SKALE-2003 Add -y flag

f0381f2a · svetaro · 3f16f19e · f0381f2a · f0381f2a · f0381f2a
Unverified Commit f0381f2a authored Feb 10, 2020 by svetaro
8 changed files
--- a/SEKManager.cpp
+++ b/SEKManager.cpp
@@ -43,6 +43,88 @@ bool case_insensitive_match(string s1, string s2) {
  return s1.compare(s2);
 }

+void create_test_key(){
+  int errStatus =  0;
+  vector<char> errMsg(1024,0);
+  uint32_t enc_len;
+
+  uint8_t encrypted_key[BUF_LEN];
+  memset(encrypted_key, 0, BUF_LEN);
+
+  std::string key = TEST_VALUE;
+
+  status = encrypt_key_aes(eid, &errStatus, errMsg.data(),key.c_str(), encrypted_key, &enc_len);
+  if ( status != 0){
+    throw RPCException(status, errMsg.data()) ;
+  }
+
+  vector<char> hexEncrKey(2 * enc_len + 1, 0);
+
+  carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
+
+  LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
+}
+
+bool check_SEK(std::string SEK){
+   std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
+//  if (test_key_ptr == nullptr){
+//    spdlog::error("empty db" );
+//    exit(-1);
+//  }
+//  else{
+    vector<uint8_t> encr_test_key(BUF_LEN, 0);
+    uint64_t len;
+    if ( !hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())){
+      spdlog::error("wrong test key" );
+      exit(-1);
+    }
+//    std::cerr << "encr test key is " << std::endl;
+//    for ( int i = 0; i < BUF_LEN; i++ ){
+//      std::cerr << (int)encr_test_key[i] << " ";
+//    }
+
+    vector<char> decr_key(1024,0);
+    vector<char> errMsg(1024,0);
+    int err_status = 0;
+
+    vector<uint8_t> encr_SEK(1024,0);
+
+    uint32_t l = len;
+    std::cerr << " l is " << l << std::endl;
+
+    status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), (uint32_t*)&len, SEK.c_str() );
+    if (status != SGX_SUCCESS){
+      cerr << "RPCException thrown with status " << status << endl;
+      throw RPCException(status, errMsg.data());
+    }
+
+//    std::cerr << "encr SEK  is " << std::endl;
+//    for ( int i = 0; i < BUF_LEN; i++ ){
+//      std::cerr << (int)encr_SEK[i] << " ";
+//    }
+
+    status = decrypt_key_aes(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    if (status != 0){
+      spdlog::error("failed to decrypt test key" );
+      exit(-1);
+    }
+
+    std::cerr << "decr test key is " << std::endl;
+    for ( int i = 0; i < BUF_LEN; i++ ){
+      std::cerr << (int)decr_key[i] << " ";
+    }
+
+    std::string test_key = TEST_VALUE;
+    std::cerr << "test key is " << test_key << std::endl;
+    if (test_key.compare(decr_key.data())!= 0){
+      std::cerr << "decrypted key is " << decr_key.data() << std::endl;
+      spdlog::error("Invalid SEK" );
+      return false;
+    }
+    return true;
+ // }
+}
+
 void gen_SEK(){

  vector<char> errMsg(1024,0);
@@ -66,16 +148,19 @@ void gen_SEK(){
  cout << "ATTENTION! THIS IS YOUR KEY FOR BACK UP. PLEASE COPY IT TO THE SAFE PLACE" << endl;
  cout << "key is " << SEK << endl;

-  std::string confirm_str = "I confirm";
-  std::string buffer;
-  do{
-    std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)" << std::endl;
-    std::getline(std::cin, buffer);
-  } while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
-
+  if (!autoconfirm) {
+    std::string confirm_str = "I confirm";
+    std::string buffer;
+    do {
+      std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
+                << std::endl;
+      std::getline(std::cin, buffer);
+    } while (case_insensitive_match(confirm_str, buffer)); //(strcmp(confirm_str.c_str(), buffer.c_str()) != 0);
+  }
  system("reset");
  LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());

+  create_test_key();
 }

 void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
@@ -102,7 +187,7 @@ void set_SEK(std::shared_ptr<std::string> hex_encr_SEK){
  }

  std::cerr << "status is " << status << std::endl;
-  std::cerr << " aes key is " << errMsg.data() << std::endl;
+ // std::cerr << " aes key is " << errMsg.data() << std::endl;
 //  for ( uint32_t i = 0; i < 1024; i++)
 //     printf("%d ", errMsg[i]);
 }
@@ -113,21 +198,28 @@ void enter_SEK(){
  vector<uint8_t> encr_SEK(BUF_LEN, 0);
  uint32_t enc_len;

