c.getSecretShareV2(polyName, publicKeys1, 2, 1);
REQUIRE(secretSharesWrong_n["status"].asInt() != 0);
//wrong number of publicKeys
Json::Value secretSharesWrongPkeys = c.getSecretShareV2(polyName, publicKeys, 2, 3);
REQUIRE(secretSharesWrongPkeys["status"].asInt() != 0);
//wrong verif
Json::Value Skeys = c.getSecretShareV2(polyName, publicKeys, 2, 2);
REQUIRE_NOTHROW(c.getSecretShare(polyName, publicKeys, 2, 2));
REQUIRE(Skeys == c.getSecretShare(polyName, publicKeys, 2, 2));
Json::Value verifVect = c.getVerificationVector(polyName, 2, 2);
REQUIRE_NOTHROW(c.getVerificationVector(polyName, 2, 2));
REQUIRE(verifVect == c.getVerificationVector(polyName, 2, 2));
Json::Value verificationWrongSkeys = c.dkgVerificationV2("", "", "", 2, 2, 1);
REQUIRE(verificationWrongSkeys["status"].asInt() != 0);
}
TEST_CASE_METHOD(TestFixture, "PolyExists test", "[dkg-poly-exists]") { TEST_CASE_METHOD(TestFixture, "PolyExists test", "[dkg-poly-exists]") {
HttpClient client(RPC_ENDPOINT); HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2); StubClient c(client, JSONRPC_CLIENT_V2);
...@@ -756,6 +867,171 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { ...@@ -756,6 +867,171 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n)); REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n));
} }
TEST_CASE_METHOD(TestFixture, "AES_DKG V2 test", "[aes-dkg-v2]") {
HttpClient client(RPC_ENDPOINT);
StubClient c(client, JSONRPC_CLIENT_V2);
int n = 2, t = 2;
Json::Value ethKeys[n];
Json::Value verifVects[n];
Json::Value pubEthKeys;
Json::Value secretShares[n];
Json::Value pubBLSKeys[n];
Json::Value blsSigShares[n];
vector <string> pubShares(n);
vector <string> polyNames(n);
int schainID = TestUtils::randGen();
int dkgID = TestUtils::randGen();
for (uint8_t i = 0; i < n; i++) {
PRINT_SRC_LINE
ethKeys[i] = c.generateECDSAKey();
REQUIRE(ethKeys[i]["status"] == 0);
string polyName =
"POLY:SCHAIN_ID:" + to_string(schainID) + ":NODE_ID:" + to_string(i) + ":DKG_ID:" + to_string(dkgID);
REQUIRE(ethKeys[i]["status"] == 0);
auto response = c.generateDKGPoly(polyName, t);
REQUIRE(response["status"] == 0);
polyNames[i] = polyName;
PRINT_SRC_LINE
verifVects[i] = c.getVerificationVector(polyName, t, n);
REQUIRE(verifVects[i]["status"] == 0);
pubEthKeys.append(ethKeys[i]["publicKey"]);
}
for (uint8_t i = 0; i < n; i++) {
PRINT_SRC_LINE
secretShares[i] = c.getSecretShareV2(polyNames[i], pubEthKeys, t, n);
REQUIRE(secretShares[i]["status"] == 0);
for (uint8_t k = 0; k < t; k++)
for (uint8_t j = 0; j < 4; j++) {
string pubShare = verifVects[i]["verificationVector"][k][j].asString();
pubShares[i] += TestUtils::convertDecToHex(pubShare);
}
}
int k = 0;
vector <string> secShares(n);
for (int i = 0; i < n; i++)
for (int j = 0; j < n; j++) {
string secretShare = secretShares[i]["secretShare"].asString().substr(192 * j, 192);
secShares[i] += secretShares[j]["secretShare"].asString().substr(192 * i, 192);
PRINT_SRC_LINE
Json::Value verif = c.dkgVerificationV2(pubShares[i], ethKeys[j]["keyName"].asString(), secretShare, t, n, j);
REQUIRE(verif["status"] == 0);
bool res = verif["result"].asBool();
k++;
REQUIRE(res);
}
Json::Value complaintResponse = c.complaintResponse(polyNames[1], t, n, 0);
REQUIRE(complaintResponse["status"] == 0);
string dhKey = complaintResponse["dhKey"].asString();
string shareG2 = complaintResponse["share*G2"].asString();
string secretShare = secretShares[1]["secretShare"].asString().substr(0, 192);
vector<char> message (65, 0);
SAFE_CHAR_BUF(encr_sshare, BUF_LEN)
strncpy(encr_sshare, pubEthKeys[0].asString().c_str(), 128);
SAFE_CHAR_BUF(common_key, BUF_LEN);
REQUIRE(sessionKeyRecoverDH(dhKey.c_str(), encr_sshare, common_key) == 0);
auto hashed_key = cryptlite::sha256::hash_hex(string(common_key, 64));
SAFE_CHAR_BUF(derived_key, 33)
uint64_t key_length;
REQUIRE(hex2carray(&hashed_key[0], &key_length, (uint8_t*) derived_key, 33));
SAFE_CHAR_BUF(encr_sshare_check, BUF_LEN)
strncpy(encr_sshare_check, secretShare.c_str(), ECDSA_SKEY_LEN - 1);
REQUIRE(xorDecryptDHV2(derived_key, encr_sshare_check, message) == 0);
mpz_t hex_share;
mpz_init(hex_share);
mpz_set_str(hex_share, message.data(), 16);
libff::alt_bn128_Fr share(hex_share);
libff::alt_bn128_G2 decrypted_share_G2 = share * libff::alt_bn128_G2::one();
