Merge pull request #49 from skalenetwork/enhancement/SKALE-2003-Create-backup-key

Enhancement/skale 2003 create backup key

BLSCrypto.cpp

@@ -27,6 +27,7 @@
 #include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
 
 #include "bls.h"
+#include <bls/BLSutils.h>
 
 
 #include "leveldb/db.h"
@@ -53,6 +54,22 @@
 #include "spdlog/spdlog.h"
 #include "common.h"
 
+
+std::string *FqToString(libff::alt_bn128_Fq*_fq) {
+
+  mpz_t t;
+  mpz_init(t);
+
+  _fq->as_bigint().to_mpz(t);
+
+  char arr[mpz_sizeinbase(t, 10) + 2];
+
+  char *tmp = mpz_get_str(arr, 10, t);
+  mpz_clear(t);
+
+  return new std::string(tmp);
+}
+
 int char2int(char _input) {
   if (_input >= '0' && _input <= '9')
     return _input - '0';
@@ -132,7 +149,6 @@ bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
 
 }
 
-
 bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
     char* _sig) {
 
@@ -172,9 +188,131 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
   //cerr<< "sig " << _sig <<endl;
 
   return true;
+}
+
+bool sign_aes(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
+          char* _sig) {
+
+  //cerr << "ENTER SIGN" << endl;
+
+  auto keyStr = make_shared<string>(_encryptedKeyHex);
+
+  auto hash = make_shared<array<uint8_t, 32>>();
+
+  uint64_t binLen;
+
+  if (!hex2carray(_hashHex, &binLen, hash->data())){
+    throw RPCException(INVALID_HEX, "Invalid hash");
+  }
+  // assert(binLen == hash->size());
+
+
+
+//  auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
+//
+//  //cerr << "keyShare created" << endl;
+//  // {
+//  auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
+//  // }
+//
+//  auto sigShareStr = sigShare->toString();
+//
+//  strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
+  shared_ptr<signatures::Bls> obj;
+  obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
+
+  std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
+      obj->HashtoG1withHint(hash);
+
+  int errStatus = 0;
+
+
+  string* xStr = FqToString(&(hash_with_hint.first.X));
+
+  if (xStr == nullptr) {
+    std::cerr <<   "Null xStr" << std::endl;
+    BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
+  }
+
+  string* yStr = FqToString(&(hash_with_hint.first.Y));
+
+  if (yStr == nullptr) {
+    std::cerr <<   "Null yStr" << std::endl;
+    BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
+  }
 
+
+  char errMsg[BUF_LEN];
+  memset(errMsg, 0, BUF_LEN);
+
+  char xStrArg[BUF_LEN];
+  char yStrArg[BUF_LEN];
+  char signature [BUF_LEN];
+
+  memset(xStrArg, 0, BUF_LEN);
+  memset(yStrArg, 0, BUF_LEN);
+
+  strncpy(xStrArg, xStr->c_str(), BUF_LEN);
+  strncpy(yStrArg, yStr->c_str(), BUF_LEN);
+
+  size_t sz = 0;
+
+
+  uint8_t encryptedKey[BUF_LEN];
+
+  bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
+
+  if (!result) {
+    cerr <<   "Invalid hex encrypted key" << endl;
+    BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
+  }
+
+  sgx_status_t status =
+      bls_sign_message_aes(eid, &errStatus, errMsg, encryptedKey,
+                       sz, xStrArg, yStrArg, signature);
+
+
+  if (status != SGX_SUCCESS) {
+    cerr <<"SGX enclave call  to bls_sign_message failed:" << status << std::endl;
+    BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call  to bls_sign_message failed"));
+  }
+
+
+  std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
+                     hash_with_hint.second;
+
+
+  std::string sig = signature;
+
+  sig.append(":");
+  sig.append(hint);
+
+  strncpy(_sig, sig.c_str(), BUF_LEN);
+
+  printf("_sig is: %s\n", sig.c_str());
+
+  //string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
+  //strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
+
+  // string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
+  // auto sig_ptr = make_shared<string>(test_sig);
+  // strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
+
+  //cerr<< "sig " << _sig <<endl;
+
+  return true;
 }
 
+bool bls_sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
+              char* _sig) {
+
+  if (!is_aes){
+    return sign(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
+  }
+  else{
+    return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _signerIndex, _sig);
+  }
+}
 
 char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
     char *keyArray = (char *) calloc(BUF_LEN, 1);

BLSCrypto.h

@@ -36,7 +36,7 @@
 //
 //EXTERNC  void init_enclave();
 
-EXTERNC bool sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
+EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t, size_t n,
         size_t signerIndex, char* _sig);
 
 EXTERNC int char2int(char _input);

DKGCrypto.cpp

@@ -96,10 +96,17 @@ string gen_dkg_poly( int _t){
       spdlog::info("in DKGCrypto encr len is {}", enc_len);
     }
 
-    vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
+    uint64_t length = DKG_MAX_SEALED_LEN;
+    if (is_aes){
+      length = enc_len;
+    }
 
+   //vector<char> hexEncrPoly(DKG_MAX_SEALED_LEN * 2 + 1, 0);//(4*BUF_LEN, 1);
 
-    carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
+    vector<char> hexEncrPoly(2 * length + 1, 0);
+    assert( encrypted_dkg_secret.size() >= length);
+    //carray2Hex(encrypted_dkg_secret.data(), DKG_MAX_SEALED_LEN, hexEncrPoly.data());
+    carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data());
     string result(hexEncrPoly.data());
 
     return result;
@@ -117,11 +124,13 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
   }
 
   char* public_shares = (char*)calloc(10000, 1);
+  memset(public_shares, 0, 10000);
  // char public_shares[10000];
 
   uint64_t enc_len = 0;
 
   uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN * 2, 1);
+  memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN * 2);
   //uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
 
   if (!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
@@ -129,16 +138,19 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
   }
 
   if (DEBUG_PRINT) {
+    //cerr << "hex_encr_poly is " << encryptedPolyHex << std::endl;
+    spdlog::info("hex_encr_poly length is {}", strlen(encryptedPolyHex));
     spdlog::info("enc len {}", enc_len);
-    /*cerr << "encr raw poly: " << endl;
-    for ( int i = 0 ; i < 3050; i++)
-      printf(" %d ", encr_dkg_poly[i] );*/
+//    cerr << "encr raw poly: " << endl;
+//    for ( int i = 0 ; i < 3050; i++)
+//      printf(" %d ", encr_dkg_poly[i] );
   }
 
   uint32_t len;
   if (!is_aes)
     status = get_public_shares(eid, &err_status, errMsg1, encr_dkg_poly, len, public_shares, t, n);
   else {
+
     status = get_public_shares_aes(eid, &err_status, errMsg1, encr_dkg_poly, enc_len, public_shares, t, n);
   }
   if ( err_status != 0){
@@ -174,15 +186,19 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
   //char* errMsg1 = (char*) calloc(1024,1);
   char errMsg1[BUF_LEN];
   int err_status = 0;
-
+  char hexEncrKey[BUF_LEN];
+  memset(hexEncrKey, 0, BUF_LEN);
   uint64_t enc_len = 0;
 
  // uint8_t* encr_dkg_poly = (uint8_t*) calloc(DKG_MAX_SEALED_LEN, 1);
   uint8_t encr_dkg_poly[DKG_MAX_SEALED_LEN];
+  memset(encr_dkg_poly, 0, DKG_MAX_SEALED_LEN);
   if(!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
       throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
   }
 
+  std::cerr << "enc_len is " << enc_len << std::endl;
+
   if (!is_aes)
     status = set_encrypted_dkg_poly(eid, &err_status, errMsg1, encr_dkg_poly);
   else
@@ -194,18 +210,18 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
 
   string result;
   //char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
-  char hexEncrKey[2 * BUF_LEN];
 
   for ( int i = 0; i < n; i++){
     uint8_t encrypted_skey[BUF_LEN];
+    memset(encrypted_skey, 0, BUF_LEN);
     uint32_t dec_len;
 
     char cur_share[193];
     char s_shareG2[320];
     string pub_keyB = publicKeys.at(i);//publicKeys.substr(128*i, 128*i + 128);
-    if (DEBUG_PRINT) {
-      spdlog::info("pub_keyB is {}", pub_keyB);
-    }
+//    if (DEBUG_PRINT) {
+//      spdlog::info("pub_keyB is {}", pub_keyB);
+//    }
     char pubKeyB[129];
     strncpy(pubKeyB, pub_keyB.c_str(), 128);
     pubKeyB[128] = 0;
@@ -232,11 +248,14 @@ string get_secret_shares(const string& polyName, const char* encryptedPolyHex, c
     if (DEBUG_PRINT) {
       spdlog::info("dec len is {}", dec_len);
     }
+
+
     carray2Hex(encrypted_skey, dec_len, hexEncrKey);
 
+
     string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + to_string(i) + ":";
 
-   // cerr << "hexEncrKey: " << hexEncrKey << endl;
+    cerr << "hexEncr DH Key: " << hexEncrKey << endl;
     writeDataToDB(DHKey_name, hexEncrKey);
 
     string shareG2_name = "shareG2_" + polyName + "_" + to_string(i) + ":";
@@ -270,24 +289,27 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
 
     uint64_t dec_key_len ;
     uint8_t encr_key[BUF_LEN];
+    memset(encr_key, 0, BUF_LEN);
     if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
         throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
     int result;
     if (DEBUG_PRINT) {
-      // cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
-      // cerr << "dec_key_len " << dec_key_len << endl;
-
-
-      // cerr << "encr_sshare length is " << strlen(encr_sshare) << endl; cerr << "public shares " << publicShares << endl;
+      cerr << "encryptedKeyHex " << encryptedKeyHex << endl;
+      cerr << "dec_key_len " << dec_key_len << endl;
+      cerr << "encr_sshare length is " << strlen(encr_sshare) << endl;
+      //cerr << "public shares " << publicShares << endl;
       spdlog::info("publicShares length is {}", char_traits<char>::length(publicShares));
     }
     char pshares[8193];
-    strncpy(pshares, publicShares, strlen(publicShares) + 1);
-    //cerr << "pshares " << pshares << endl;
+    memset(pshares, 0, 8193);
+    strncpy(pshares, publicShares, strlen(publicShares) );
 
 
-    dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
+    if (!is_aes)
+      dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
+    else
+      dkg_verification_aes(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
 
     if (result == 2){
       throw RPCException(INVALID_HEX, "Invalid public shares");
@@ -313,7 +335,9 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
 
   uint64_t dec_key_len ;
   uint8_t encr_bls_key[BUF_LEN];
+  memset(encr_bls_key, 0, BUF_LEN);
   uint8_t encr_key[BUF_LEN];
+  memset(encr_key, 0, BUF_LEN);
   if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
       throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
   }
@@ -321,10 +345,15 @@ bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char
   uint32_t enc_bls_len = 0;
 
   //cerr << "BEFORE create_bls_key IN ENCLAVE " << endl;
-  create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
+  if (!is_aes)
+    create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
+  else
+    create_bls_key_aes(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
   //cerr << "AFTER create_bls_key IN ENCLAVE er msg is  " << errMsg1 << endl;
   if ( err_status != 0){
-     spdlog::info("ERROR IN ENCLAVE");
+     //spdlog::info("ERROR IN ENCLAVE with status {}", err_status);
+     spdlog::error(errMsg1);
+     spdlog::error("status {}", err_status);
      throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
   }
   else {
@@ -363,8 +392,13 @@ vector<string> GetBLSPubKey(const char * encryptedKeyHex){
     if (DEBUG_PRINT) {
       spdlog::info("dec_key_len is {}", dec_key_len);
     }
-    get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
+
+    if (!is_aes)
+      get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
+    else
+      get_bls_pub_key_aes(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
     if ( err_status != 0){
+      std::cerr <<  errMsg1 << " status is " << err_status << std::endl;
       throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
     }
     vector<string> pub_key_vect = SplitString(pub_key, ':');
@@ -396,12 +430,19 @@ string decrypt_DHKey(const string& polyName, int ind){
   if (!hex2carray(hexEncrKey_ptr->c_str(), &DH_enc_len, encrypted_DHkey)){
      throw RPCException(INVALID_HEX, "Invalid hexEncrKey");
   }
+  if (DEBUG_PRINT) {
+    spdlog::info("encr DH key length is {}", DH_enc_len);
+    spdlog::info("hex encr DH key length is {}", hexEncrKey_ptr->length());
+  }
 
