Skip to content

S
sgxwallet
Unverified Commit d92bb2eb authored by svetaro's avatar svetaro
Browse files
Options

Merge branch 'master' into enhancement/SKALE-1512-add-DKG-to-SGX

parents d5c3daaf 3c31e5a9
Show whitespace changes
Inline Side-by-side
Showing with 1422 additions and 602 deletions
BLSCrypto.cpp
View file @ d92bb2eb
...@@ -26,49 +26,10 @@ ...@@ -26,49 +26,10 @@
#include "SGXWalletServer.h" #include "SGXWalletServer.h"
#include "BLSCrypto.h" #include "BLSCrypto.h"
#include "ServerInit.h"
void init_enclave() {
eid = 0;
updated = 0;
unsigned long support;
#ifndef SGX_HW_SIM
support = get_sgx_support();
if (!SGX_OK(support)) {
sgx_support_perror(support);
exit(1);
}
#endif
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
if (status != SGX_SUCCESS) {
if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
fprintf(stderr, "sgx_create_enclave: %s: file not found\n", ENCLAVE_NAME);
fprintf(stderr, "Did you forget to set LD_LIBRARY_PATH?\n");
} else {
fprintf(stderr, "%s: 0x%04x\n", ENCLAVE_NAME, status);
}
exit(1);
}
fprintf(stderr, "Enclave launched\n");
status = tgmp_init(eid);
if (status != SGX_SUCCESS) {
fprintf(stderr, "ECALL tgmp_init: 0x%04x\n", status);
exit(1);
}
fprintf(stderr, "libtgmp initialized\n");
}
int char2int(char _input) { int char2int(char _input) {
if (_input >= '0' && _input <= '9') if (_input >= '0' && _input <= '9')
return _input - '0'; return _input - '0';
...@@ -123,22 +84,9 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len, ...@@ -123,22 +84,9 @@ bool hex2carray(const char * _hex, uint64_t *_bin_len,
} }
void init_daemon() {
libff::init_alt_bn128_params();
// Set up database connection information and open database
leveldb::DB* db;
leveldb::Options options;
options.create_if_missing = true;
leveldb::Status status = leveldb::DB::Open(options, "./keysdb", &db);
}
bool sign(char* _encryptedKeyHex, char* _hashHex, size_t _t, size_t _n, size_t _signerIndex, bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) { char* _sig) {
...@@ -150,19 +98,73 @@ bool sign(char* _encryptedKeyHex, char* _hashHex, size_t _t, size_t _n, size_t _ ...@@ -150,19 +98,73 @@ bool sign(char* _encryptedKeyHex, char* _hashHex, size_t _t, size_t _n, size_t _
hex2carray(_hashHex, &binLen, hash->data()); hex2carray(_hashHex, &binLen, hash->data());
auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n); auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex); auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
auto sigShareStr = sigShare->toString();
strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
return true; return true;
} }
void init_all() { char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
init_server(); char *keyArray = (char *) calloc(BUF_LEN, 1);
init_enclave(); uint8_t *encryptedKey = (uint8_t *) calloc(BUF_LEN, 1);
init_daemon(); char *errMsg = (char *) calloc(BUF_LEN, 1);
strncpy((char *) keyArray, (char *) _key, BUF_LEN);
*errStatus = -1;
unsigned int encryptedLen = 0;
status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
if (status != SGX_SUCCESS) {
*errStatus = -1;
return nullptr;
}
if (*errStatus != 0) {
return nullptr;
}
char *result = (char *) calloc(2 * BUF_LEN, 1);
carray2Hex(encryptedKey, encryptedLen, result);
return result;
}
char *decryptBLSKeyShareFromHex(int *errStatus, char *errMsg, const char *_encryptedKey) {
*errStatus = -1;
uint64_t decodedLen = 0;
uint8_t decoded[BUF_LEN];
if (!(hex2carray(_encryptedKey, &decodedLen, decoded))) {
return nullptr;
}
char *plaintextKey = (char *) calloc(BUF_LEN, 1);
status = decrypt_key(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
if (status != SGX_SUCCESS) {
return nullptr;
}
if (*errStatus != 0) {
return nullptr;
}
return plaintextKey;
} }
\ No newline at end of file
BLSCrypto.h
View file @ d92bb2eb
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
// //
#ifndef SGXD_BLSCRYPTO_H #ifndef SGXWALLET_BLSCRYPTO_H
#define SGXD_BLSCRYPTO_H #define SGXWALLET_BLSCRYPTO_H
#ifdef __cplusplus #ifdef __cplusplus
#define EXTERNC extern "C" #define EXTERNC extern "C"
...@@ -18,7 +18,7 @@ EXTERNC void init_daemon(); ...@@ -18,7 +18,7 @@ EXTERNC void init_daemon();
EXTERNC void init_enclave(); EXTERNC void init_enclave();
EXTERNC bool sign(char* encryptedKeyHex, char* hashHex, size_t t, size_t n, char* _sig); EXTERNC bool sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n, size_t signerIndex, char* _sig);
EXTERNC int char2int(char _input); EXTERNC int char2int(char _input);
...@@ -28,6 +28,8 @@ EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len, ...@@ -28,6 +28,8 @@ EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len,
EXTERNC char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key);
EXTERNC char *decryptBLSKeyShareFromHex(int *errStatus, char *errMsg, const char *_encryptedKey);
#endif //SGXD_BLSCRYPTO_H #endif //SGXWALLET_BLSCRYPTO_H
BLSPrivateKeyShareSGX.cpp
View file @ d92bb2eb
...@@ -32,6 +32,7 @@ using namespace std; ...@@ -32,6 +32,7 @@ using namespace std;
#include "sgxwallet.h" #include "sgxwallet.h"
#include "BLSCrypto.h" #include "BLSCrypto.h"
#include "ServerInit.h"
#include "BLSPrivateKeyShareSGX.h" #include "BLSPrivateKeyShareSGX.h"
...@@ -158,6 +159,8 @@ std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX( ...@@ -158,6 +159,8 @@ std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key")); BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
} }
cerr << "Key is " + *encryptedKeyHex << endl;
sgx_status_t status = sgx_status_t status =
bls_sign_message(eid, &errStatus, errMsg, encryptedKey, bls_sign_message(eid, &errStatus, errMsg, encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
...@@ -170,17 +173,27 @@ std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX( ...@@ -170,17 +173,27 @@ std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
if (errStatus != 0) { if (errStatus != 0) {
gmp_printf("Enclave bls_sign_message failed %d\n", errStatus); BOOST_THROW_EXCEPTION(runtime_error("Enclave bls_sign_message failed:" + to_string(errStatus) + ":" + errMsg ));
BOOST_THROW_EXCEPTION(runtime_error("Enclave bls_sign_message failed"));
return nullptr; return nullptr;
} }
int sigLen;
if ((sigLen = strnlen(signature, 10)) < 10) {
BOOST_THROW_EXCEPTION(runtime_error("Signature too short:" + to_string(sigLen)));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second; hash_with_hint.second;
auto sig = make_shared<string>(signature); auto sig = make_shared<string>(signature);
sig->append(":");
sig->append(hint);
auto s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners, auto s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners); totalSigners);
......
BLSPrivateKeyShareSGX.h
View file @ d92bb2eb
...@@ -21,10 +21,11 @@ ...@@ -21,10 +21,11 @@
@date 2019 @date 2019
*/ */
#ifndef SGXD_BLSPRIVATEKEYSHARESGX_H #ifndef SGXWALLET_BLSPRIVATEKEYSHARESGX_H
#define SGXD_BLSPRIVATEKEYSHARESGX_H #define SGXWALLET_BLSPRIVATEKEYSHARESGX_H
#define SGXD_BLSPRIVATEKEYSHARESGX_H #define SGXWALLET_BLSPRIVATEKEYSHARESGX_H
#include "BLSSigShare.h"
#include "BLSPrivateKeyShare.h" #include "BLSPrivateKeyShare.h"
class BLSPrivateKeyShareSGX { class BLSPrivateKeyShareSGX {
......
CMakeLists.txt
View file @ d92bb2eb
...@@ -99,8 +99,8 @@ add_custom_target(sgxd COMMAND make all ...@@ -99,8 +99,8 @@ add_custom_target(sgxd COMMAND make all
libff/libff/common/utils.cpp libff/libff/common/utils.cpp
libff/libff/common/utils.hpp libff/libff/common/utils.hpp
libff/libff/common/utils.tcc libff/libff/common/utils.tcc
secure_enclave/BLSUtils.cpp secure_enclave/BLSEnclave.cpp
secure_enclave/BLSUtils.h secure_enclave/BLSEnclave.h
secure_enclave/secure_enclave.c secure_enclave/secure_enclave.c
secure_enclave/secure_enclave_t.c secure_enclave/secure_enclave_t.c
secure_enclave/secure_enclave_t.h secure_enclave/secure_enclave_t.h
...@@ -116,5 +116,6 @@ add_custom_target(sgxd COMMAND make all ...@@ -116,5 +116,6 @@ add_custom_target(sgxd COMMAND make all
sgx_stub.c sgx_stub.c
sgx_stub.h sgx_stub.h
sgx_tgmp.h sgx_tgmp.h
sgxd.c sgxwallet.c
testw.cpp
) )
LevelDB.cpp 0 → 100644
View file @ d92bb2eb
/*
Copyright (C) 2019 SKALE Labs
This file is part of skale-consensus.
skale-consensus is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
skale-consensus is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with skale-consensus. If not, see <https://www.gnu.org/licenses/>.
@file LevelDB.cpp
@author Stan Kladko
@date 2019
*/
#include <stdexcept>
#include <memory>
#include <string>
#include "leveldb/db.h"
#include "sgxwallet_common.h"
#include "RPCException.h"
#include "LevelDB.h"
using namespace leveldb;
static WriteOptions writeOptions;
static ReadOptions readOptions;
LevelDB* levelDb = nullptr;
std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
std::lock_guard<std::recursive_mutex> lock(mutex);
auto result = std::make_shared<std::string>();
if (db == nullptr) {
throw RPCException(NULL_DATABASE, "Null db");
}
auto status = db->Get(readOptions, _key, &*result);
throwExceptionOnError(status);
if (status.IsNotFound())
return nullptr;
return result;
}
void LevelDB::writeString(const std::string &_key, const std::string &_value) {
std::lock_guard<std::recursive_mutex> lock(mutex);
auto status = db->Put(writeOptions, Slice(_key), Slice(_value));
throwExceptionOnError(status);
}
void LevelDB::writeByteArray(const char *_key, size_t _keyLen, const char *value,
size_t _valueLen) {
std::lock_guard<std::recursive_mutex> lock(mutex);
auto status = db->Put(writeOptions, Slice(_key, _keyLen), Slice(value, _valueLen));
throwExceptionOnError(status);
}
void LevelDB::writeByteArray(std::string &_key, const char *value,
size_t _valueLen) {
std::lock_guard<std::recursive_mutex> lock(mutex);
auto status = db->Put(writeOptions, Slice(_key), Slice(value, _valueLen));
throwExceptionOnError(status);
}
void LevelDB::throwExceptionOnError(Status _status) {
if (_status.IsNotFound())
return;
if (!_status.ok()) {
throw RPCException(COULD_NOT_ACCESS_DATABASE, ("Could not access database database:" + _status.ToString()).c_str());
}
}
uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVisit) {
std::lock_guard<std::recursive_mutex> lock(mutex);
uint64_t readCounter = 0;
leveldb::Iterator *it = db->NewIterator(readOptions);
for (it->SeekToFirst(); it->Valid(); it->Next()) {
_visitor->visitDBKey(it->key().data());
readCounter++;
if (readCounter >= _maxKeysToVisit) {
break;
}
}
delete it;
return readCounter;
}
LevelDB::LevelDB(std::string &filename) {
leveldb::Options options;
options.create_if_missing = true;
if (!leveldb::DB::Open(options, filename, (leveldb::DB **) &db).ok()) {
throw std::runtime_error("Unable to open levelDB database");
}
if (db == nullptr) {
throw std::runtime_error("Null levelDB object");
}
}
LevelDB::~LevelDB() {
if (db != nullptr)
delete db;
}
LevelDB.h 0 → 100644
View file @ d92bb2eb
/*
Copyright (C) 2019 SKALE Labs
This file is part of skale-consensus.
skale-consensus is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
skale-consensus is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with skale-consensus. If not, see <https://www.gnu.org/licenses/>.
@file LevelDB.h
@author Stan Kladko
@date 2019
*/
#ifndef SGXWALLET_LEVELDB_H
#define SGXWALLET_LEVELDB_H
#include <memory>
#include <string>
#include <mutex>
namespace leveldb {
class DB;
class Status;
class Slice;
}
class LevelDB {
std::recursive_mutex mutex;
leveldb::DB* db;
public:
std::shared_ptr<std::string> readString(const std::string& _key);
void writeString(const std::string &key1, const std::string &value1);
void writeByteArray(const char *_key, size_t _keyLen, const char *value,
size_t _valueLen);
void writeByteArray(std::string& _key, const char *value,
size_t _valueLen);
public:
void throwExceptionOnError(leveldb::Status result);
LevelDB(std::string& filename);
class KeyVisitor {
public:
virtual void visitDBKey(const char* _data) = 0;
};
uint64_t visitKeys(KeyVisitor* _visitor, uint64_t _maxKeysToVisit);
virtual ~LevelDB();
};
extern LevelDB* levelDb;
#endif
\ No newline at end of file
Makefile.am
View file @ d92bb2eb
...@@ -65,7 +65,7 @@ bin_PROGRAMS = sgxwallet testw ...@@ -65,7 +65,7 @@ bin_PROGRAMS = sgxwallet testw
COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp BLSCrypto.cpp BLSPrivateKeyShareSGX.cpp $(COMMON_SRC) sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp RPCException.cpp BLSCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp $(COMMON_SRC)
nodist_sgxwallet_SOURCES = $(COMMON_ENCLAVE_SRC) nodist_sgxwallet_SOURCES = $(COMMON_ENCLAVE_SRC)
EXTRA_sgxwallet_DEPENDENCIES = secure_enclave.signed.so EXTRA_sgxwallet_DEPENDENCIES = secure_enclave.signed.so
...@@ -90,7 +90,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so ...@@ -90,7 +90,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
sgxwallet_LDADD=-l$(SGX_URTS_LIB) -Lleveldb/build -LlibBLS/build -LlibBLS/build/libff/libff -l:libbls.a -l:libleveldb.a -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a -ljsonrpccpp-stub -lpthread -ljsonrpccpp-common -ljsonrpccpp-server -ljsoncpp -lprocps sgxwallet_LDADD=-l$(SGX_URTS_LIB) -Lleveldb/build -LlibBLS/build -LlibBLS/build/libff/libff -l:libbls.a -l:libleveldb.a -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a -ljsonrpccpp-stub -lpthread -ljsonrpccpp-common -ljsonrpccpp-server -ljsoncpp -lprocps
testw_SOURCES=testw.cpp SGXWalletServer.cpp BLSCrypto.cpp BLSPrivateKeyShareSGX.cpp $(COMMON_SRC) testw_SOURCES=testw.cpp SGXWalletServer.cpp RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp BLSPrivateKeyShareSGX.cpp $(COMMON_SRC)
nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES} nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES} EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
testw_LDADD= ${sgxwallet_LDADD} testw_LDADD= ${sgxwallet_LDADD}
\ No newline at end of file
README.md
View file @ d92bb2eb
...@@ -4,7 +4,11 @@ ...@@ -4,7 +4,11 @@
sgxwallet is a next generation hardware secure crypto wallet that is based on Intel SGX technology. It currently supports Ethereum and SKALE, and will support Bitcoin in the future. sgxwallet is a next generation hardware secure crypto wallet that is based on Intel SGX technology. It currently supports Ethereum and SKALE, and will support Bitcoin in the future.
## Prerequisites ## Clone directory and its submodules
``` git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git ```
## Enable SGX on your machine
To build and run sgxd, you'll need Intel SGX capable hardware. Most Intel chips that were produced after 2015 support SGX. To build and run sgxd, you'll need Intel SGX capable hardware. Most Intel chips that were produced after 2015 support SGX.
...@@ -24,6 +28,8 @@ To enable SGX using a software utility: ...@@ -24,6 +28,8 @@ To enable SGX using a software utility:
sgxwallet has been tested on Ubuntu Linux 18.04. sgxwallet has been tested on Ubuntu Linux 18.04.
## Install SGX driver ## Install SGX driver
``` cd scripts; sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin``` ``` cd scripts; sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin```
...@@ -35,10 +41,6 @@ If you do not see the `isgx` device, you need to troubleshoot your driver instal ...@@ -35,10 +41,6 @@ If you do not see the `isgx` device, you need to troubleshoot your driver instal
```cd scripts; sudo install_packages.sh``` ```cd scripts; sudo install_packages.sh```
## Clone directory and its submodules
``` git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git ```
## Install automake 1.15 ## Install automake 1.15
Currently the build builds with automake 1.15. You need to install it since Ubuntu 18 comes with automake 1.16 by default. Currently the build builds with automake 1.15. You need to install it since Ubuntu 18 comes with automake 1.16 by default.
......
RPCException.cpp 0 → 100644
View file @ d92bb2eb
//
// Created by skale on 9/8/19.
//
#include "RPCException.h"
RPCException.h 0 → 100644
View file @ d92bb2eb
//
// Created by skale on 9/8/19.
//
#ifndef SGXD_RPCEXCEPTION_H
#define SGXD_RPCEXCEPTION_H
#include <string>
#include <exception>
class RPCException : public std::exception {
public:
int32_t status;
std::string errString;
RPCException(int32_t _status, const char* _errString) : status(_status), errString(_errString) {}
};
#endif //SGXD_RPCEXCEPTION_H
SGXWalletServer.cpp
View file @ d92bb2eb
...@@ -18,59 +18,221 @@ ...@@ -18,59 +18,221 @@
#include <stdio.h> #include <stdio.h>
#include "SGXWalletServer.h" #include "sgxwallet_common.h"
using namespace jsonrpc;
using namespace std;
class SGXWalletServer : public AbstractStubServer {
public:
SGXWalletServer(AbstractServerConnector &connector, serverVersion_t type);
virtual void notifyServer(); #include "RPCException.h"
virtual std::string sayHello(const std::string &name); #include "LevelDB.h"
virtual int addNumbers(int param1, int param2); #include "BLSCrypto.h"
virtual double addNumbers2(double param1, double param2); #include "SGXWalletServer.h"
virtual bool isEqual(const std::string &str1, const std::string &str2); #include "SGXWalletServer.hpp"
virtual Json::Value buildObject(const std::string &name, int age);
virtual std::string methodWithoutParameters();
};
SGXWalletServer::SGXWalletServer(AbstractServerConnector &connector, SGXWalletServer::SGXWalletServer(AbstractServerConnector &connector,
serverVersion_t type) serverVersion_t type)
: AbstractStubServer(connector, type) {} : AbstractStubServer(connector, type) {}
void SGXWalletServer::notifyServer() { cout << "Server got notified" << endl; } int init_server() {
HttpServer httpserver(1025);
SGXWalletServer s(httpserver,
JSONRPC_SERVER_V1V2); // hybrid server (json-rpc 1.0 & 2.0)
s.StartListening();
return 0;
}
Json::Value
importBLSKeyShareImpl(int index, const std::string &_keyShare, const std::string &_keyShareName, int n, int t) {
Json::Value result;
int errStatus = UNKNOWN_ERROR;
char *errMsg = (char *) calloc(BUF_LEN, 1);
result["status"] = 0;
result["errorMessage"] = "";
result["encryptedKeyShare"] = "";
try {
char *encryptedKeyShareHex = encryptBLSKeyShare2Hex(&errStatus, errMsg, _keyShare.c_str());
if (encryptedKeyShareHex == nullptr) {
throw RPCException(UNKNOWN_ERROR, "");
}
if (errStatus != 0) {
throw RPCException(errStatus, errMsg);
}
result["encryptedKeyShare"] = encryptedKeyShareHex;
writeKeyShare(_keyShareName, encryptedKeyShareHex, index, n , t);
} catch (RPCException &_e) {
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
}
string SGXWalletServer::sayHello(const string &name) { return result;
if (name == "")
throw JsonRpcException(-32100, "Name was empty");
return "Hello " + name;
} }
int SGXWalletServer::addNumbers(int param1, int param2) { return param1 + param2; }
double SGXWalletServer::addNumbers2(double param1, double param2) { Json::Value blsSignMessageHashImpl(const std::string &keyShareName, const std::string &messageHash) {
return param1 + param2; Json::Value result;
result["status"] = -1;
result["errorMessage"] = "Unknown server error";
result["signatureShare"] = "";
//int errStatus = UNKNOWN_ERROR;
//char *errMsg = (char *) calloc(BUF_LEN, 1);
char *signature = (char *) calloc(BUF_LEN, 1);
shared_ptr <std::string> value = nullptr;
try {
value = readKeyShare(keyShareName);
} catch (RPCException _e) {
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
return result;
} catch (...) {
std::exception_ptr p = std::current_exception();
printf("Exception %s \n", p.__cxa_exception_type()->name());
result["status"] = -1;
result["errorMessage"] = "Read key share has thrown exception:";
return result;
}
try {
if (!sign(value->c_str(), messageHash.c_str(), 2, 2, 1, signature)) {
result["status"] = -1;
result["errorMessage"] = "Could not sign";
return result;
}
} catch (...) {
result["status"] = -1;
result["errorMessage"] = "Sign has thrown exception";
return result;
}
result["status"] = 0;
result["errorMessage"] = "";
result["signatureShare"] = signature;
return result;
} }
bool SGXWalletServer::isEqual(const string &str1, const string &str2) {
return str1 == str2; Json::Value importECDSAKeyImpl(const std::string &key, const std::string &keyName) {
Json::Value result;
result["status"] = 0;
result["errorMessage"] = "";
result["encryptedKey"] = "";
return result;
}
Json::Value generateECDSAKeyImpl(const std::string &_keyName) {
Json::Value result;
result["status"] = 0;
result["errorMessage"] = "";
result["encryptedKey"] = "";
try {
writeECDSAKey(_keyName, "");
} catch (RPCException &_e) {
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
}
return result;
} }
Json::Value SGXWalletServer::buildObject(const string &name, int age) {
Json::Value ecdsaSignMessageHashImpl(const std::string &_keyName, const std::string &messageHash) {
Json::Value result; Json::Value result;
result["name"] = name; result["status"] = 0;
result["year"] = age; result["errorMessage"] = "";
result["signature"] = "";
try {
readECDSAKey(_keyName);
} catch (RPCException &_e) {
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
}
return result; return result;
} }
string SGXWalletServer::methodWithoutParameters() { return "Test"; } Json::Value SGXWalletServer::generateECDSAKey(const std::string &_keyName) {
return generateECDSAKeyImpl(_keyName);
}
Json::Value SGXWalletServer::ecdsaSignMessageHash(const std::string &_keyName, const std::string &messageHash) {
return ecdsaSignMessageHashImpl(_keyName, messageHash);
}
Json::Value
SGXWalletServer::importBLSKeyShare(int index, const std::string &_keyShare, const std::string &_keyShareName, int n,
int t) {
return importBLSKeyShareImpl(index, _keyShare, _keyShareName, n, t);
}
Json::Value SGXWalletServer::blsSignMessageHash(const std::string &keyShareName, const std::string &messageHash) {
return blsSignMessageHashImpl(keyShareName, messageHash);
}
Json::Value SGXWalletServer::importECDSAKey(const std::string &key, const std::string &keyName) {
return importECDSAKeyImpl(key, keyName);
}
shared_ptr<string> readKeyShare(const string &_keyShareName) {
auto keyShareStr = levelDb->readString("BLSKEYSHARE:" + _keyShareName);
if (keyShareStr == nullptr) {
throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Key share with this name does not exists");
}
return keyShareStr;
}
void writeKeyShare(const string &_keyShareName, const string &value, int index, int n, int t) {
Json::Value val;
Json::FastWriter writer;
val["value"] = value;
val["t"] = t;
val["index"] = index;
val["n'"] = n;
std::string json = writer.write(val);
auto key = "BLSKEYSHARE:" + _keyShareName;
if (levelDb->readString(_keyShareName) != nullptr) {
throw new RPCException(KEY_SHARE_DOES_NOT_EXIST, "Key share with this name already exists");
}
levelDb->writeString(key, value);
}
shared_ptr <std::string> readECDSAKey(const string &_keyShare) {
return nullptr;
}
void writeECDSAKey(const string &_keyShare, const string &value) {
int init_server() {
HttpServer httpserver(1025);
SGXWalletServer s(httpserver,
JSONRPC_SERVER_V1V2); // hybrid server (json-rpc 1.0 & 2.0)
s.StartListening();
return 0;
} }
\ No newline at end of file
SGXWalletServer.h
View file @ d92bb2eb
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
// Created by kladko on 05.09.19. // Created by kladko on 05.09.19.
// //
#ifndef SGXD_SGXWALLETSERVER_H #ifndef SGXWALLET_SGXWALLETSERVER_H
#define SGXD_SGXWALLETSERVER_H #define SGXWALLET_SGXWALLETSERVER_H
#ifdef __cplusplus #ifdef __cplusplus
#define EXTERNC extern "C" #define EXTERNC extern "C"
...@@ -15,4 +15,10 @@ ...@@ -15,4 +15,10 @@
EXTERNC int init_server(); EXTERNC int init_server();
#endif //SGXD_SGXWALLETSERVER_H
#endif //SGXWALLET_SGXWALLETSERVER_H
SGXWalletServer.hpp 0 → 100644
View file @ d92bb2eb
#ifndef SGXWALLET_SGXWALLETSERVER_HPP
#define SGXWALLET_SGXWALLETSERVER_HPP
#include "abstractstubserver.h"
using namespace jsonrpc;
using namespace std;
class SGXWalletServer : public AbstractStubServer {
public:
SGXWalletServer(AbstractServerConnector &connector, serverVersion_t type);
virtual Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t);
virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash);
virtual Json::Value importECDSAKey(const std::string& key, const std::string& keyName);
virtual Json::Value generateECDSAKey(const std::string& keyName);
virtual Json::Value ecdsaSignMessageHash(const std::string& keyShareName, const std::string& messageHash);
};
void writeKeyShare(const string &_keyShareName, const string &value, int index, int n, int t);
shared_ptr<std::string> readKeyShare(const string& _keyShare);
void writeECDSAKey(const string& _key, const string& value);
shared_ptr<std::string> readECDSAKey(const string& _key);
Json::Value importBLSKeyShareImpl(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t);
Json::Value blsSignMessageHashImpl(const std::string& keyShareName, const std::string& messageHash);
Json::Value importECDSAKeyImpl(const std::string& key, const std::string& keyName);
Json::Value generateECDSAKeyImpl(const std::string& keyName);
Json::Value ecdsaSignMessageHashImpl(const std::string& keyShareName, const std::string& messageHash);
#endif //SGXWALLET_SGXWALLETSERVER_HPP
\ No newline at end of file
ServerInit.cpp 0 → 100644
View file @ d92bb2eb
//
// Created by kladko on 9/2/19.
//
#include <memory>
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "bls.h"
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "BLSPrivateKeyShareSGX.h"
#include "sgxwallet_common.h"
#include "create_enclave.h"
#include "secure_enclave_u.h"
#include "sgx_detect.h"
#include <gmp.h>
#include <sgx_urts.h>
#include "sgxwallet.h"
#include "LevelDB.h"
#include "SGXWalletServer.h"
#include "BLSCrypto.h"
#include "ServerInit.h"
void init_daemon() {
libff::init_alt_bn128_params();
static std::string dbName("./" WALLETDB_NAME);
levelDb = new LevelDB(dbName);
}
void init_enclave() {
eid = 0;
updated = 0;
unsigned long support;
#ifndef SGX_HW_SIM
support = get_sgx_support();
if (!SGX_OK(support)) {
sgx_support_perror(support);
exit(1);
}
#endif
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
if (status != SGX_SUCCESS) {
if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
fprintf(stderr, "sgx_create_enclave: %s: file not found\n", ENCLAVE_NAME);
fprintf(stderr, "Did you forget to set LD_LIBRARY_PATH?\n");
} else {
fprintf(stderr, "%s: 0x%04x\n", ENCLAVE_NAME, status);
}
exit(1);
}
fprintf(stderr, "Enclave launched\n");
status = tgmp_init(eid);
if (status != SGX_SUCCESS) {
fprintf(stderr, "ECALL tgmp_init: 0x%04x\n", status);
exit(1);
}
fprintf(stderr, "libtgmp initialized\n");
}
int sgxServerInited = 0;
void init_all() {
if (sgxServerInited == 1)
return;
sgxServerInited = 1;
init_server();
init_enclave();
init_daemon();
}
ServerInit.h 0 → 100644
View file @ d92bb2eb
//
// Created by kladko on 9/2/19.
//
#ifndef SGXWALLET_SERVERINIT_H
#define SGXWALLET_SERVERINIT_H
#ifdef __cplusplus
#define EXTERNC extern "C"
#else
#define EXTERNC
#endif
EXTERNC void init_all();
EXTERNC void init_daemon();
EXTERNC void init_enclave();
#endif //SGXWALLET_SERVERINIT_H
abstractstubserver.h
View file @ d92bb2eb
...@@ -12,52 +12,38 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer> ...@@ -12,52 +12,38 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
public: public:
AbstractStubServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractStubServer>(conn, type) AbstractStubServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractStubServer>(conn, type)
{ {
this->bindAndAddMethod(jsonrpc::Procedure("sayHello", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_STRING, "name",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::sayHelloI); this->bindAndAddMethod(jsonrpc::Procedure("importBLSKeyShare", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "index",jsonrpc::JSON_INTEGER,"keyShare",jsonrpc::JSON_STRING,"keyShareName",jsonrpc::JSON_STRING,"n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::importBLSKeyShareI);
this->bindAndAddNotification(jsonrpc::Procedure("notifyServer", jsonrpc::PARAMS_BY_NAME, NULL), &AbstractStubServer::notifyServerI); this->bindAndAddMethod(jsonrpc::Procedure("blsSignMessageHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "keyShareName",jsonrpc::JSON_STRING,"messageHash",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::blsSignMessageHashI);
this->bindAndAddMethod(jsonrpc::Procedure("addNumbers", jsonrpc::PARAMS_BY_POSITION, jsonrpc::JSON_INTEGER, "param1",jsonrpc::JSON_INTEGER,"param2",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::addNumbersI); this->bindAndAddMethod(jsonrpc::Procedure("importECDSAKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "key",jsonrpc::JSON_STRING,"keyName",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::importECDSAKeyI);
this->bindAndAddMethod(jsonrpc::Procedure("addNumbers2", jsonrpc::PARAMS_BY_POSITION, jsonrpc::JSON_REAL, "param1",jsonrpc::JSON_REAL,"param2",jsonrpc::JSON_REAL, NULL), &AbstractStubServer::addNumbers2I); this->bindAndAddMethod(jsonrpc::Procedure("generateECDSAKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "keyName",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::generateECDSAKeyI);
this->bindAndAddMethod(jsonrpc::Procedure("isEqual", jsonrpc::PARAMS_BY_POSITION, jsonrpc::JSON_BOOLEAN, "param1",jsonrpc::JSON_STRING,"param2",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::isEqualI); this->bindAndAddMethod(jsonrpc::Procedure("ecdsaSignMessageHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "keyShareName",jsonrpc::JSON_STRING,"messageHash",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::ecdsaSignMessageHashI);
this->bindAndAddMethod(jsonrpc::Procedure("buildObject", jsonrpc::PARAMS_BY_POSITION, jsonrpc::JSON_OBJECT, "param1",jsonrpc::JSON_STRING,"param2",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::buildObjectI);
this->bindAndAddMethod(jsonrpc::Procedure("methodWithoutParameters", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_STRING, NULL), &AbstractStubServer::methodWithoutParametersI);
} }
inline virtual void sayHelloI(const Json::Value &request, Json::Value &response) inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
{ {
response = this->sayHello(request["name"].asString()); response = this->importBLSKeyShare(request["index"].asInt(), request["keyShare"].asString(), request["keyShareName"].asString(), request["n"].asInt(), request["t"].asInt());
} }
inline virtual void notifyServerI(const Json::Value &request) inline virtual void blsSignMessageHashI(const Json::Value &request, Json::Value &response)
{ {
(void)request; response = this->blsSignMessageHash(request["keyShareName"].asString(), request["messageHash"].asString());
this->notifyServer();
} }
inline virtual void addNumbersI(const Json::Value &request, Json::Value &response) inline virtual void importECDSAKeyI(const Json::Value &request, Json::Value &response)
{ {
response = this->addNumbers(request[0u].asInt(), request[1u].asInt()); response = this->importECDSAKey(request["key"].asString(), request["keyName"].asString());
} }
inline virtual void addNumbers2I(const Json::Value &request, Json::Value &response) inline virtual void generateECDSAKeyI(const Json::Value &request, Json::Value &response)
{ {
response = this->addNumbers2(request[0u].asDouble(), request[1u].asDouble()); response = this->generateECDSAKey(request["keyName"].asString());
} }
inline virtual void isEqualI(const Json::Value &request, Json::Value &response) inline virtual void ecdsaSignMessageHashI(const Json::Value &request, Json::Value &response)
{ {
response = this->isEqual(request[0u].asString(), request[1u].asString()); response = this->ecdsaSignMessageHash(request["keyShareName"].asString(), request["messageHash"].asString());
} }
inline virtual void buildObjectI(const Json::Value &request, Json::Value &response) virtual Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t) = 0;
{ virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash) = 0;
response = this->buildObject(request[0u].asString(), request[1u].asInt()); virtual Json::Value importECDSAKey(const std::string& key, const std::string& keyName) = 0;
} virtual Json::Value generateECDSAKey(const std::string& keyName) = 0;
inline virtual void methodWithoutParametersI(const Json::Value &request, Json::Value &response) virtual Json::Value ecdsaSignMessageHash(const std::string& keyShareName, const std::string& messageHash) = 0;
{
(void)request;
response = this->methodWithoutParameters();
}
virtual std::string sayHello(const std::string& name) = 0;
virtual void notifyServer() = 0;
virtual int addNumbers(int param1, int param2) = 0;
virtual double addNumbers2(double param1, double param2) = 0;
virtual bool isEqual(const std::string& param1, const std::string& param2) = 0;
virtual Json::Value buildObject(const std::string& param1, int param2) = 0;
virtual std::string methodWithoutParameters() = 0;
}; };
#endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_ #endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_
regenerate_stubs_from_spec.sh 0 → 100755
View file @ d92bb2eb
#!/bin/bash
jsonrpcstub spec.json --cpp-server=AbstractStubServer --cpp-client=StubClient
scripts/install_driver.sh deleted 100755 → 0
View file @ d5c3daaf
sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"
sudo cp ../linux-sgx-driver/isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"
sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules"
sudo /sbin/depmod
sudo /sbin/modprobe isgx
scripts/install_packages.sh
View file @ d92bb2eb
sudo dpkg -i *.deb sudo dpkg -i *.deb
sudo apt install autoconf texinfo libssl-dev libboost-all-dev libjsonrpccpp-dev libjsonrpccpp-tools sudo apt install cmake flex bison libprocps-dev ccache autoconf texinfo libssl-dev libboost-all-dev libjsonrpccpp-dev libjsonrpccpp-tools
secure_enclave/BLSEnclave.cpp 0 → 100644
View file @ d92bb2eb
//
// Created by kladko on 8/14/19.
//
#define GMP_WITH_SGX
#include <string.h>
#include <cstdint>
#include "../sgxwallet_common.h"
#include "BLSEnclave.h"
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp"
std::string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_t t;
mpz_init(t);
_key->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
std::string *stringFromFq(libff::alt_bn128_Fq *_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
_g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sG1 = new std::string(*sX + ":" + *sY);
delete (sX);
delete (sY);
return sG1;
}
libff::alt_bn128_Fr *keyFromString(const char *_keyString) {
return new libff::alt_bn128_Fr(_keyString);
}
int inited = 0;
void init() {
if (inited == 1)
return;
inited = 1;
libff::init_alt_bn128_params();
}
void checkKey(int *err_status, char *err_string, const char *_keyString) {
uint64_t keyLen = strnlen(_keyString, MAX_KEY_LENGTH);
// check that key is zero terminated string
if (keyLen == MAX_KEY_LENGTH) {
snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
return;
}
*err_status = -2;
if (_keyString == nullptr) {
snprintf(err_string, BUF_LEN, "Null key");
return;
}
*err_status = -3;
// check that key is padded with 0s
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (_keyString[i] != 0) {
snprintf(err_string, BUF_LEN, "Unpadded key");
}
}
std::string ks(_keyString);
// std::string keyString =
// "4160780231445160889237664391382223604184857153814275770598791864649971919844";
auto key = keyFromString(ks.c_str());
auto s1 = stringFromKey(key);
if (s1->compare(ks) != 0) {
throw std::exception();
}
*err_status = 0;
return;
}
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
char* sig) {
libff::init_alt_bn128_params();
auto key = keyFromString(_keyString);
if (key == nullptr) {
throw std::exception();
}
libff::alt_bn128_Fq hashX(_hashXString);
libff::alt_bn128_Fq hashY(_hashYString);
libff::alt_bn128_Fq hashZ = 1;
libff::alt_bn128_G1 hash(hashX, hashY, hashZ);
libff::alt_bn128_G1 sign = key->as_bigint() * hash; // sign
sign.to_affine_coordinates();
auto r = stringFromG1(&sign);
memset(sig, 0, BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN);
delete r;
return true;
}
secure_enclave/BLSUtils.h secure_enclave/BLSEnclave.h
View file @ d92bb2eb
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
// Created by kladko on 8/14/19. // Created by kladko on 8/14/19.
// //
#ifndef SGXD_BLSUTILS_H #ifndef SGXWALLET_BLSUTILS_H
#define SGXD_BLSUTILS_H #define SGXWALLET_BLSUTILS_H
...@@ -13,10 +13,13 @@ ...@@ -13,10 +13,13 @@
#define EXTERNC #define EXTERNC
#endif #endif
EXTERNC bool check_key(const char* _keyString); EXTERNC void checkKey(int *err_status, char *err_string, const char* _keyString);
EXTERNC bool sign(const char *_keyString, const char* _hashXString, const char* _hashYString, EXTERNC void check_key(int *err_status, char *err_string, const char* _keyString);
char* _sig);
EXTERNC bool enclave_sign(const char *_keyString, const char* _hashXString, const char* _hashYString, char* _sig);
...@@ -26,5 +29,7 @@ EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray); ...@@ -26,5 +29,7 @@ EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray);
EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len, EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len,
uint8_t* _bin ); uint8_t* _bin );
EXTERNC void init();
#endif //SGXD_BLSUTILS_H #endif //SGXWALLET_BLSUTILS_H
secure_enclave/BLSUtils.cpp deleted 100644 → 0
View file @ d5c3daaf
//
// Created by kladko on 8/14/19.
//
#define GMP_WITH_SGX
#include <string.h>
#include <cstdint>
#include "../sgxwallet_common.h"
#include "BLSUtils.h"
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp"
std::string *stringFromKey(libff::alt_bn128_Fr *_key) {
mpz_t t;
mpz_init(t);
_key->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
std::string *stringFromFq(libff::alt_bn128_Fq*_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(tmp);
}
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
_g1->to_affine_coordinates();
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sG1 = new std::string(*sX + ":" + *sY);
delete(sX);
delete(sY);
return sG1;
}
libff::alt_bn128_Fr *keyFromString(const char* _keyString) {
return new libff::alt_bn128_Fr(_keyString);
}
bool check_key(const char *_keyString) {
libff::init_alt_bn128_params();
if (_keyString == nullptr)
return false;
std::string ks(_keyString);
// std::string keyString =
// "4160780231445160889237664391382223604184857153814275770598791864649971919844";
auto key = keyFromString(ks.c_str());
auto s1 = stringFromKey(key);
if (s1->compare(ks) != 0)
return false;
if (s1->size() < 10)
return false;
if (s1->size() >= 100)
return false;
return true;
}
bool sign(const char *_keyString, const char* _hashXString, const char* _hashYString,
char sig[BUF_LEN]) {
auto key = keyFromString(_keyString);
libff::alt_bn128_Fq hashX(_hashXString);
libff::alt_bn128_Fq hashY(_hashYString);
libff::alt_bn128_Fq hashZ = 1;
libff::alt_bn128_G1 hash(hashX, hashY, hashZ);
libff::alt_bn128_G1 sign = key->as_bigint() * hash; // sign
sign.to_affine_coordinates();
auto r = stringFromG1(&sign);
memset(sig, 0, BUF_LEN);
strncpy(sig, r->c_str(), BUF_LEN);
delete r;
return true;
}
secure_enclave/secure_enclave.c
View file @ d92bb2eb
...@@ -50,13 +50,16 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -50,13 +50,16 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "../sgxwallet_common.h" #include "../sgxwallet_common.h"
void *(*gmp_realloc_func)(void *, size_t, size_t); void *(*gmp_realloc_func)(void *, size_t, size_t);
void *(*oc_realloc_func)(void *, size_t, size_t); void *(*oc_realloc_func)(void *, size_t, size_t);
void (*gmp_free_func)(void *, size_t); void (*gmp_free_func)(void *, size_t);
void (*oc_free_func)(void *, size_t); void (*oc_free_func)(void *, size_t);
void *reallocate_function(void *, size_t, size_t); void *reallocate_function(void *, size_t, size_t);
void free_function(void *, size_t); void free_function(void *, size_t);
...@@ -98,10 +101,10 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) { ...@@ -98,10 +101,10 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
* free() and try again, but would you trust the OS at this point? * free() and try again, but would you trust the OS at this point?
*/ */
if (!sgx_is_outside_enclave((void *)ptr, nsize)) if (!sgx_is_outside_enclave((void *) ptr, nsize))
abort(); abort();
return (void *)nptr; return (void *) nptr;
} }
void e_mpz_add(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} void e_mpz_add(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
...@@ -121,99 +124,84 @@ void generate_ecdsa_key(int *err_status, char *err_string, ...@@ -121,99 +124,84 @@ void generate_ecdsa_key(int *err_status, char *err_string,
void encrypt_key(int *err_status, char *err_string, char *key, void encrypt_key(int *err_status, char *err_string, char *key,
uint8_t *encrypted_key, uint32_t *enc_len) { uint8_t *encrypted_key, uint32_t *enc_len) {
*err_status = -1; init();
uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
// check that key is zero terminated string *err_status = UNKNOWN_ERROR;
if (keyLen == MAX_KEY_LENGTH) { memset(err_string, 0, BUF_LEN);
snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
return;
}
*err_status = -2; checkKey(err_status, err_string, key);
// check that key is padded with 0s if (*err_status != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (key[i] != 0) {
snprintf(err_string, BUF_LEN,"Unpadded key");
return;
}
}
*err_status = -3;
if (!check_key(key)) {
snprintf(err_string, BUF_LEN,"check_key failed");
return; return;
} }
uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH); uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
*err_status = -4;
if (sealedLen > BUF_LEN) { if (sealedLen > BUF_LEN) {
snprintf(err_string, BUF_LEN,"sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); *err_status = ENCRYPTED_KEY_TOO_LONG;
snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
return; return;
} }
*err_status = -5;
memset(encrypted_key, 0, BUF_LEN); memset(encrypted_key, 0, BUF_LEN);
if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t*) key, sealedLen, (sgx_sealed_data_t*) encrypted_key) != if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, (sgx_sealed_data_t *) encrypted_key) !=
SGX_SUCCESS) { SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"SGX seal data failed"); *err_status = SEAL_KEY_FAILED;
snprintf(err_string, BUF_LEN, "SGX seal data failed");
return; return;
} }
*enc_len = sealedLen; *enc_len = sealedLen;
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
decrypt_key(err_status, err_string, encrypted_key, sealedLen, decryptedKey);
char key2[BUF_LEN];
memset(key2, 0, BUF_LEN);
decrypt_key(err_status, err_string, encrypted_key, sealedLen, key2);
if (*err_status != 0) { if (*err_status != 0) {
snprintf(err_string + strlen(err_string), BUF_LEN , ":decrypt_key failed"); snprintf(err_string + strlen(err_string), BUF_LEN, ":decrypt_key failed");
return; return;
} }
uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
if (decryptedKeyLen == MAX_KEY_LENGTH) {
uint64_t key2Len = strnlen(key2, MAX_KEY_LENGTH); snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated");
if (key2Len == MAX_KEY_LENGTH) {
snprintf(err_string, MAX_ERR_LEN,"Key2 is not null terminated");
return; return;
} }
*err_status = -8; *err_status = -8;
if (strncmp(key, key2, MAX_KEY_LENGTH) != 0) if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
snprintf(err_string, BUF_LEN, "Decrypted key does not match original key");
return; return;
}
*err_status = 0; *err_status = 0;
} }
void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key, void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char* key) { uint32_t enc_len, char *key) {
init();
uint32_t decLen; uint32_t decLen;
*err_status = -9; *err_status = -9;
sgx_status_t status = sgx_unseal_data( sgx_status_t status = sgx_unseal_data(
(const sgx_sealed_data_t *)encrypted_key, NULL, 0, (uint8_t*) key, &decLen); (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen);
if (status != SGX_SUCCESS) { if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"sgx_unseal_data failed with status %d", status); snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status);
return; return;
} }
...@@ -238,7 +226,7 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key, ...@@ -238,7 +226,7 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) { for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (key[i] != 0) { if (key[i] != 0) {
snprintf(err_string, BUF_LEN,"Unpadded key"); snprintf(err_string, BUF_LEN, "Unpadded key");
return; return;
} }
} }
...@@ -249,26 +237,33 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key, ...@@ -249,26 +237,33 @@ void decrypt_key(int *err_status, char *err_string, uint8_t *encrypted_key,
} }
void bls_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key, void bls_sign_message(int *err_status, char *err_string, uint8_t *encrypted_key,
uint32_t enc_len, char *_hashX, uint32_t enc_len, char *_hashX,
char* _hashY, char *signature) { char *_hashY, char *signature) {
char key[BUF_LEN]; char key[BUF_LEN];
char sig[BUF_LEN]; char* sig = (char*) calloc(BUF_LEN, 1);
init();
decrypt_key(err_status, err_string, encrypted_key, enc_len, key); decrypt_key(err_status, err_string, encrypted_key, enc_len, key);
if (err_status != 0) { if (*err_status != 0) {
return; return;
} }
sign(key, _hashX, _hashY, sig ); enclave_sign(key, _hashX, _hashY, sig);
strncpy(signature, sig, BUF_LEN); strncpy(signature, sig, BUF_LEN);
if (strnlen(signature, BUF_LEN) < 10) {
*err_status = -1;
return;
}
} }
...@@ -288,8 +283,6 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k ...@@ -288,8 +283,6 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k
//strncpy(signature, ecdsaSig, MAX_SIG_LEN); //strncpy(signature, ecdsaSig, MAX_SIG_LEN);
...@@ -306,7 +299,7 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k ...@@ -306,7 +299,7 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k
RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE); RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
RAND_seed(entropy_buf, sizeof(entropy_buf)); RAND_seed(entropy_buf, sizeof(entropy_buf));
EC_KEY * ec = NULL; EC_KEY *ec = NULL;
int eccgroup; int eccgroup;
eccgroup = OBJ_txt2nid("secp384r1"); eccgroup = OBJ_txt2nid("secp384r1");
ec = EC_KEY_new_by_curve_name(eccgroup); ec = EC_KEY_new_by_curve_name(eccgroup);
...@@ -336,7 +329,7 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k ...@@ -336,7 +329,7 @@ void ecdsa_sign_message(int *err_status, char *err_string, uint8_t *encrypted_k
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
// Add context // Add context
EVP_MD_CTX* context = EVP_MD_CTX_new(); EVP_MD_CTX *context = EVP_MD_CTX_new();
// Init, update, final // Init, update, final
EVP_SignInit_ex(context, EVP_sha1(), NULL); EVP_SignInit_ex(context, EVP_sha1(), NULL);
EVP_SignUpdate(context, &buffer, 100); EVP_SignUpdate(context, &buffer, 100);
...@@ -390,4 +383,3 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg ...@@ -390,4 +383,3 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg
decrypt_dkg_secret(err_status, err_string, (uint8_t*)encrypted_dkg_secret, decrypted_dkg_secret, enc_len); decrypt_dkg_secret(err_status, err_string, (uint8_t*)encrypted_dkg_secret, decrypted_dkg_secret, enc_len);
calc_public_shares(decrypted_dkg_secret, public_shares, _t); calc_public_shares(decrypted_dkg_secret, public_shares, _t);
} }
secure_enclave/secure_enclave.edl
View file @ d92bb2eb
...@@ -52,7 +52,7 @@ enclave { ...@@ -52,7 +52,7 @@ enclave {
public void ecdsa_sign_message ( public void ecdsa_sign_message (
[user_check] int *err_status, [user_check] int *err_status,
[out, count = 1024] char* err_string, [out, count = 1024] char* err_string,
[in, count = 1024] unsigned char* encrypted_key, [in, count = 1024] uint8_t* encrypted_key,
uint32_t enc_len, uint32_t enc_len,
[in, count = 1024] uint8_t* hash, [in, count = 1024] uint8_t* hash,
[out, count = 1024] char* signature); [out, count = 1024] char* signature);
......
sgxwallet.c
View file @ d92bb2eb
...@@ -34,6 +34,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -34,6 +34,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "sgxwallet.h" #include "sgxwallet.h"
#include "BLSCrypto.h" #include "BLSCrypto.h"
#include "ServerInit.h"
......
sgxwallet.h
View file @ d92bb2eb
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
// Created by kladko on 9/3/19. // Created by kladko on 9/3/19.
// //
#ifndef SGXD_SGXD_H #ifndef SGXWALLET_SGXWALLET_H
#define SGXD_SGXD_H #define SGXWALLET_SGXWALLET_H
#include "sgxwallet_common.h" #include "sgxwallet_common.h"
...@@ -22,4 +22,4 @@ extern sgx_status_t status; ...@@ -22,4 +22,4 @@ extern sgx_status_t status;
#endif //SGXD_SGXD_H #endif //SGXWALLET_SGXWALLET_H
sgxwallet_common.h
View file @ d92bb2eb
...@@ -29,4 +29,25 @@ ...@@ -29,4 +29,25 @@
#define DKG_BUFER_LENGTH 1250 #define DKG_BUFER_LENGTH 1250
#define DKG_MAX_SEALED_LEN 2000 #define DKG_MAX_SEALED_LEN 2000
#endif //SGXD_SGXD_COMMON_H #define UNKNOWN_ERROR -1
#define PLAINTEXT_KEY_TOO_LONG -2
#define UNPADDED_KEY -3
#define NULL_KEY -4
#define INCORRECT_STRING_CONVERSION -5
#define ENCRYPTED_KEY_TOO_LONG -6
#define SEAL_KEY_FAILED -7
#define KEY_SHARE_DOES_NOT_EXIST -7
#define KEY_SHARE_ALREADY_EXISTS -8
#define COULD_NOT_ACCESS_DATABASE -9
#define NULL_DATABASE -10
#define WALLETDB_NAME "sgxwallet.db"
#define ENCLAVE_NAME "secure_enclave.signed.so"
#endif //SGXWALLET_SGXWALLET_COMMON_H
spec.json
View file @ d92bb2eb
[ [
{ {
"name": "sayHello", "name": "importBLSKeyShare",
"params": { "params": {
"name": "Peter" "keyShareName": "key1",
"n": 2,
"t": 2,
"index" : 2,
"keyShare": "1122334455"
}, },
"returns": "Hello Peter" "returns": {
"status": 0,
"errorMessage": "12345",
"encryptedKeyShare": "12345"
}
}, },
{ {
"name": "notifyServer" "name": "blsSignMessageHash",
"params": {
"keyShareName": "key1",
"messageHash": "1122334455"
}, },
{ "returns": {
"name": "addNumbers", "status": 0,
"params": [ "errorMessage": "12345",
3, "signatureShare": "12345"
4 }
],
"returns": 7
}, },
{ {
"name": "addNumbers2", "name": "importECDSAKey",
"params": [ "params": {
3.2, "keyName": "key1",
4.1 "key": "1122334455"
],
"returns": 7.5
}, },
{ "returns": {
"name": "isEqual", "status": 0,
"params": [ "errorMessage": "12345",
"string1", "encryptedKey": "12345"
"string2" }
],
"returns": false
}, },
{ {
"name": "buildObject", "name": "generateECDSAKey",
"params": [ "params": {
"peter", "keyName": "key1"
1990 },
],
"returns": { "returns": {
"name": "peter", "status": 0,
"year": 1990 "errorMessage": "12345",
"encryptedKey": "12345"
} }
}, },
{ {
"name" : "methodWithoutParameters", "name": "ecdsaSignMessageHash",
"returns": "String" "params": {
"keyShareName": "key1",
"messageHash": "1122334455"
},
"returns": {
"status": 0,
"errorMessage": "12345",
"signature": "12345"
}
} }
] ]
\ No newline at end of file
stubclient.h
View file @ d92bb2eb
...@@ -12,73 +12,60 @@ class StubClient : public jsonrpc::Client ...@@ -12,73 +12,60 @@ class StubClient : public jsonrpc::Client
public: public:
StubClient(jsonrpc::IClientConnector &conn, jsonrpc::clientVersion_t type = jsonrpc::JSONRPC_CLIENT_V2) : jsonrpc::Client(conn, type) {} StubClient(jsonrpc::IClientConnector &conn, jsonrpc::clientVersion_t type = jsonrpc::JSONRPC_CLIENT_V2) : jsonrpc::Client(conn, type) {}
std::string sayHello(const std::string& name) throw (jsonrpc::JsonRpcException) Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t) throw (jsonrpc::JsonRpcException)
{ {
Json::Value p; Json::Value p;
p["name"] = name; p["index"] = index;
Json::Value result = this->CallMethod("sayHello",p); p["keyShare"] = keyShare;
if (result.isString()) p["keyShareName"] = keyShareName;
return result.asString(); p["n"] = n;
else p["t"] = t;
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); Json::Value result = this->CallMethod("importBLSKeyShare",p);
} if (result.isObject())
void notifyServer() throw (jsonrpc::JsonRpcException) return result;
{
Json::Value p;
p = Json::nullValue;
this->CallNotification("notifyServer",p);
}
int addNumbers(int param1, int param2) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p.append(param1);
p.append(param2);
Json::Value result = this->CallMethod("addNumbers",p);
if (result.isIntegral())
return result.asInt();
else else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
double addNumbers2(double param1, double param2) throw (jsonrpc::JsonRpcException) Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash) throw (jsonrpc::JsonRpcException)
{ {
Json::Value p; Json::Value p;
p.append(param1); p["keyShareName"] = keyShareName;
p.append(param2); p["messageHash"] = messageHash;
Json::Value result = this->CallMethod("addNumbers2",p); Json::Value result = this->CallMethod("blsSignMessageHash",p);
if (result.isDouble()) if (result.isObject())
return result.asDouble(); return result;
else else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
bool isEqual(const std::string& param1, const std::string& param2) throw (jsonrpc::JsonRpcException) Json::Value importECDSAKey(const std::string& key, const std::string& keyName) throw (jsonrpc::JsonRpcException)
{ {
Json::Value p; Json::Value p;
p.append(param1); p["key"] = key;
p.append(param2); p["keyName"] = keyName;
Json::Value result = this->CallMethod("isEqual",p); Json::Value result = this->CallMethod("importECDSAKey",p);
if (result.isBool()) if (result.isObject())
return result.asBool(); return result;
else else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
Json::Value buildObject(const std::string& param1, int param2) throw (jsonrpc::JsonRpcException) Json::Value generateECDSAKey(const std::string& keyName) throw (jsonrpc::JsonRpcException)
{ {
Json::Value p; Json::Value p;
p.append(param1); p["keyName"] = keyName;
p.append(param2); Json::Value result = this->CallMethod("generateECDSAKey",p);
Json::Value result = this->CallMethod("buildObject",p);
if (result.isObject()) if (result.isObject())
return result; return result;
else else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
std::string methodWithoutParameters() throw (jsonrpc::JsonRpcException) Json::Value ecdsaSignMessageHash(const std::string& keyShareName, const std::string& messageHash) throw (jsonrpc::JsonRpcException)
{ {
Json::Value p; Json::Value p;
p = Json::nullValue; p["keyShareName"] = keyShareName;
Json::Value result = this->CallMethod("methodWithoutParameters",p); p["messageHash"] = messageHash;
if (result.isString()) Json::Value result = this->CallMethod("ecdsaSignMessageHash",p);
return result.asString(); if (result.isObject())
return result;
else else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString()); throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
} }
......
testw.cpp
View file @ d92bb2eb
...@@ -31,10 +31,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -31,10 +31,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include "sgx_tcrypto.h"
#include "sgx_tseal.h" #include <jsonrpccpp/server/connectors/httpserver.h>
#include <sgx_tgmp.h>
#include <sgx_trts.h>
#include "sgxwallet_common.h" #include "sgxwallet_common.h"
#include "create_enclave.h" #include "create_enclave.h"
...@@ -42,25 +40,36 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -42,25 +40,36 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "sgx_detect.h" #include "sgx_detect.h"
#include <gmp.h> #include <gmp.h>
#include <sgx_urts.h> #include <sgx_urts.h>
#include <stdio.h>
#include "BLSCrypto.h" #include "BLSCrypto.h"
#include "ServerInit.h"
#include "RPCException.h"
#include "LevelDB.h"
#include <libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp> #include "SGXWalletServer.hpp"
#include <libff/algebra/exponentiation/exponentiation.hpp>
#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() - only do this in one cpp file
#include <libff/algebra/fields/fp.hpp> #include "catch.hpp"
#include <dkg/dkg.h> std::string stringFromFr(libff::alt_bn128_Fr& el) {
#define ENCLAVE_NAME "secure_enclave.signed.so" mpz_t t;
mpz_init(t);
el.as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
return std::string(tmp);
}
#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() - only do this in one cpp file
#include "catch.hpp"
void usage() { void usage() {
fprintf(stderr, "usage: sgxwallet\n"); fprintf(stderr, "usage: sgxwallet\n");
...@@ -72,73 +81,173 @@ sgx_enclave_id_t eid; ...@@ -72,73 +81,173 @@ sgx_enclave_id_t eid;
sgx_status_t status; sgx_status_t status;
int updated; int updated;
#define TEST_BLS_KEY_SHARE "4160780231445160889237664391382223604184857153814275770598791864649971919844"
#define TEST_BLS_KEY_NAME "SCHAIN:17:INDEX:5:KEY:1"
std::string stringFromFr(libff::alt_bn128_Fr& el) { void reset_db() {
REQUIRE(system("rm -rf " WALLETDB_NAME) == 0);
}
mpz_t t; char* encryptTestKey() {
mpz_init(t);
el.as_bigint().to_mpz(t); const char *key = TEST_BLS_KEY_SHARE;
char arr[mpz_sizeinbase(t, 10) + 2];
char *tmp = mpz_get_str(arr, 10, t); int errStatus = -1;
mpz_clear(t);
return std::string(tmp); char *errMsg = (char *) calloc(BUF_LEN, 1);
char *encryptedKeyHex = encryptBLSKeyShare2Hex(&errStatus, errMsg, key);
REQUIRE(encryptedKeyHex != nullptr);
REQUIRE(errStatus == 0);
printf("Encrypt key completed with status: %d %s \n", errStatus, errMsg);
printf("Encrypted key len %d\n", (int) strlen(encryptedKeyHex));
printf("Encrypted key %s \n", encryptedKeyHex);
return encryptedKeyHex;
} }
TEST_CASE( "BLS sign test", "[bls-sign]" ) { TEST_CASE("BLS key encrypt", "[bls-key-encrypt]") {
init_all(); init_all();
char* key = encryptTestKey();
REQUIRE(key != nullptr);
const char *key = "4160780231445160889237664391382223604184857153814275770598" }
"791864649971919844";
char* keyArray = (char*) calloc(128, 1);
uint8_t* encryptedKey = (uint8_t*) calloc(1024, 1); TEST_CASE("BLS key encrypt/decrypt", "[bls-key-encrypt-decrypt]") {
{
char* errMsg = (char*) calloc(1024,1);
strncpy((char *)keyArray, (char*)key, 128); init_all();
int err_status = 0; int errStatus = -1;
char* errMsg = (char*) calloc(BUF_LEN, 1);
unsigned int enc_len = 0;
status = encrypt_key(eid, &err_status, errMsg, keyArray, encryptedKey, &enc_len);
REQUIRE(status == SGX_SUCCESS); char* encryptedKey = encryptTestKey();
REQUIRE(encryptedKey != nullptr);
printf("Encrypt key completed with status: %d %s \n", err_status, errMsg); char* plaintextKey = decryptBLSKeyShareFromHex(&errStatus, errMsg, encryptedKey);
printf(" Encrypted key len %d\n", enc_len);
REQUIRE(errStatus == 0);
REQUIRE(strcmp(plaintextKey, TEST_BLS_KEY_SHARE) == 0);
char result[2* BUF_LEN]; printf("Decrypt key completed with status: %d %s \n", errStatus, errMsg);
printf("Decrypted key len %d\n", (int) strlen(plaintextKey));
printf("Decrypted key: %s\n", plaintextKey);
}
}
TEST_CASE("BLS key import", "[bls-key-import]") {
reset_db();
init_all();
carray2Hex(encryptedKey, enc_len, result);
uint64_t dec_len = 0;
uint8_t bin[BUF_LEN]; auto result = importBLSKeyShareImpl(1, TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2);
REQUIRE(hex2carray(result, &dec_len, bin)); REQUIRE(result["status"] == 0);
for (uint64_t i=0; i < dec_len; i++) { REQUIRE(result["encryptedKeyShare"] != "");
REQUIRE(bin[i] == encryptedKey[i]);
}
TEST_CASE("BLS sign test", "[bls-sign]") {
init_all();
char* encryptedKeyHex = encryptTestKey();
REQUIRE(encryptedKeyHex != nullptr);
const char *hexHash = "001122334455667788" "001122334455667788" "001122334455667788" "001122334455667788";
char* hexHashBuf = (char*) calloc(BUF_LEN, 1);
strncpy(hexHashBuf, hexHash, BUF_LEN);
char sig[BUF_LEN];
REQUIRE(sign(encryptedKeyHex, hexHashBuf, 2, 2, 1, sig));
printf("Signature is: %s \n", sig );
}
TEST_CASE("Server BLS sign test", "[bls-server-sign]") {
reset_db();
init_all();
auto result = importBLSKeyShareImpl(1, TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2);
REQUIRE(result["status"] == 0);
REQUIRE(result["encryptedKeyShare"] != "");
const char *hexHash = "001122334455667788" "001122334455667788" "001122334455667788" "001122334455667788";
REQUIRE_NOTHROW(result = blsSignMessageHashImpl(TEST_BLS_KEY_NAME, hexHash));
if (result["status"] != 0) {
printf("Error message: %s", result["errorMessage"].asString().c_str());
} }
REQUIRE(dec_len == enc_len);
printf("Result: %s", result); REQUIRE(result["status"] == 0);
REQUIRE(result["signatureShare"] != "");
printf("\n Length: %d \n", enc_len); printf("Signature is: %s \n", result["signatureShare"].asString().c_str());
}
TEST_CASE("KeysDB test", "[keys-db]") {
reset_db();
init_all();
string key = TEST_BLS_KEY_SHARE;
string value = TEST_BLS_KEY_SHARE;
REQUIRE_THROWS(readKeyShare(key));
writeKeyShare(key, value, 1, 2, 1);
REQUIRE(readKeyShare(key) != nullptr);
// put your test here
} }
TEST_CASE( "DKG gen test", "[dkg-gen]" ) { TEST_CASE( "DKG gen test", "[dkg-gen]" ) {
init_all(); init_all();
...@@ -239,4 +348,3 @@ TEST_CASE( "DKG auto secret shares test", "[dkg-s_shares]" ) { ...@@ -239,4 +348,3 @@ TEST_CASE( "DKG auto secret shares test", "[dkg-s_shares]" ) {
free(secret_shares); free(secret_shares);
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment