Skip to content

S
sgxwallet
Unverified Commit ef4d86c5 authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #169 from skalenetwork/bug/SKALE-3213-improve-error-handling 

Bug/skale 3213 improve error handling
parents 4c8a3998 b82888f2
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 330 additions and 406 deletions
BLSCrypto.cpp
View file @ ef4d86c5
......@@ -22,47 +22,44 @@
*/
#include <memory>
#include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "third_party/intel/create_enclave.h"
#include "bls.h"
#include <bls/BLSutils.h>
#include "leveldb/db.h"
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "BLSPrivateKeyShareSGX.h"
#include "sgxwallet_common.h"
#include "third_party/intel/create_enclave.h"
#include "secure_enclave_u.h"
#include "third_party/intel/sgx_detect.h"
#include <gmp.h>
#include <sgx_urts.h>
#include "sgxwallet.h"
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
#include "SGXWalletServer.h"
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "SGXException.h"
#include "third_party/spdlog/spdlog.h"
#include "common.h"
std::string *FqToString(libff::alt_bn128_Fq *_fq) {
string *FqToString(libff::alt_bn128_Fq *_fq) {
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2);
mpz_get_str(arr, 10, t);
mpz_clear(t);
return new std::string(arr);
return new string(arr);
}
int char2int(char _input) {
......@@ -167,32 +164,24 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
shared_ptr<signatures::Bls> obj;
obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint = obj->HashtoG1withHint(hash);
pair<libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
string *xStr = FqToString(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string *yStr = FqToString(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
vector<char> errMsg(BUF_LEN,0);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature[BUF_LEN];
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
SAFE_CHAR_BUF(xStrArg,BUF_LEN);
SAFE_CHAR_BUF(yStrArg,BUF_LEN);
SAFE_CHAR_BUF(signature,BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
......@@ -202,34 +191,23 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
size_t sz = 0;
uint8_t encryptedKey[BUF_LEN];
SAFE_UINT8_BUF(encryptedKey,BUF_LEN);
bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey);
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
int errStatus = 0;
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
sz, xStrArg, yStrArg, signature);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (status != SGX_SUCCESS) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with status:" << status << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
if (errStatus != 0) {
cerr << "SGX enclave call to trustedBlsSignMessage failed with errStatus:" << errStatus << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
std::string sig = signature;
string sig = signature;
sig.append(":");
sig.append(hint);
......@@ -240,34 +218,29 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
}
bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
CHECK_STATE(_encryptedKeyHex);
CHECK_STATE(_hashHex);
return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig);
}
std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
CHECK_STATE(errStatus);
CHECK_STATE(err_string);
CHECK_STATE(_key);
auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
auto errMsg = make_shared<vector<char>>(BUF_LEN, 0);
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = -1;
vector<char> errMsg(BUF_LEN, 0);
strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = 0;
unsigned int encryptedLen = 0;
status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
spdlog::debug("errStatus is {}", *errStatus);
spdlog::debug("errMsg is ", errMsg->data());
if (*errStatus != 0) {
throw SGXException(-666, errMsg->data());
}
if (status != SGX_SUCCESS) {
*errStatus = -1;
return "";
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
std::string result(2 * BUF_LEN, '\0');
string result(2 * BUF_LEN, '\0');
carray2Hex(encryptedKey->data(), encryptedLen, &result.front());
......
BLSPrivateKeyShareSGX.cpp
View file @ ef4d86c5
......@@ -25,6 +25,8 @@
#include "BLSSignature.h"
#include "BLSutils.h"
#include "third_party/spdlog/spdlog.h"
#include "secure_enclave_u.h"
#include "sgxwallet_common.h"
#include "sgxwallet.h"
......@@ -35,162 +37,152 @@
#include "BLSPrivateKeyShareSGX.h"
std::string *stringFromFq(libff::alt_bn128_Fq*_fq) {
mpz_t t;
mpz_init(t);
string *stringFromFq(libff::alt_bn128_Fq *_fq) {
CHECK_STATE(_fq);
mpz_t t;
mpz_init(t);
_fq->as_bigint().to_mpz(t);
_fq->as_bigint().to_mpz(t);
char arr[mpz_sizeinbase(t, 10) + 2];
SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
char *tmp = mpz_get_str(arr, 10, t);
mpz_clear(t);
char *tmp = mpz_get_str(arr, 10, t);
return new std::string(tmp);
mpz_clear(t);
return new string(tmp);
}
std::string *stringFromG1(libff::alt_bn128_G1 *_g1) {
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sZ = stringFromFq(&_g1->Z);
string *stringFromG1(libff::alt_bn128_G1 *_g1) {
CHECK_STATE(_g1);
auto sG1 = new std::string(*sX + ":" + *sY + ":" + *sZ);
auto sX = stringFromFq(&_g1->X);
auto sY = stringFromFq(&_g1->Y);
auto sZ = stringFromFq(&_g1->Z);
delete(sX);
delete(sY);
delete(sZ);
auto sG1 = new string(*sX + ":" + *sY + ":" + *sZ);
return sG1;
delete (sX);
delete (sY);
delete (sZ);
return sG1;
}
BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX(
shared_ptr<string> _encryptedKeyHex, size_t _requiredSigners,
size_t _totalSigners) {
requiredSigners = _requiredSigners;
totalSigners = _totalSigners;
shared_ptr <string> _encryptedKeyHex, size_t _requiredSigners,
size_t _totalSigners) {
requiredSigners = _requiredSigners;
totalSigners = _totalSigners;
if (requiredSigners > totalSigners) {
throw std::invalid_argument("requiredSigners > totalSigners");
}
if (requiredSigners > totalSigners) {
throw invalid_argument("requiredSigners > totalSigners");
}
if (totalSigners == 0) {
throw std::invalid_argument("totalSigners == 0");
}
if (totalSigners == 0) {
throw invalid_argument("totalSigners == 0");
}
if (_encryptedKeyHex == nullptr) {
throw std::invalid_argument("Null key");
}
if (_encryptedKeyHex == nullptr) {
throw invalid_argument("Null key");
}
if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) {
throw std::invalid_argument("Encrypted key size too long");
}
if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) {
throw invalid_argument("Encrypted key size too long");
}
encryptedKeyHex = _encryptedKeyHex;
encryptedKeyHex = _encryptedKeyHex;
}
std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
shared_ptr<signatures::Bls> obj;
string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
shared_ptr <signatures::Bls> obj;
if (hash_byte_arr == nullptr) {
std::cerr << "Hash is null" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Hash is null"));
}
CHECK_STATE(hash_byte_arr)
obj = make_shared<signatures::Bls>(
signatures::Bls(requiredSigners, totalSigners));
obj = make_shared<signatures::Bls>(
signatures::Bls(requiredSigners, totalSigners));
std::pair<libff::alt_bn128_G1, std::string> hash_with_hint =
obj->HashtoG1withHint(hash_byte_arr);
pair <libff::alt_bn128_G1, string> hash_with_hint =
obj->HashtoG1withHint(hash_byte_arr);
int errStatus = 0;
int errStatus = 0;
string* xStr = stringFromFq(&(hash_with_hint.first.X));
string *xStr = stringFromFq(&(hash_with_hint.first.X));
if (xStr == nullptr) {
std::cerr << "Null xStr" << std::endl;
BOOST_THROW_EXCEPTION(runtime_error("Null xStr"));
}
CHECK_STATE(xStr);
string* yStr = stringFromFq(&(hash_with_hint.first.Y));
string *yStr = stringFromFq(&(hash_with_hint.first.Y));
if (yStr == nullptr) {
std::cerr << "Null yStr" << std::endl;
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
if (yStr == nullptr) {
delete xStr;
BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
}
char errMsg[BUF_LEN];
memset(errMsg, 0, BUF_LEN);
char xStrArg[BUF_LEN];
char yStrArg[BUF_LEN];
char signature [BUF_LEN];
vector<char> errMsg(BUF_LEN, 0);
memset(xStrArg, 0, BUF_LEN);
memset(yStrArg, 0, BUF_LEN);
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
SAFE_CHAR_BUF(xStrArg, BUF_LEN)SAFE_CHAR_BUF(yStrArg, BUF_LEN)SAFE_CHAR_BUF(signature, BUF_LEN);
delete xStr;
delete yStr;
size_t sz = 0;
strncpy(xStrArg, xStr->c_str(), BUF_LEN);
strncpy(yStrArg, yStr->c_str(), BUF_LEN);
uint8_t encryptedKey[BUF_LEN];
delete xStr;
delete yStr;
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey);
size_t sz = 0;
if (!result) {
cerr << "Invalid hex encrypted key" << endl;
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key"));
}
SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
cerr << "Key is " + *encryptedKeyHex << endl;
bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey);
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
if (!result) {
spdlog::error("Invalid hex encrypted key");
BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
}
printf("sig is: %s\n", signature);
sgx_status_t status =
trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
if (status != SGX_SUCCESS) {
gmp_printf("SGX enclave call to trustedBlsSignMessage failed: 0x%04x\n", status);
BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed"));
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (errStatus != 0) {
BOOST_THROW_EXCEPTION(runtime_error("Enclave trustedBlsSignMessage failed:" + to_string(errStatus) + ":" + errMsg ));
}
int sigLen;
int sigLen;
if ((sigLen = strnlen(signature, 10)) < 10) {
BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen)));
}
if ((sigLen = strnlen(signature, 10)) < 10) {
BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen)));
}
std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
hash_with_hint.second;
std::string sig = signature;
string sig = signature;
sig.append(":");
sig.append(hint);
sig.append(":");
sig.append(hint);
return sig;
return sig;
}
std::shared_ptr<BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
std::shared_ptr<std::array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
std::string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
shared_ptr <BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
shared_ptr <array<uint8_t, 32>> hash_byte_arr,
size_t _signerIndex) {
CHECK_STATE(hash_byte_arr);
string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex);
auto sig = make_shared<string>(signature);
auto sig = make_shared<string>(signature);
std::shared_ptr<BLSSigShare> s = std::make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners);
shared_ptr <BLSSigShare> s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
totalSigners);
return s;
return s;
}
DKGCrypto.cpp
View file @ ef4d86c5
This diff is collapsed.
DKGCrypto.h
View file @ ef4d86c5
......@@ -37,15 +37,15 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
vector<string> splitString(const char* coeffs, const char symbol);
string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
string decryptDHKey(const string& polyName, int ind);
bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
vector<string> GetBLSPubKey(const char * encryptedKeyHex);
vector<string> getBLSPubKey(const char * encryptedKeyHex);
vector<string> mult_G2(const string& x);
......@@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s
vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares);
bool TestCreateBLSShare( const char * s_shares);
bool TestcreateBLSShare( const char * s_shares);
#endif //SGXD_DKGCRYPTO_H
ECDSACrypto.cpp
View file @ ef4d86c5
......@@ -48,22 +48,20 @@ void fillRandomBuffer(vector<unsigned char> &_buffer) {
}
vector <string> genECDSAKey() {
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector <uint8_t> encr_pr_key(1024, 0);
vector<char> pub_key_x(1024, 0);
vector<char> pub_key_y(1024, 0);
vector <uint8_t> encr_pr_key(BUF_LEN, 0);
vector<char> pub_key_x(BUF_LEN, 0);
vector<char> pub_key_y(BUF_LEN, 0);
uint32_t enc_len = 0;
status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
pub_key_x.data(), pub_key_y.data());
if (status != SGX_SUCCESS || errStatus != 0) {
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
vector <string> keys(3);
vector<char> hexEncrKey(BUF_LEN * 2, 0);
......@@ -99,18 +97,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
if (errStatus != 0) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(-666, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
if (status != SGX_SUCCESS) {
spdlog::error("failed to get ECDSA public key {}", status);
throw SGXException(666, "failed to get ECDSA public key");
}
string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());
if (pubKey.size() != 128) {
......@@ -123,6 +114,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
const char *signatureS, int base) {
CHECK_STATE(hashHex)
CHECK_STATE(signatureR)
CHECK_STATE(signatureS)
auto x = pubKeyStr.substr(0, 64);
auto y = pubKeyStr.substr(64, 128);
......@@ -166,13 +162,16 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
}
vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *hashHex, int base) {
CHECK_STATE(hashHex);
vector <string> signatureVector(3);
vector<char> errMsg(1024, 0);
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
vector<char> signatureR(1024, 0);
vector<char> signatureS(1024, 0);
vector<uint8_t> encryptedKey(1024, 0);
vector<char> signatureR(BUF_LEN, 0);
vector<char> signatureS(BUF_LEN, 0);
vector<uint8_t> encryptedKey(BUF_LEN, 0);
uint8_t signatureV = 0;
uint64_t decLen = 0;
......@@ -182,22 +181,16 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}
status = trustedEcdsaSignAES(eid, &errStatus,
sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus,
errMsg.data(), encryptedKey.data(), decLen, hashHex,
signatureR.data(),
signatureS.data(), &signatureV, base);
if (errStatus != 0) {
spdlog::error("failed to sign {}", errStatus);
throw SGXException(666, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
if (status != SGX_SUCCESS) {
spdlog::error("failed to sign in enclave {}", status);
throw SGXException(666, "failed to sign");
}
signatureVector.at(0) = to_string(signatureV);
if (base == 16) {
signatureVector.at(1) = "0x" + string(signatureR.data());
signatureVector.at(2) = "0x" + string(signatureS.data());
......
SEKManager.cpp
View file @ ef4d86c5
......@@ -54,32 +54,18 @@ void create_test_key() {
vector<char> errMsg(1024, 0);
uint32_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_key, BUF_LEN);
string key = TEST_VALUE;
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if (status != SGX_SUCCESS) {
cerr << "encrypt test key failed with status " << status << endl;
throw SGXException(status, errMsg.data());
}
sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if (errStatus != 0) {
cerr << "encrypt test key failed with status " << errStatus << endl;
throw SGXException(errStatus, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
uint64_t test_len;
vector <uint8_t> test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
cerr << "wrong encrypted test key" << endl;
}
LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data());
}
......@@ -88,8 +74,9 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
vector <uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
spdlog::error("wrong test key");
spdlog::error("Corrupt test key is LevelDB");
exit(-1);
}
......@@ -101,28 +88,20 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
uint32_t l = len;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
if (status != SGX_SUCCESS) {
spdlog::error("trustedSetSEK_backup failed with error code {}", status);
exit(-1);
}
sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
if (err_status != 0) {
spdlog::error("trustedSetSEK_backup failed with error status {}", status);
exit(-1);
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0) {
spdlog::error("Failed to decrypt test key");
spdlog::error(errMsg.data());
exit(-1);
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data()) != 0) {
spdlog::error("Invalid SEK");
spdlog::error("Invalid storage key. You need to recover using backup key");
spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
spdlog::error("Then run sgxwallet using backup flag");
exit(-1);
}
......@@ -137,20 +116,14 @@ void gen_SEK() {
vector <uint8_t> encrypted_SEK(1024, 0);
uint32_t enc_len = 0;
char SEK[65];
memset(SEK, 0, 65);
SAFE_CHAR_BUF(SEK, 65);
spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
if (status != SGX_SUCCESS) {
throw SGXException(status, errMsg.data());
}
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
if (err_status != 0) {
throw SGXException(err_status, errMsg.data());
}
if (strnlen(SEK, 33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32");
......@@ -187,29 +160,25 @@ void gen_SEK() {
create_test_key();
}
void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void setSEK(shared_ptr <string> hex_encrypted_SEK) {
CHECK_STATE(hex_encrypted_SEK);
vector<char> errMsg(1024, 0);
int err_status = 0;
uint8_t encrypted_SEK[BUF_LEN];
memset(encrypted_SEK, 0, BUF_LEN);
SAFE_UINT8_BUF(encrypted_SEK, BUF_LEN);
uint64_t len;
uint64_t len = 0;
if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) {
throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data());
}
sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
if (err_status != 0) {
cerr << "RPCException thrown" << endl;
throw SGXException(err_status, errMsg.data());
}
}
#include "experimental/filesystem"
......@@ -218,7 +187,6 @@ void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
void enter_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
if (test_key_ptr == nullptr) {
spdlog::error("Error: corrupt or empty LevelDB database");
......@@ -274,7 +242,7 @@ void initSEK() {
spdlog::warn("SEK was not created yet. Going to create SEK");
gen_SEK();
} else {
trustedSetSEK(encrypted_SEK_ptr);
setSEK(encrypted_SEK_ptr);
}
}
}
......
