SKALE-2794 add extra checks

d6bb7ad3 · Oleh Nikolaiev · 8bd21997 · d6bb7ad3 · d6bb7ad3 · d6bb7ad3
Unverified Commit d6bb7ad3 authored Jun 24, 2020 by Oleh Nikolaiev
Showing with 43 additions and 43 deletions

DKGCrypto.cpp DKGCrypto.cpp +22 -12

Log.cpp Log.cpp +0 -4

SGXWalletServer.cpp SGXWalletServer.cpp +2 -2

cert_util.cpp cert_util.cpp +14 -18

DHDkg.c secure_enclave/DHDkg.c +5 -7

No files found.
--- a/DKGCrypto.cpp
+++ b/DKGCrypto.cpp
@@ -30,7 +30,6 @@
 #include "SGXWalletServer.hpp"
 #include "SGXException.h"
-//#include <libBLS/libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
 #include <libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
 #include "spdlog/spdlog.h"
@@ -58,8 +57,7 @@ vector<string> splitString(const char *coeffs, const char symbol) {
    return G2_strings;
 }
-template<class T>
+template<class T> string ConvertToString(T field_elem, int base = 10) {
-string ConvertToString(T field_elem, int base = 10) {
    mpz_t t;
    mpz_init(t);
@@ -86,11 +84,16 @@ string gen_dkg_poly(int _t) {
    status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
    if (errStatus != 0) {
+        spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data());
+        spdlog::debug("in DKGCrypto encr len is {}", enc_len);
        throw SGXException(-666, errMsg.data());
    }
-    spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data());
+    if (status != 0) {
+        spdlog::debug("trustedGenDkgSecret, status {}", status, " err msg ", errMsg.data());
        spdlog::debug("in DKGCrypto encr len is {}", enc_len);
+        throw SGXException(-666, errMsg.data());
+    }
    uint64_t length = DKG_MAX_SEALED_LEN;
    length = enc_len;
@@ -104,7 +107,7 @@ string gen_dkg_poly(int _t) {
 }
 vector<vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int n) {
-    vector<char> errMsg1(BUF_LEN, 0);
+    vector<char> errMsg(BUF_LEN, 0);
    int errStatus = 0;
@@ -123,14 +126,18 @@ vector<vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int n
    spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex));
    spdlog::debug("enc len {}", encLen);
-    status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen,
+    status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
                                        pubShares.data(), t, n);
    if (errStatus != 0) {
-        throw SGXException(-666, errMsg1.data());
+        throw SGXException(-666, errMsg.data());
    }
-    spdlog::debug("err msg is {}", errMsg1.data());
+    if (status != 0) {
+        throw SGXException(-666, errMsg.data());
+    }
+    spdlog::debug("err msg is {}", errMsg.data());
    spdlog::debug("public_shares:");
    spdlog::debug("{}", pubShares.data());;
@@ -208,7 +215,6 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol
        SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
        spdlog::debug("errMsg: {}", errMsg1.data());
    }
    return result;
@@ -235,6 +241,10 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
    trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result);
+    if (errStatus != 0) {
+        throw SGXException(-666, errMsg1.data());
+    }
    if (result == 2) {
        throw SGXException(INVALID_HEX, "Invalid public shares");
    }
@@ -333,7 +343,7 @@ string decryptDHKey(const string &polyName, int ind) {
    trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
    if (errStatus != 0) {
-        throw SGXException(/*ERROR_IN_ENCLAVE*/ errStatus, "decrypt key failed in enclave");
+        throw SGXException(errStatus, "decrypt key failed in enclave");
    }
    return DHKey;

--- a/Log.cpp
+++ b/Log.cpp
@@ -51,12 +51,8 @@ level_enum Log::logLevelFromString(string &_s) {
    return result;
 }
 void Log::handleSGXException(Json::Value& _result, SGXException& _e ) {
    spdlog::error("Responding with JSON error:" +  _e.errString);
    _result["status"] = _e.status;
    _result["errorMessage"] = _e.errString;
 }
--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -198,7 +198,6 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
    result["errorMessage"] = "Unknown server error";
    result["signatureShare"] = "";
-    // char *signature = (char *) calloc(BUF_LEN, 1); // remove
    string signature(BUF_LEN, '\0');
    shared_ptr <string> value = nullptr;
@@ -244,9 +243,10 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
        return result;
    }
+    auto it = std::find(signature.begin(), signature.end(), '\0');
    result["status"] = 0;
    result["errorMessage"] = "";
-    result["signatureShare"] = signature;
+    result["signatureShare"] = std::string(signature.begin(), it);
    return result;
 }

--- a/cert_util.cpp
+++ b/cert_util.cpp
@@ -21,7 +21,6 @@
    @date 2019
 */
 #include <iostream>
 #include <cstring>
 #include <jsonrpccpp/client/connectors/httpclient.h>
@@ -46,7 +45,6 @@ void sign_by_hash(std::string & hash, int status){
 }
 int main(int argc, char *argv[]) {
  int opt;
  if (argc > 1 && strlen(argv[1]) == 1) {
@@ -64,7 +62,6 @@ int main(int argc, char *argv[]) {
  std::string hash;
  while ((opt = getopt(argc, argv, "ps:r:")) != -1) {
      switch (opt) {
          case 'p': print_hashes();
                    break;
          case 's': hash = optarg;
@@ -75,7 +72,6 @@ int main(int argc, char *argv[]) {
                    break;
          case '?': // fprintf(stderr, "unknown flag\n");
                    exit(1);
      }
  }

--- a/secure_enclave/DHDkg.c
+++ b/secure_enclave/DHDkg.c
@@ -38,7 +38,7 @@
 #include "EnclaveCommon.h"
 #include <string.h>
-void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
+void gen_session_key(char *skey_str, char* pb_keyB, char* common_key) {
    char* pb_keyB_x = (char*)calloc(65, 1);
    strncpy(pb_keyB_x, pb_keyB, 64);
    pb_keyB_x[64] = 0;
@@ -76,7 +76,7 @@ void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){
    free(pb_keyB_y);
 }
-void session_key_recover(const char *skey_str, const char* sshare, char* common_key){
+void session_key_recover(const char *skey_str, const char* sshare, char* common_key) {
    char* pb_keyB_x = (char*)calloc(65, 1);
    strncpy(pb_keyB_x, sshare + 64, 64);
    pb_keyB_x[64] = 0;
@@ -123,7 +123,7 @@ void session_key_recover(const char *skey_str, const char* sshare, char* common_
    free(pb_keyB_y);
 }
-void xor_encrypt(char* key, char* message, char* cypher){
+void xor_encrypt(char* key, char* message, char* cypher) {
   uint8_t cypher_bin[33];
   uint8_t* key_bin = (uint8_t*)calloc(33,1);
@@ -135,14 +135,13 @@ void xor_encrypt(char* key, char* message, char* cypher){
   }
   uint64_t msg_length;
-   uint8_t msg_bin[33];//[ECDSA_BIN_LEN];
+   uint8_t msg_bin[33];
   if (!hex2carray(message, &msg_length, msg_bin)){
     cypher = NULL;
     free(key_bin);
     return;
   }
   for (int i = 0; i < 32; i++){
     cypher_bin[i] = msg_bin[i] ^ key_bin[i];
   }
@@ -152,7 +151,7 @@ void xor_encrypt(char* key, char* message, char* cypher){
   free(key_bin);
 }
-void xor_decrypt(char* key, char* cypher, char* message){
+void xor_decrypt(char* key, char* cypher, char* message) {
    uint8_t msg_bin[33];
    uint8_t* key_bin = (uint8_t*)calloc(33,1);
@@ -171,7 +170,6 @@ void xor_decrypt(char* key, char* cypher, char* message){
      return;
    }
    for (int i = 0; i < 32; i++){
        msg_bin[i] = cypher_bin[i] ^ key_bin[i];
    }