SKLAE-2794 fix memory leak

da0c0687 · Oleh Nikolaiev · d6bb7ad3 · da0c0687
Unverified Commit da0c0687 authored Jun 24, 2020 by Oleh Nikolaiev
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 40 deletions

secure_enclave.c secure_enclave/secure_enclave.c +29 -40

No files found.
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -42,8 +42,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <sgx_tgmp.h>
 #include <sgx_trts.h>
 #include "Point.h"
 #include "DomainParameters.h"
@@ -52,7 +50,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include "DHDkg.h"
 #include "AESUtils.h"
 #include "EnclaveConstants.h"
 #include "EnclaveCommon.h"
@@ -156,11 +153,9 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
    signature_extract_public_key(Pkey, skey, curve);
-    uint8_t base = 16;
+    int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
-    int len = mpz_sizeinbase(Pkey->x, base) + 2;
    char arr_x[len];
-    mpz_get_str(arr_x, base, Pkey->x);
+    mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
    int n_zeroes = 64 - strlen(arr_x);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_x[i] = '0';
@@ -168,8 +163,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
    strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
-    char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
+    char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2];
-    mpz_get_str(arr_y, base, Pkey->y);
+    mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
    n_zeroes = 64 - strlen(arr_y);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_y[i] = '0';
@@ -201,7 +196,6 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
    point_clear(Pkey);
 }
 void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
                          uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) {
    LOG_DEBUG (__FUNCTION__);
@@ -255,11 +249,9 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
        return;
    }
-    int base = 16;
+    int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
-    int len = mpz_sizeinbase(Pkey->x, base) + 2;
    char arr_x[len];
-    mpz_get_str(arr_x, base, Pkey->x);
+    mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
    int n_zeroes = 64 - strlen(arr_x);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_x[i] = '0';
@@ -267,8 +259,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
    strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
-    char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
+    char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2];
-    mpz_get_str(arr_y, base, Pkey->y);
+    mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
    n_zeroes = 64 - strlen(arr_y);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_y[i] = '0';
@@ -391,7 +383,6 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    return;
 }
 void trustedEncryptKey(int *errStatus, char *errString, const char *key,
                 uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
    LOG_DEBUG (__FUNCTION__);
@@ -465,7 +456,7 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
    }
    if (decLen > MAX_KEY_LENGTH) {
-        snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH");
+        snprintf(errString, BUF_LEN, "wrong decLen");
        return;
    }
@@ -482,7 +473,6 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
    return;
 }
 void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                      uint32_t enc_len, char *_hashX,
                      char *_hashY, char *signature) {
@@ -524,8 +514,7 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
    snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret);
-    uint32_t sealedLen = sgx_calc_sealed_data_size(0,
+    uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH);
-                                                   DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) +  sizeof(dkg_secret);
    sgx_status_t status = sgx_seal_data(0, NULL, DKG_BUFER_LENGTH, (uint8_t *) dkg_secret, sealedLen,
                                        (sgx_sealed_data_t *) encrypted_dkg_secret);
@@ -586,6 +575,7 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
    trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *)decrypted_dkg_secret, &decr_len);
    if (*errStatus != 0) {
        snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus);
+        free(decrypted_dkg_secret);
        return;
    }
@@ -598,7 +588,6 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
    free(decrypted_dkg_secret);
 }
 void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) {
    LOG_DEBUG(__FUNCTION__);
@@ -647,7 +636,6 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
    gen_session_key(skey, pub_keyB, common_key);
    char *s_share[ECDSA_SKEY_LEN]; ;
    if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) {
        *errStatus = -1;
        snprintf(errString, BUF_LEN, "\nt does not match poly degree\n");
@@ -734,6 +722,7 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
    }
    *result = Verification(public_shares, s, _t, _ind);
+    mpz_clear(s);
    snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
 }
@@ -944,11 +933,9 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
    signature_extract_public_key(Pkey, skey, curve);
-    uint8_t base = 16;
+    int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
-    int len = mpz_sizeinbase(Pkey->x, base) + 2;
    char arr_x[len];
-    mpz_get_str(arr_x, base, Pkey->x);
+    mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
    int n_zeroes = 64 - strlen(arr_x);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_x[i] = '0';
@@ -956,15 +943,14 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
    strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
-    char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
+    char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2];
-    mpz_get_str(arr_y, base, Pkey->y);
+    mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
    n_zeroes = 64 - strlen(arr_y);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_y[i] = '0';
    }
    strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
    char skey_str[ECDSA_SKEY_LEN];
-    //mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
    char arr_skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
    mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey);
    n_zeroes = 64 - strlen(arr_skey_str);
@@ -994,6 +980,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
    if (stat != 0) {
        snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
        *errStatus = stat;
+        mpz_clear(skey);
+        domain_parameters_clear(curve);
+        point_clear(Pkey);
        return;
    }
@@ -1053,16 +1044,15 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
        mpz_clear(privateKeyMpz);
        domain_parameters_clear(curve);
        point_clear(Pkey);
+        point_clear(Pkey_test);
        return;
    }
-    int base = 16;
+    int len = mpz_sizeinbase(Pkey->x, ECDSA_SKEY_BASE) + 2;
-    int len = mpz_sizeinbase(Pkey->x, base) + 2;
    char arr_x[len];
-    mpz_get_str(arr_x, base, Pkey->x);
+    mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x);
    int n_zeroes = 64 - strlen(arr_x);
    for (int i = 0; i < n_zeroes; i++) {
@@ -1071,8 +1061,8 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
    strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
-    char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
+    char arr_y[mpz_sizeinbase(Pkey->y, ECDSA_SKEY_BASE) + 2];
-    mpz_get_str(arr_y, base, Pkey->y);
+    mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y);
    n_zeroes = 64 - strlen(arr_y);
    for (int i = 0; i < n_zeroes; i++) {
        pub_key_y[i] = '0';
@@ -1082,6 +1072,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
    mpz_clear(privateKeyMpz);
    domain_parameters_clear(curve);
    point_clear(Pkey);
+    point_clear(Pkey_test);
 }
 void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
@@ -1212,7 +1203,6 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
        return;
    }
    *errStatus = -8;
    if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
@@ -1375,7 +1365,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
    }
    snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey);
-    *dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
+    *dec_len = enc_len;
    char *common_key[ECDSA_SKEY_LEN];
    gen_session_key(skey, pub_keyB, common_key);
@@ -1484,6 +1474,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
    }
    *result = Verification(public_shares, s, _t, _ind);
+    mpz_clear(s);
    snprintf(errString, BUF_LEN, "secret share dec %s", public_shares);
 }
@@ -1570,8 +1561,6 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
    mpz_mod(bls_key, sum, q);
-//    char key_share[mpz_sizeinbase(bls_key, 16) + 2];
-//    mpz_get_str(key_share, 16, bls_key);
    char key_share[BLS_KEY_LENGTH];
    char arr_skey_str[mpz_sizeinbase(bls_key, 16) + 2];
    mpz_get_str(arr_skey_str, 16, bls_key);