+  std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
+  if (test_key_ptr == nullptr){
+    spdlog::error("empty db" );
+    exit(-1);
+  }
+
  std::string SEK;
  std::cout << "ENTER BACKUP KEY" << std::endl;
  std::cin >> SEK;
-  while (!checkHex(SEK, 16)){
+  while (!checkHex(SEK, 16) /*|| !check_SEK(SEK)*/){
    std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
    SEK = "";
    std::cin >> SEK;
  }
  if (DEBUG_PRINT)
-    std::cerr << "your key is " << SEK << std::endl;
+   std::cerr << "your key is " << SEK << std::endl;
+

  status = set_SEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str() );
  if (status != SGX_SUCCESS){
    cerr << "RPCException thrown with status " << status << endl;
-    throw RPCException(status, errMsg.data()) ;
+    throw RPCException(status, errMsg.data());
  }

  vector<char> hexEncrKey(2 * enc_len + 1, 0);
@@ -150,3 +242,7 @@ void init_SEK(){
    set_SEK(encr_SEK_ptr);
  }
 }
+
+//ef6fdc31d93f9ec926f64c42278f34cc
+
+
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -49,6 +49,7 @@
 int DEBUG_PRINT = 0;
 int is_sgx_https = 1;
 int is_aes = 0;
+bool autoconfirm = false;

 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;

--- a/scripts/docker_test.py
+++ b/scripts/docker_test.py
@@ -33,7 +33,7 @@ assert subprocess.call(["docker", "image", "inspect", FULL_IMAGE_NAME]) == 0;



-obj = subprocess.Popen(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX], stdin=subprocess.PIPE)
+obj = subprocess.Popen(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
 obj.communicate(input=b"i confirm", timeout=5)
 obj.terminate()
 obj.wait()

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -1196,7 +1196,7 @@ void ecdsa_sign_aes(int *err_status, char *err_string, uint8_t *encrypted_key, u

 }

-void encrypt_key_aes(int *err_status, char *err_string, char *key,
+void encrypt_key_aes(int *err_status, char *err_string, const char *key,
                 uint8_t *encrypted_key, uint32_t *enc_len) {

  //init();
@@ -1205,12 +1205,12 @@ void encrypt_key_aes(int *err_status, char *err_string, char *key,

  memset(err_string, 0, BUF_LEN);

-  checkKey(err_status, err_string, key);
-
-  if (*err_status != 0) {
-    snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
-    return;
-  }
+//  checkKey(err_status, err_string, key);
+//
+//  if (*err_status != 0) {
+//    snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed");
+//    return;
+//  }

  memset(encrypted_key, 0, BUF_LEN);


--- a/secure_enclave/secure_enclave.edl
+++ b/secure_enclave/secure_enclave.edl
@@ -215,7 +215,7 @@ enclave {
                public void encrypt_key_aes (
                                [user_check] int *err_status,
                                [out, count = 1024] char* err_string,
-                                [in, count = 1024] char* key,
+                                [in, count = 1024] const char* key,
                                [out, count = 1024] uint8_t* encrypted_key,
                                [user_check] uint32_t *enc_len);


--- a/sgxwallet.c
+++ b/sgxwallet.c
@@ -67,7 +67,9 @@ int main(int argc, char *argv[]) {
    exit(1);
  }

-  while ((opt = getopt(argc, argv, "cshd0ab")) != -1) {
+  
+
+  while ((opt = getopt(argc, argv, "cshd0aby")) != -1) {
    switch (opt) {
    case 'h':
      if (strlen(argv[1]) == 2 ) {
@@ -99,6 +101,9 @@ int main(int argc, char *argv[]) {
    case 'b':
      SEK_initializer = enter_SEK;
      break;
+    case 'y':
+       autoconfirm = true;
+       break;
    case '?': // fprintf(stderr, "unknown flag\n");
      exit(1);
    default:

--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -38,6 +38,7 @@
 extern int DEBUG_PRINT;
 extern int is_sgx_https;
 extern int is_aes;
+extern bool autoconfirm;

 #define BUF_LEN 1024

@@ -97,7 +98,7 @@ extern int is_aes;
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 #define SGXDATA_FOLDER "sgx_data/"

-
+#define TEST_VALUE "1234567890"




--- a/testw.cpp
+++ b/testw.cpp
@@ -1369,4 +1369,40 @@ TEST_CASE("bls_sign_api test", "[bls_sign]") {

 }

-//BLS_KEY:SCHAIN_ID:323669558:NODE_ID:1:DKG_ID:338183455
\ No newline at end of file
+TEST_CASE("AES encrypt/decrypt", "[AES-encrypt-decrypt]") {
+    {
+
+        DEBUG_PRINT = 1;
+        is_sgx_https = 0;
+
+        init_all(false, false, init_SEK);
+        //init_enclave();
+
+        int errStatus =  -1;
+        char* errMsg = (char*) calloc(BUF_LEN, 1);
+        uint32_t enc_len;
+
+        std::string key = "123456789";
+        uint8_t encrypted_key[BUF_LEN];
+        memset(encrypted_key, 0, BUF_LEN);
+
+        status = encrypt_key_aes(eid, &errStatus, errMsg, key.c_str(), encrypted_key, &enc_len);
+
+        REQUIRE(status == 0);
+        std::cerr << "key encrypted with status " << status << " err msg " << errMsg << std::endl;
+
+        char decr_key[BUF_LEN];
+        memset(decr_key, 0, BUF_LEN);
+        status = decrypt_key_aes(eid, &errStatus, errMsg, encrypted_key, enc_len, decr_key);
+
+        REQUIRE(status == 0);
+        std::cerr << "key encrypted with status " << status << " err msg " << errMsg << std::endl;
+        std::cerr << "decrypted key is " << decr_key << std::endl;
+
+        REQUIRE( key.compare(decr_key) == 0);
+
+        sgx_destroy_enclave(eid);
+
+
+    }
+}
\ No newline at end of file