   char DHKey[ECDSA_SKEY_LEN];
 
-  decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
+  if ( !is_aes)
+    decrypt_key(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
+  else
+    decrypt_key_aes(eid, &err_status, errMsg1.data(), encrypted_DHkey, DH_enc_len, DHKey);
   if (err_status != 0){
-    throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
+    throw RPCException(/*ERROR_IN_ENCLAVE*/ err_status, "decrypt key failed in enclave");
   }
 
   return DHKey;

DockerfileSimulation

@@ -35,4 +35,4 @@ RUN make
 RUN mkdir /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 
-ENTRYPOINT ["/usr/src/sdk/start.sh"]
+ENTRYPOINT ["/usr/src/sdk/start.sh"]
\ No newline at end of file

ECDSACrypto.cpp

@@ -53,17 +53,18 @@ std::vector<std::string> gen_ecdsa_key(){
 
   if ( !is_aes)
      status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
-  else status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
+  else
+     status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
 
-  if ( err_status != 0 ){
-    std::cerr << "RPCException thrown" << std::endl;
-    throw RPCException(-666, errMsg) ;
+  if ( status != SGX_SUCCESS || err_status != 0 ){
+    std::cerr << "RPCException thrown with status" << status << std::endl;
+    throw RPCException(status, errMsg) ;
   }
   std::vector<std::string> keys(3);
   if (DEBUG_PRINT) {
     std::cerr << "account key is " << errMsg << std::endl;
     std::cerr << "enc_len is " << enc_len << std::endl;
-    std::cerr << "enc_key is "  << std::endl;
+   // std::cerr << "enc_key is "  << std::endl;
 //    for(int i = 0 ; i < 1024; i++)
 //      std::cerr << (int)encr_pr_key[i] << " " ;
   }

LevelDB.cpp

@@ -282,7 +282,6 @@ void LevelDB::initDataFolderAndDBs() {
         exit(-1);
     }
 
-
     sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
 
     struct stat info;
@@ -298,7 +297,6 @@ void LevelDB::initDataFolderAndDBs() {
         }
     }
 
-
     auto dbName = sgx_data_folder +  WALLETDB_NAME;
     levelDb = make_shared<LevelDB>(dbName);
 

Makefile.am

@@ -43,8 +43,9 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
 ## Additional automake variables
 ##
 #AM_CPPFLAGS += -g -Og
-#AM_CFLAGS = -g -Og
-#AM_CXXFLAGS = ${AM_CPPFLAGS}
+
+AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
+AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -fsanitize=address
 
 AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS)  -I.  -I./libBLS/deps/deps_inst/x86_or_x64/include
 
@@ -91,7 +92,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
 ## Use the variables, not the actual library names to ensure these
 ## targets work on simulation builds.
 
-sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
+sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
    -LlibBLS/build/libff/libff \
    -l:libbls.a -l:libleveldb.a \
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \

SEKManager.cpp

@@ -27,30 +27,210 @@
 #include "LevelDB.h"
 
 #include <iostream>
+#include <algorithm>
 
 #include "sgxwallet_common.h"
 #include "common.h"
 #include "sgxwallet.h"
 
-void generate_SEK(){
+#include "ServerDataChecker.h"
+#include "spdlog/spdlog.h"
+
+bool case_insensitive_match(string s1, string s2) {
+  //convert s1 and s2 into lower case strings
+  transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
+  transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
+  return s1.compare(s2);
+}
+
+void create_test_key(){
+  int errStatus =  0;
+  vector<char> errMsg(1024,0);
+  uint32_t enc_len;
+
+  uint8_t encrypted_key[BUF_LEN];
+  memset(encrypted_key, 0, BUF_LEN);
+
+  std::string key = TEST_VALUE;
+
+  status = encrypt_key_aes(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+  if ( status != 0){
+    std::cerr << "encrypt test key failed with status " << status << std::endl;
+    throw RPCException(status, errMsg.data()) ;
+  }
+
+  //std::cerr << "enc len is " << enc_len << std::endl;
+
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
+
+  carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
+
+  uint64_t test_len;
+  vector<uint8_t>test_encr_key(1024, 0);
+  if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())){
+    std::cerr << "wrong encrypted test key" << std::endl;
+  }
+
+
+  LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
+}
+
+bool check_SEK(std::string SEK){
+   std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
+//  if (test_key_ptr == nullptr){
+//    spdlog::error("empty db" );
+//    exit(-1);
+//  }
+//  else{
+    vector<uint8_t> encr_test_key(BUF_LEN, 0);
+    uint64_t len;
+    if ( !hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())){
+      spdlog::error("wrong test key" );
+      exit(-1);
+    }
+
+    vector<char> decr_key(1024,0);
+    vector<char> errMsg(1024,0);
+    int err_status = 0;
+
+    vector<uint8_t> encr_SEK(1024,0);
+
+    uint32_t l = len;
+    std::cerr << " l is " << l << std::endl;
+
+    status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str() );
+    if (status != SGX_SUCCESS){
+      cerr << "RPCException thrown with status " << status << endl;
+      throw RPCException(status, errMsg.data());
+    }
+
+    status = decrypt_key_aes(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    if (status != SGX_SUCCESS || err_status != 0){
+      spdlog::error("failed to decrypt test key" );
+      spdlog::error(errMsg.data());
+      exit(-1);
+    }
+
+
+    std::string test_key = TEST_VALUE;
+    if (test_key.compare(decr_key.data())!= 0){
+      std::cerr << "decrypted key is " << decr_key.data() << std::endl;
+      spdlog::error("Invalid SEK" );
+      return false;
+    }
+    return true;
+ // }
+}
+
+void gen_SEK(){
 
   vector<char> errMsg(1024,0);
   int err_status = 0;
   vector<uint8_t> encr_SEK(1024, 0);
   uint32_t enc_len = 0;
 
-  status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
-  if ( err_status != 0 ){
-    cerr << "RPCException thrown" << endl;
-    throw RPCException(-666, errMsg.data()) ;
+  //vector<char> SEK(65, 0);
+  char SEK[65];
+  memset(SEK, 0, 65);
+
+  status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
+  if (status != SGX_SUCCESS ||  err_status != 0  ){
+    throw RPCException(status, errMsg.data()) ;
   }
 
-  vector<char> hexEncrKey(2*enc_len + 1, 0);
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
   carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
 
-  cerr << "key is " << errMsg.data() << endl;
-
+  cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
+  cout << "key is " << SEK << endl;
+
+  if (!autoconfirm) {
+    std::string confirm_str = "I confirm";
+    std::string buffer;
+    do {
+      std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
+                << std::endl;
+      std::getline(std::cin, buffer);
+    } while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
+  }
+  system("reset");
   LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
 
+  create_test_key();
 }
+
+void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
+  vector<char> errMsg(1024,0);
+  int err_status = 0;
+  //vector<uint8_t> encr_SEK(1024, 0);
+
+  uint8_t encr_SEK[BUF_LEN];
+  memset(encr_SEK, 0, BUF_LEN);
+
+  uint64_t len;
+
+  if (!hex2carray(hex_encr_SEK->c_str(), &len, encr_SEK)){
+    throw RPCException(INVALID_HEX, "Invalid encrypted SEK Hex");
+  }
+
+  status = set_SEK(eid, &err_status, errMsg.data(), encr_SEK, len );
+  if ( status != SGX_SUCCESS || err_status != 0 ){
+    cerr << "RPCException thrown" << endl;
+    throw RPCException(status, errMsg.data()) ;
+  }
+
+}
+
+void enter_SEK(){
+  vector<char> errMsg(1024,0);
+  int err_status = 0;
+  vector<uint8_t> encr_SEK(BUF_LEN, 0);
+  uint32_t enc_len;
+
+  std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
+  if (test_key_ptr == nullptr){
+    spdlog::error("empty db" );
+    exit(-1);
+  }
+
+  std::string SEK;
+  std::cout << "ENTER BACKUP KEY" << std::endl;
+  std::cin >> SEK;
+  while (!checkHex(SEK, 16) || !check_SEK(SEK)){
+    std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
+    SEK = "";
+    std::cin >> SEK;
+  }
+//  if (DEBUG_PRINT)
+//   std::cerr << "your key is " << SEK << std::endl;
+
+
+  status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
+  if (status != SGX_SUCCESS){
+    cerr << "RPCException thrown with status " << status << endl;
+    throw RPCException(status, errMsg.data());
+  }
+
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
+
+  carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
+
+  LevelDB::getLevelDb() -> deleteKey("SEK");
+  LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
+}
+
+void init_SEK(){
+  std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
+  if (encr_SEK_ptr == nullptr){
+    spdlog::info("SEK was not created yet. Going to create SEK");
+    gen_SEK();
+  }
+  else{
+    if (DEBUG_PRINT)
+      spdlog::info("going to set SEK from db" );
+    set_SEK(encr_SEK_ptr);
+  }
+}
+
+//a002e7ca685d46a32771d16fe2518e58
\ No newline at end of file

SEKManager.h

@@ -24,6 +24,29 @@
 #ifndef SGXD_SEKMANAGER_H
 #define SGXD_SEKMANAGER_H
 
-void generate_SEK();
+
+#ifdef __cplusplus
+#include <string>
+#include <memory>
+#endif
+
+
+
+void gen_SEK();
+
+#ifdef __cplusplus
+void set_SEK(std::shared_ptr<std::string> hex_encr_SEK);
+#endif
+
+#ifdef __cplusplus
+#define EXTERNC extern "C"
+#else
+#define EXTERNC
+#endif
+
+EXTERNC void enter_SEK();
+
+EXTERNC void init_SEK();
+
 
 #endif //SGXD_SEKMANAGER_H

SGXRegistrationServer.cpp

@@ -48,7 +48,8 @@
 
 int DEBUG_PRINT = 0;
 int is_sgx_https = 1;
-int is_aes = 0;
+int is_aes = 1;
+bool autoconfirm = false;
 
 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;

SGXWalletServer.cpp

@@ -218,7 +218,7 @@ Json::Value blsSignMessageHashImpl(const string &keyShareName, const string &mes
     }
 
     try {
-        if (!sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
+        if (!bls_sign(value->c_str(), messageHash.c_str(), t, n, signerIndex, signature)) {
             result["status"] = -1;
             result["errorMessage"] = "Could not sign";
             return result;
@@ -501,6 +501,7 @@ Json::Value getSecretShareImpl(const string& polyName, const Json::Value& public
 
         vector<string> pubKeys_vect;
         for ( int i = 0; i < n ; i++) {
+            std::cerr << "publicKeys " << i << " is " << publicKeys[i].asString() <<std::endl;
             if ( !checkHex(publicKeys[i].asString(), 64)){
               throw RPCException(INVALID_HEX, "Invalid public key");
             }

ServerDataChecker.cpp

@@ -72,8 +72,8 @@ bool checkECDSAKeyName(const string& keyName) {
 
 bool checkHex(const string& hex, const uint32_t sizeInBytes){
   if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
-    spdlog::error("public key is too long or zero - ", hex.length());
-    std::cerr << "public key length is " << hex.length() << std::endl;
+    spdlog::error("key is too long or zero - ", hex.length());
+    std::cerr << "key length is " << hex.length() << std::endl;
     return false;
   }
 