decrypted_share_G2.to_affine_coordinates();
mpz_clear(hex_share);
REQUIRE( convertG2ToString(decrypted_share_G2) == shareG2 );
Json::Value verificationVectorMult = complaintResponse["verificationVectorMult"];
libff::alt_bn128_G2 verificationValue = libff::alt_bn128_G2::zero();
for (int i = 0; i < t; ++i) {
libff::alt_bn128_G2 value;
value.Z = libff::alt_bn128_Fq2::one();
value.X.c0 = libff::alt_bn128_Fq(verificationVectorMult[i][0].asCString());
value.X.c1 = libff::alt_bn128_Fq(verificationVectorMult[i][1].asCString());
value.Y.c0 = libff::alt_bn128_Fq(verificationVectorMult[i][2].asCString());
value.Y.c1 = libff::alt_bn128_Fq(verificationVectorMult[i][3].asCString());
verificationValue = verificationValue + value;
}
verificationValue.to_affine_coordinates();
REQUIRE( verificationValue == decrypted_share_G2 );
BLSSigShareSet sigShareSet(t, n);
string hash = SAMPLE_HASH;
auto hash_arr = make_shared < array < uint8_t, 32 > >();
uint64_t binLen;
if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) {
throw SGXException(INVALID_HEX, "Invalid hash");
}
map <size_t, shared_ptr<BLSPublicKeyShare>> coeffs_pkeys_map;
for (int i = 0; i < t; i++) {
string endName = polyNames[i].substr(4);
string blsName = "BLS_KEY" + polyNames[i].substr(4);
auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
n);
REQUIRE(response["status"] == 0);
PRINT_SRC_LINE
pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
REQUIRE(pubBLSKeys[i]["status"] == 0);
string hash = SAMPLE_HASH;
blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n);
REQUIRE(blsSigShares[i]["status"] == 0);
shared_ptr <string> sig_share_ptr = make_shared<string>(blsSigShares[i]["signatureShare"].asString());
BLSSigShare sig(sig_share_ptr, i + 1, t, n);
sigShareSet.addSigShare(make_shared<BLSSigShare>(sig));
vector <string> pubKey_vect;
for (uint8_t j = 0; j < 4; j++) {
pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString());
}
BLSPublicKeyShare pubKey(make_shared < vector < string >> (pubKey_vect), t, n);
PRINT_SRC_LINE
REQUIRE(pubKey.VerifySigWithHelper(hash_arr, make_shared<BLSSigShare>(sig), t, n));
coeffs_pkeys_map[i + 1] = make_shared<BLSPublicKeyShare>(pubKey);
}
shared_ptr <BLSSignature> commonSig = sigShareSet.merge();
BLSPublicKey
common_public(make_shared < map < size_t, shared_ptr < BLSPublicKeyShare >>>(coeffs_pkeys_map), t, n);
REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n));
}
TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
int errStatus = 0; int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0); vector<char> errMsg(BUF_LEN, 0);
...@@ -791,6 +1067,18 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt ...@@ -791,6 +1067,18 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
} }
} }
TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg v2 bls", "[many-threads-crypto-v2]") {
vector <thread> threads;
int num_threads = 4;
for (int i = 0; i < num_threads; i++) {
threads.push_back(thread(TestUtils::sendRPCRequest));
}
for (auto &thread : threads) {
thread.join();
}
}
TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") { TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") {
HttpClient client(RPC_ENDPOINT); HttpClient client(RPC_ENDPOINT);
......
testw.py
View file @ cd76e551
...@@ -31,6 +31,7 @@ print("Top directory is:" + topDir) ...@@ -31,6 +31,7 @@ print("Top directory is:" + topDir)
testList = ["[first-run]", testList = ["[first-run]",
"[second-run]", "[second-run]",
"[many-threads-crypto]", "[many-threads-crypto]",
"[many-threads-crypto-v2]",
"[backup-restore]", "[backup-restore]",
"[cert-sign]", "[cert-sign]",
"[get-server-status]", "[get-server-status]",
...@@ -45,12 +46,16 @@ testList = ["[first-run]", ...@@ -45,12 +46,16 @@ testList = ["[first-run]",
"[bls-key-encrypt]", "[bls-key-encrypt]",
"[dkg-aes-gen]", "[dkg-aes-gen]",
"[dkg-aes-encr-sshares]", "[dkg-aes-encr-sshares]",
"[dkg-aes-encr-sshares-v2]",
"[dkg-api]", "[dkg-api]",
"[dkg-api-v2]",
"[dkg-bls]", "[dkg-bls]",
"[dkg-bls-v2]",
"[dkg-poly-exists]", "[dkg-poly-exists]",
"[dkg-aes-pub-shares]", "[dkg-aes-pub-shares]",
"[aes-encrypt-decrypt]", "[aes-encrypt-decrypt]",
"[aes-dkg]" "[aes-dkg]",
"[aes-dkg-v2]"
] ]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment