SKALE-2002 add new test, remove redunant code

SEKManager.cpp

@@ -163,7 +163,6 @@ void gen_SEK(){
 void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
   vector<char> errMsg(1024,0);
   int err_status = 0;
-  //vector<uint8_t> encr_SEK(1024, 0);
 
   uint8_t encr_SEK[BUF_LEN];
   memset(encr_SEK, 0, BUF_LEN);
@@ -179,7 +178,6 @@ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK){
     cerr << "RPCException thrown" << endl;
     throw SGXException(status, errMsg.data()) ;
   }
-
 }
 
 void enter_SEK(){
@@ -225,7 +223,7 @@ void initSEK(){
     enter_SEK();
   } else {
       if (encr_SEK_ptr == nullptr) {
-          spdlog::error("SEK was not created yet. Going to create SEK");
+          spdlog::warn("SEK was not created yet. Going to create SEK");
           gen_SEK();
       } else {
           trustedSetSEK(encr_SEK_ptr);

ServerInit.cpp

@@ -76,7 +76,7 @@ void initEnclave(uint32_t _logLevel) {
     }
 #endif
 
-        spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
+    spdlog::debug("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
 
 
     status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,

secure_enclave/EnclaveCommon.cpp

@@ -106,55 +106,6 @@ void enclave_init() {
     libff::init_alt_bn128_params();
 }
 
-void checkKey(int *errStatus, char *err_string, const char *_keyString) {
-
-    uint64_t keyLen = strnlen(_keyString, MAX_KEY_LENGTH);
-
-    // check that key is zero terminated string
-
-    if (keyLen == MAX_KEY_LENGTH) {
-        snprintf(err_string, MAX_ERR_LEN, "keyLen != MAX_KEY_LENGTH");
-        return;
-    }
-
-
-    *errStatus = -2;
-
-
-    if (_keyString == nullptr) {
-        snprintf(err_string, BUF_LEN, "Null key");
-        return;
-    }
-
-    *errStatus = -3;
-
-     //check that key is padded with 0s
-
-    for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
-        if (_keyString[i] != 0) {
-            snprintf(err_string, BUF_LEN, "Unpadded key");
-        }
-    }
-
-//    string ks(_keyString);
-//
-//    // string  keyString =
-//    // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
-//
-//    auto key = keyFromString(ks.c_str());
-//
-//    auto s1 = stringFromKey(key);
-//
-//    if (s1->compare(ks) != 0) {
-//        throw exception();
-//    }
-
-    *errStatus = 0;
-
-   // return;
-}
-
-
 bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
           char* sig) {
 

secure_enclave/EnclaveCommon.h

@@ -34,8 +34,6 @@
 
 //#include <stdint.h>
 
-EXTERNC void checkKey(int *errStatus, char *err_string, const char* _keyString);
-
 EXTERNC void check_key(int *errStatus, char *err_string, const char* _keyString);
 
 

secure_enclave/secure_enclave.c

@@ -169,7 +169,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
     int len = mpz_sizeinbase(Pkey->x, base) + 2;
     //snprintf(errString, BUF_LEN, "len = %d\n", len);
     char arr_x[len];
-    char *px = mpz_get_str(arr_x, base, Pkey->x);
+    mpz_get_str(arr_x, base, Pkey->x);
     //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px);
     int n_zeroes = 64 - strlen(arr_x);
     for (int i = 0; i < n_zeroes; i++) {
@@ -179,14 +179,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
     strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes);
 
     char arr_y[mpz_sizeinbase(Pkey->y, base) + 2];
-    char *py = mpz_get_str(arr_y, base, Pkey->y);
+    mpz_get_str(arr_y, base, Pkey->y);
     n_zeroes = 64 - strlen(arr_y);
     for (int i = 0; i < n_zeroes; i++) {
         pub_key_y[i] = '0';
     }
     strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
     char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
-    char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
+    mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
     snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str));
 
     uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
@@ -391,7 +391,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
 }
 
 
-void trustedEncryptKey(int *errStatus, char *errString, char *key,
+void trustedEncryptKey(int *errStatus, char *errString, const char *key,
                  uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
 
     LOG_DEBUG (__FUNCTION__);
@@ -400,16 +400,8 @@ void trustedEncryptKey(int *errStatus, char *errString, char *key,
 
     memset(errString, 0, BUF_LEN);
 
-    checkKey(errStatus, errString, key);
-
-    if (*errStatus != 0) {
-        snprintf(errString + strlen(errString), BUF_LEN, "check_key failed");
-        return;
-    }
-
     uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
 
-
     if (sealedLen > BUF_LEN) {
         *errStatus = ENCRYPTED_KEY_TOO_LONG;
         snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH");
@@ -931,7 +923,6 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 }
 
 void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
-
     LOG_DEBUG (__FUNCTION__);
 
     uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
@@ -947,7 +938,6 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
 
     uint64_t len;
     hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
-
 }
 
 void trustedSetSEK_backup(int *errStatus, char *errString,

secure_enclave/secure_enclave.edl

@@ -47,7 +47,7 @@ enclave {
 		public void trustedEncryptKey (
                                 [user_check] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
-                                [in, count = SMALL_BUF_SIZE] char* key,
+                                [in, count = SMALL_BUF_SIZE] const char* key,
                                 [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                 [user_check] uint32_t *enc_len);
 

testw.cpp

@@ -1004,7 +1004,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
 
 
     int errStatus = -1;
-    vector<char> errMsg(BUF_LEN, 0);;
+    vector<char> errMsg(BUF_LEN, 0);
     uint32_t encLen;
     string key = SAMPLE_AES_KEY;
     vector <uint8_t> encrypted_key(BUF_LEN, 0);
@@ -1012,12 +1012,39 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
     status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
 
     REQUIRE(status == 0);
+    REQUIRE( errStatus == 0 );
 
 
     vector<char> decr_key(BUF_LEN, 0);
     status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
 
     REQUIRE(status == 0);
+    REQUIRE( errStatus == 0 );
+    REQUIRE(key.compare(decr_key.data()) == 0);
+
+}
+
+
+TEST_CASE_METHOD(TestFixture, "SGX encrypt/decrypt", "[sgx-encrypt-decrypt]") {
+
+
+    int errStatus = -1;
+    vector<char> errMsg(BUF_LEN, 0);
+    uint32_t encLen;
+    string key = SAMPLE_AES_KEY;
+    vector <uint8_t> encrypted_key(BUF_LEN, 0);
+
+    status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
+
+    REQUIRE(status == 0);
+    REQUIRE( errStatus == 0 );
+
+
+    vector<char> decr_key(BUF_LEN, 0);
+    status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
+
+    REQUIRE(status == 0);
+    REQUIRE( errStatus == 0 );
     REQUIRE(key.compare(decr_key.data()) == 0);
 
 }
@@ -1037,41 +1064,20 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt
 }
 
 TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
-    domain_parameters curve = domain_parameters_init();
-    domain_parameters_load_curve(curve, secp256k1);
-
-    gmp_randstate_t state;
-    gmp_randinit_default(state);
-
-    mpz_t rand;
-    mpz_init(rand);
-    mpz_urandomb(rand, state, 256);
-
-    mpz_t seed;
-    mpz_init(seed);
-    mpz_mod(seed, rand, curve->p);
-
-    mpz_t skey;
-    mpz_init(skey);
-    mpz_mod(skey, seed, curve->p);
-    mpz_clear(seed);
-
-    char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
-    char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey);
-    gmp_randclear(state);
+    std::string key = SAMPLE_AES_KEY;
 
     int errStatus = 0;
     vector<char> errMsg(BUF_LEN, 0);
     vector <uint8_t> encrPrivKey(BUF_LEN, 0);
     uint32_t enc_len = 0;
-    trustedEncryptKey(eid, &errStatus, errMsg.data(), skey_str, encrPrivKey.data(), &enc_len);
+    trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrPrivKey.data(), &enc_len);
     REQUIRE(errStatus == SGX_SUCCESS);
 
     int errStatusAES = 0;
     vector<char> errMsgAES(BUF_LEN, 0);
     vector <uint8_t> encrPrivKeyAES(BUF_LEN, 0);
     uint32_t enc_lenAES = 0;
-    trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), skey_str, encrPrivKeyAES.data(), &enc_lenAES);
+    trustedEncryptKeyAES(eid, &errStatusAES, errMsgAES.data(), key.c_str(), encrPrivKeyAES.data(), &enc_lenAES);
     REQUIRE( errStatusAES == SGX_SUCCESS );
 
     errMsg.clear();
@@ -1080,11 +1086,12 @@ TEST_CASE_METHOD(TestFixture, "AES == NOT AES", "[aes-not-aes]") {
     vector<char> signatureS(BUF_LEN, 0);
     uint8_t signatureV = 0;
 
-    uint32_t dec_len = 0;
-    status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), dec_len, (unsigned char *) hex.data(),
+    //uint32_t dec_len = 0;
+    status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), enc_len, (unsigned char *) hex.data(),
                               signatureR.data(),
                               signatureS.data(), &signatureV, 16);
     REQUIRE( status == SGX_SUCCESS );
+    REQUIRE( errStatus == SGX_SUCCESS );
 
     errMsgAES.clear();
     vector<char> signatureRAES(BUF_LEN, 0);

testw.py

@@ -53,6 +53,7 @@ testList = [ "[cert-sign]",
             "[dkg-pub-shares]",
             "[many-threads-crypto]",
             "[aes-encrypt-decrypt]",
+            "[sgx-encrypt-decrypt]",
             "[aes-dkg]",
             "[aes-not-aes]"]