@@ -81,7 +81,7 @@ bool checkHex(const string& hex, const uint32_t sizeInBytes){
   mpz_init(num);
 
   if ( mpz_set_str(num, hex.c_str(), 16) == -1){
-    spdlog::error("public key is not hex {}", hex);
+    spdlog::error("key is not hex {}", hex);
     mpz_clear(num);
     return false;
   }

ServerInit.cpp

@@ -52,7 +52,7 @@
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
-#include "SEKManager.h"
+
 
 #include <iostream>
 
@@ -67,19 +67,13 @@
 
 //#include <system>
 
+
+
 void init_daemon() {
 
     libff::init_alt_bn128_params();
 
-
     LevelDB::initDataFolderAndDBs();
-
-
-    std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
-    if (encr_SEK_ptr == nullptr){
-      spdlog::info("SEK was not created yet");
-      generate_SEK();
-    }
 }
 
 
@@ -135,12 +129,14 @@ void init_enclave() {
 
 int sgxServerInited = 0;
 
-void init_all(bool check_cert, bool sign_automatically) {
+void init_all(bool check_cert, bool sign_automatically, void (*SEK_func)()) {
     //spdlog::set_pattern("%c");
     if (sgxServerInited == 1)
         return;
-
+    init_enclave();
     init_daemon();
+    //init_SEK();
+    SEK_func();
 
     sgxServerInited = 1;
 
@@ -152,7 +148,7 @@ void init_all(bool check_cert, bool sign_automatically) {
     else {
       init_http_server();
     }
-    init_enclave();
+
     //std::cerr << "enclave inited" << std::endl;
 
 }

ServerInit.h

@@ -30,12 +30,12 @@
 #define EXTERNC
 #endif
 
-
-EXTERNC void init_all(bool check_cert, bool sign_automatically);
+EXTERNC void init_all(bool check_cert, bool sign_automatically, void (*func)());
 
 EXTERNC void init_daemon();
 
-EXTERNC  void init_enclave();
+EXTERNC void init_enclave();
+
 
 
 #endif //SGXWALLET_SERVERINIT_H

scripts/docker_test.py

@@ -28,8 +28,13 @@ print("Running tests for branch " + BRANCH);
 
 assert subprocess.call(["docker", "image", "inspect", FULL_IMAGE_NAME]) == 0;
 
-assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
-                        "-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
+#assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data",
+#                        "-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX]) == 0
+
+obj = subprocess.Popen(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d","--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-y"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
+obj.communicate(input=b"i confirm", timeout=5)
+obj.terminate()
+obj.wait()
 
 time.sleep(5);
 

secure_enclave/BLSEnclave.cpp

@@ -25,7 +25,8 @@
 
 #include <string.h>
 #include <cstdint>
-#include "../sgxwallet_common.h"
+//#include "../sgxwallet_common.h"
+#include "enclave_common.h"
 
 
 #include "BLSEnclave.h"

secure_enclave/DKGUtils.cpp

@@ -30,7 +30,8 @@
 #include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.hpp>
 
 
-#include "../sgxwallet_common.h"
+//#include "../sgxwallet_common.h"
+#include "enclave_common.h"
 #include <cstdio>
 #include <stdio.h>
 
@@ -313,27 +314,31 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
 
   char arr[mpz_sizeinbase (decr_secret_share, 10) + 2];
   char * tmp = mpz_get_str(arr, 10, decr_secret_share);
+
   libff::alt_bn128_Fr sshare(tmp);
 
  // strncpy(public_shares, tmp, strlen(tmp));
 //  std::string res = ConvertHexToDec("fe43567238abcdef98760");
 //  strncpy(public_shares, res.c_str(), res.length());
 
+
+
   libff::alt_bn128_G2  val2 = sshare * libff::alt_bn128_G2::one();
 
    memset(public_shares, 0, strlen(public_shares));
-   strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
-   strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
-  strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
+  strncpy(public_shares, tmp, strlen(tmp));
+//   strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
+//   strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
+//  strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
 
 
 
   val.to_affine_coordinates();
   val2.to_affine_coordinates();
 //  strncpy(public_shares + strlen(tmp), ":", 1);
-//  strncpy(public_shares + 77 + 1, ConvertToString(val.X.c0).c_str(), 77);
-//  strncpy(public_shares + 77 + 78, ":", 1);
-//  strncpy(public_shares + 77 + 79, ConvertToString(val2.X.c0).c_str(), 77);
+  strncpy(public_shares, ConvertToString(val.X.c0).c_str(), ConvertToString(val.X.c0).length());
+  strncpy(public_shares + ConvertToString(val.X.c0).length(), ":", 1);
+  strncpy(public_shares + ConvertToString(val.X.c0).length() + 1, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
   /*strncpy(public_shares + 77 + 77 + 79, "\n", 1);
   strncpy(public_shares + 144 + 79, ConvertToString(val2.X.c0).c_str(), 77);
   strncpy(public_shares + 144 + 78, ":", 1);

secure_enclave/enclave_common.h

@@ -18,7 +18,7 @@
 #define ADD_ENTROPY_SIZE 32
 
 #define  DKG_BUFER_LENGTH 2490//3060
-#define  DKG_MAX_SEALED_LEN 3050
+#define  DKG_MAX_SEALED_LEN 3100
 
 #define SECRET_SHARE_NUM_BYTES 96
 

sgxwallet.c

@@ -38,9 +38,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
+#include "SEKManager.h"
+
+
 #include <stdbool.h>
 
 
+
 void usage() {
   fprintf(stderr, "usage: sgxwallet\n");
   exit(1);
@@ -52,7 +56,8 @@ sgx_status_t status;
 int updated;
 
 int main(int argc, char *argv[]) {
-
+  void (*SEK_initializer)();
+  SEK_initializer = init_SEK;
   bool check_client_cert = true;
   bool sign_automatically = false;
   int opt;
@@ -62,7 +67,9 @@ int main(int argc, char *argv[]) {
     exit(1);
   }
 
-  while ((opt = getopt(argc, argv, "cshd0a")) != -1) {
+  
+
+  while ((opt = getopt(argc, argv, "cshd0aby")) != -1) {
     switch (opt) {
     case 'h':
       if (strlen(argv[1]) == 2 ) {
@@ -70,6 +77,7 @@ int main(int argc, char *argv[]) {
         fprintf(stderr, "-s  client certificate will be signed automatically\n");
         fprintf(stderr, "-d  turn on debug output\n");
         fprintf(stderr, "-0  SGXWalletServer will be launched on http (not https)\n");
+        fprintf(stderr, "-b  Enter backup key\n");
         exit(0);
       } else {
         fprintf(stderr, "unknown flag %s\n", argv[1]);
@@ -88,14 +96,21 @@ int main(int argc, char *argv[]) {
       is_sgx_https = 0;
      break;
     case 'a':
-      is_aes = 1;
+      is_aes = 0;
+      break;
+    case 'b':
+      SEK_initializer = enter_SEK;
+      break;
+    case 'y':
+       autoconfirm = true;
+       break;
     case '?': // fprintf(stderr, "unknown flag\n");
       exit(1);
     default:
       break;
     }
   }
-  init_all(check_client_cert, sign_automatically);
+  init_all(check_client_cert, sign_automatically, SEK_initializer);
 
   while (true) {
       sleep(10);

sgxwallet_common.h

@@ -38,6 +38,7 @@
 extern int DEBUG_PRINT;
 extern int is_sgx_https;
 extern int is_aes;
+extern bool autoconfirm;
 
 #define BUF_LEN 1024
 
@@ -93,11 +94,11 @@ extern int is_aes;
 
 #define BASE_PORT 1026
 
-#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 #define SGXDATA_FOLDER "sgx_data/"
 
-
+#define TEST_VALUE "1234567890"