SEKManager.h
View file @ ef4d86c5
......@@ -32,7 +32,7 @@
void gen_SEK();
#ifdef __cplusplus
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK);
void setSEK(std::shared_ptr<std::string> hex_encr_SEK);
#endif
#ifdef __cplusplus
......
SGXWalletServer.cpp
View file @ ef4d86c5
......@@ -425,7 +425,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
pubKeysStrs.push_back(_pubKeys[i].asString());
}
string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
result["secretShare"] = s;
result["SecretShare"] = s;
} HANDLE_SGX_EXCEPTION(result)
......@@ -489,7 +489,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
bool res = createBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
if (res) {
spdlog::info("BLS KEY SHARE CREATED ");
} else {
......@@ -519,7 +519,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
}
shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
vector <string> public_key_vect = getBLSPubKey(encryptedKeyHex_ptr->c_str());
for (uint8_t i = 0; i < 4; i++) {
result["blsPublicKeyShare"][i] = public_key_vect.at(i);
}
......
ServerInit.cpp
View file @ ef4d86c5
......@@ -81,7 +81,7 @@ void initEnclave(uint32_t _logLevel) {
spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
&updated, &eid, 0);
if (status != SGX_SUCCESS) {
......@@ -97,6 +97,7 @@ void initEnclave(uint32_t _logLevel) {
spdlog::info("Enclave created and started successfully");
status = trustedEnclaveInit(eid, _logLevel);
if (status != SGX_SUCCESS) {
spdlog::error("trustedEnclaveInit failed: {}", status);
exit(1);
......
VERSION
View file @ ef4d86c5
1.58.0
\ No newline at end of file
1.58.1
\ No newline at end of file
common.h
View file @ ef4d86c5
......@@ -32,6 +32,8 @@ using namespace std;
#include <map>
#include <memory>
#include <boost/throw_exception.hpp>
#include <gmp.h>
#include "secure_enclave/Verify.h"
#include "InvalidStateException.h"
......@@ -56,4 +58,26 @@ inline std::string className(const std::string &prettyFunction) {
throw InvalidStateException(__msg__, __CLASS_NAME__);}
#define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \
if (__STATUS__ != SGX_SUCCESS) { \
string __ERR_STRING__ = string("SGX enclave call to ") + \
__FUNCTION__ + " failed with status:" \
+ to_string(__STATUS__) + \
" Err message:" + __ERR_MSG__; \
BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \
}\
\
if (__ERR_STATUS__ != 0) {\
string __ERR_STRING__ = string("SGX enclave call to ") +\
__FUNCTION__ + " failed with errStatus:" + \
to_string(__ERR_STATUS__) + \
" Err message:" + __ERR_MSG__;\
BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
}
#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
#endif //SGXWALLET_COMMON_H
sgxwallet.c
View file @ ef4d86c5
......@@ -37,5 +37,4 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
sgx_launch_token_t token = {0};
sgx_enclave_id_t eid;
sgx_status_t status;
int updated;
sgxwallet.h
View file @ ef4d86c5
......@@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern sgx_enclave_id_t eid;
extern int updated;
extern sgx_launch_token_t token;
extern sgx_status_t status;
#define ENCLAVE_NAME "secure_enclave.signed.so"
......
testw.cpp
View file @ ef4d86c5
......@@ -147,9 +147,10 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes
hex.data(),
signatureR.data(),
signatureS.data(), &signatureV, 16);
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
REQUIRE(status == SGX_SUCCESS);
REQUIRE(errStatus == SGX_SUCCESS);
}
......@@ -691,7 +692,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
}
TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
int errStatus = -1;
int errStatus = 0;
vector<char> errMsg(BUF_LEN, 0);
uint32_t encLen;
string key = SAMPLE_AES_KEY;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment