SKALE-1512-add-DKG-to-SGX Add create bls key

f0e21a53 · svetaro · f8a8cd25 · f0e21a53 · f0e21a53 · f0e21a53
Unverified Commit f0e21a53 authored Oct 28, 2019 by svetaro
13 changed files
--- a/DKGCrypto.cpp
+++ b/DKGCrypto.cpp
@@ -176,4 +176,22 @@ bool VerifyShares(const char* encryptedPolyHex, const char* encr_sshare, const c

    std::cerr << "result is " << result << std::endl;
    return result;
+}
+
+bool CreateBLSShare( const char * s_shares, const char * encryptedKeyHex){
+
+  char* errMsg1 = (char*) calloc(1024,1);
+  int err_status = 0;
+
+  uint64_t dec_key_len ;
+  uint8_t encr_bls_key[BUF_LEN];
+  uint8_t encr_key[BUF_LEN];
+  hex2carray(encryptedKeyHex, &dec_key_len, encr_key);
+
+  create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key);
+  if ( err_status != 0){
+     return false;
+  }
+  else return true;
+
 }
\ No newline at end of file
--- a/DKGCrypto.h
+++ b/DKGCrypto.h
@@ -18,4 +18,6 @@ std::string get_secret_shares(const std::string& polyName, const char* encrypted

 bool VerifyShares(const char* encryptedPolyHex, const char* encr_sshare, const char * encryptedKeyHex,  int t, int n, int ind);

+bool CreateBLSShare( const char * s_shares, const char * encryptedKeyHex);
+
 #endif //SGXD_DKGCRYPTO_H
--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -326,9 +326,9 @@ Json::Value DKGVerificationImpl(const std::string& polyName, const std::string&

  try {
    std::shared_ptr<std::string> encryptedPolyHex_ptr = readFromDb(polyName, "DKGPoly:");
-    std::string keyName = polyName + "_" + std::to_string(ind);
-    //std::shared_ptr<std::string> encryptedKeyHex_ptr = readFromDb(keyName, "DKG_DH_KEY_");
-    std::shared_ptr<std::string> encryptedKeyHex_ptr = readECDSAKey("test_key1");
+    //std::string keyName = polyName + "_" + std::to_string(ind);
+    //std::shared_ptr<std::string> encryptedKeyHex_ptr = readFromDb(EthKeyName, "");
+    std::shared_ptr<std::string> encryptedKeyHex_ptr = readECDSAKey(EthKeyName);

    if ( !VerifyShares(encryptedPolyHex_ptr->c_str(), SecretShare.c_str(), encryptedKeyHex_ptr->c_str(),  t, n, ind )){
      result["result"] = false;
@@ -345,6 +345,51 @@ Json::Value DKGVerificationImpl(const std::string& polyName, const std::string&
  return result;
 }

+Json::Value CreateBLSPrivateKeyImpl(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int t, int n){
+  std::cerr << "CreateBLSPrivateKeyImpl entered" << std::endl;
+
+  Json::Value result;
+  result["status"] = 0;
+  result["errorMessage"] = "";
+
+  try {
+
+    if (SecretShare.size() != n){
+      result["errorMessage"] = "wrong number of secret shares";
+      return result;
+    }
+    std::vector<std::string> sshares_vect;
+    std::cerr << "sshares are " << std::endl;
+    char sshares[192 * n + 1];
+    for ( int i = 0; i < n ; i++){
+      sshares_vect.push_back(SecretShare[i].asString());
+     // std::cerr << sshares_vect[i] << " ";
+      strncpy(sshares + i * 192, SecretShare[i].asString().c_str(), 192);
+    }
+    sshares[192 * n ] = 0;
+    std::cerr << sshares << std::endl;
+    std::cerr << "length is " << strlen(sshares);
+
+    std::shared_ptr<std::string> encryptedKeyHex_ptr = readECDSAKey(EthKeyName);
+
+    bool res = CreateBLSShare(sshares, encryptedKeyHex_ptr->c_str());
+     if ( res){
+         std::cerr << "key created " << std::endl;
+     }
+     else {
+         std::cerr << "error " << std::endl;
+     }
+
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+
+  }
+
+  return result;
+}
+
 Json::Value SGXWalletServer::generateDKGPoly(const std::string& polyName, int t){
  lock_guard<recursive_mutex> lock(m);
  return generateDKGPolyImpl(polyName, t);
@@ -365,6 +410,11 @@ Json::Value  SGXWalletServer::DKGVerification( const std::string& polyName, cons
  return DKGVerificationImpl(polyName, EthKeyName, SecretShare, t, n, index);
 }

+Json::Value SGXWalletServer::CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int t, int n){
+  lock_guard<recursive_mutex> lock(m);
+  return CreateBLSPrivateKeyImpl(BLSKeyName, EthKeyName, SecretShare, t, n);
+}
+

 Json::Value SGXWalletServer::generateECDSAKey(const std::string &_keyName) {
  lock_guard<recursive_mutex> lock(m);

--- a/SGXWalletServer.hpp
+++ b/SGXWalletServer.hpp
@@ -32,7 +32,7 @@ public:
    virtual Json::Value getVerificationVector(const std::string& polyName, int n, int t);
    virtual Json::Value getSecretShare(const std::string& polyName, const std::string& publicKeys, int n, int t);
    virtual Json::Value DKGVerification(const std::string& polyName, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
-
+    virtual Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int t, int n);

 };

@@ -60,5 +60,6 @@ Json::Value generateDKGPolyImpl(const std::string& polyName, int t);
 Json::Value getVerificationVectorImpl(const std::string& polyName, int n, int t);
 Json::Value getSecretShareImpl(const std::string& polyName, const std::string& publicKeys, int n, int t);
 Json::Value DKGVerificationImpl(const std::string& polyName, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
+Json::Value CreateBLSPrivateKeyImpl(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int t, int n);

 #endif //SGXWALLET_SGXWALLETSERVER_HPP
\ No newline at end of file
--- a/abstractstubserver.h
+++ b/abstractstubserver.h
@@ -24,6 +24,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
          this->bindAndAddMethod(jsonrpc::Procedure("getVerificationVector", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"polyName",jsonrpc::JSON_STRING, "n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::getVerificationVectorI);
          this->bindAndAddMethod(jsonrpc::Procedure("getSecretShare", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "polyName",jsonrpc::JSON_STRING,"publicKeys",jsonrpc::JSON_STRING,"n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::getSecretShareI);
          this->bindAndAddMethod(jsonrpc::Procedure("DKGVerification", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "polyName",jsonrpc::JSON_STRING, "EthKeyName",jsonrpc::JSON_STRING, "SecretShare",jsonrpc::JSON_STRING,"t",jsonrpc::JSON_INTEGER, "n",jsonrpc::JSON_INTEGER, "index",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::DKGVerificationI);
+          this->bindAndAddMethod(jsonrpc::Procedure("CreateBLSPrivateKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "BLSKeyName",jsonrpc::JSON_STRING, "EthKeyName",jsonrpc::JSON_STRING,"SecretShare",jsonrpc::JSON_ARRAY,"t", jsonrpc::JSON_INTEGER,"n",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::CreateBLSPrivateKeyI);
       }

        inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
@@ -66,16 +67,23 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
        {
            response = this->DKGVerification(request["polyName"].asString(), request["EthKeyName"].asString(), request["SecretShare"].asString(), request["t"].asInt(), request["n"].asInt(), request["index"].asInt());
        }
+        inline virtual void CreateBLSPrivateKeyI(const Json::Value &request, Json::Value &response)
+        {
+            response = this->CreateBLSPrivateKey(request["BLSKeyName"].asString(), request["EthKeyName"].asString(), request["SecretShare"],request["t"].asInt(), request["n"].asInt());
+        }
+
        virtual Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t) = 0;
        virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int n, int signerIndex, int t) = 0;
        virtual Json::Value importECDSAKey(const std::string& key, const std::string& keyName) = 0;
        virtual Json::Value generateECDSAKey(const std::string& keyName) = 0;
        virtual Json::Value getPublicECDSAKey(const std::string& keyName) = 0;
        virtual Json::Value ecdsaSignMessageHash(int base, const std::string& keyName, const std::string& messageHash) = 0;
+
        virtual Json::Value generateDKGPoly(const std::string& polyName, int t) = 0;
        virtual Json::Value getVerificationVector(const std::string& polyName, int n, int t) = 0;
        virtual Json::Value getSecretShare(const std::string& polyName, const std::string& publicKeys, int n, int t) = 0;
        virtual Json::Value DKGVerification( const std::string& polyName, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
+        virtual Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int t, int n) = 0;
 };

 #endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_
--- a/secure_enclave/.deps/DKGUtils.Po
+++ b/secure_enclave/.deps/DKGUtils.Po
@@ -94,7 +94,8 @@ DKGUtils.o: DKGUtils.cpp DKGUtils.h \
 ../sgxwallet_common.h \
 /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/unistd.h \
 /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/sys/types.h \
- /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/stdbool.h
+ /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/stdbool.h \
+ DH_dkg.h

 DKGUtils.h:

@@ -289,3 +290,5 @@ DKGUtils.h:
 /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/sys/types.h:

 /home/kladko/sgxwallet/sgx-sdk-build/sgxsdk/include/tlibc/stdbool.h:
+
+DH_dkg.h:
--- a/secure_enclave/DH_dkg.c
+++ b/secure_enclave/DH_dkg.c
@@ -14,7 +14,6 @@
 #include "BLSEnclave.h"
 #include <string.h>

-
 void gen_session_key(char *skey_str, char* pb_keyB, char* common_key){

    char* pb_keyB_x = (char*)malloc(65);

--- a/secure_enclave/DKGUtils.cpp
+++ b/secure_enclave/DKGUtils.cpp
@@ -3,7 +3,7 @@
 //
 #include "DKGUtils.h"

-
+#include <sgx_tgmp.h>

 #include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
 #include <../trusted_libff/libff/algebra/fields/fp.hpp>
@@ -15,6 +15,10 @@
 #include <cstdio>
 #include <stdio.h>

+#include "DH_dkg.h"
+
+
+


 std::string stringFromFr(libff::alt_bn128_Fr& _el) {
@@ -184,3 +188,5 @@ int Verification (char * decrypted_koefs, mpz_t decr_secret_share, int _t, int i
 }


+
+
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -654,11 +654,90 @@ void dkg_verification(int *err_status, char* err_string, const uint8_t * encrypt

  *result = Verification(decrypted_dkg_secret, s, _t, _ind);

-  snprintf(err_string, BUF_LEN,"val is %s", decrypted_dkg_secret);
+  //snprintf(err_string, BUF_LEN,"val is %s", decrypted_dkg_secret);

  free(decrypted_dkg_secret);
 }

+void create_bls_key(int *err_status, char* err_string, const char* s_shares,
+                      uint8_t* encrypted_key, uint64_t key_len, uint8_t * encr_bls_key){
+
+  //uint32_t dec_len = 625;
+  char skey[ECDSA_SKEY_LEN];
+  sgx_status_t status = sgx_unseal_data(
+      (const sgx_sealed_data_t *)encrypted_key, NULL, 0, (uint8_t*)skey, &key_len);
+  if (status != SGX_SUCCESS) {
+    snprintf(err_string, BUF_LEN,"sgx_unseal_key failed with status %d", status);
+    return;
+  }
+
+  int num_shares = strlen(s_shares)/192;
+
+  mpz_t sum;
+  mpz_init(sum);
+  mpz_set_ui(sum, 0);
+
+  for ( int i = 0; i < num_shares; i++) {
+    char encr_sshare[65];
+    strncpy(encr_sshare, s_shares + 192 * i, 64);
+    encr_sshare[64] = 0;
+
+    char s_share[193];
+    strncpy(s_share, s_share + 192 * i, 192);
+    s_share[192] = 0;
+    char common_key[65];
+    session_key_recover(skey, s_share, common_key);
+    common_key[64] = 0;
+
+    char decr_sshare[65];
+    xor_decrypt(common_key, encr_sshare, decr_sshare);
+
+    mpz_t decr_secret_share;
+    mpz_init(decr_secret_share);
+    mpz_set_str(decr_secret_share, decr_sshare, 16);
+
+    mpz_addmul_ui(sum, decr_secret_share, 1);
+    mpz_clear(decr_secret_share);
+  }
+
+   mpz_t q;
+   mpz_init(q);
+   mpz_set_str(q, "21888242871839275222246405745257275088696311157297823662689037894645226208583", 10);
+
+   mpz_t bls_key;
+   mpz_init(bls_key);
+
+   mpz_mod(bls_key, sum, q);
+
+   char arr[mpz_sizeinbase(bls_key, 10) + 2];
+   char *key = mpz_get_str(arr, 10, bls_key);
+
+   uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN);
+
+   status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *)key, sealedLen,(sgx_sealed_data_t*)encr_bls_key);
+   if( status !=  SGX_SUCCESS) {
+    snprintf(err_string, BUF_LEN,"seal bls private key failed");
+    return;
+   }
+
+
+
+
+  //snprintf(err_string, BUF_LEN,"sshare is %s", decr_sshare);
+  //snprintf(err_string, BUF_LEN,"encr_share is %s", encr_sshare);
+  //snprintf(err_string, BUF_LEN,"common_key is %s", common_key);
+
+//  mpz_t s;
+//  mpz_init(s);
+//  mpz_set_str(s, decr_sshare, 16);
+
+
+
+  //snprintf(err_string, BUF_LEN,"val is %s", decrypted_dkg_secret);
+
+  mpz_clear(bls_key);
+  mpz_clear(sum);
+}



--- a/secure_enclave/secure_enclave.edl
+++ b/secure_enclave/secure_enclave.edl
@@ -128,6 +128,14 @@ enclave {
                                unsigned _t,
                                int _ind,
                                [user_check] int* result);
+
+         public void create_bls_key(
+                                [user_check]int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 6145] const char* s_shares,
+                                [in, count = 1024] uint8_t* encrypted_key,
+                                uint64_t key_len,
+                                [out, count = 1024] uint8_t * encr_bls_key);
 	};



--- a/spec.json
+++ b/spec.json
@@ -141,6 +141,21 @@
      "errorMessage": "12345",
      "result": true
    }
+  },
+  {
+    "name": "CreateBLSPrivateKey",
+    "params": {
+      "BLSKeyName": "key",
+      "EthKeyName":"key1",
+      "SecretShare": ["122","1222"],
+      "n": 3,
+      "t": 3
+    },
+    "returns": {
+      "status": 0,
+      "errorMessage": "12345",
+      "BLSKeyName": "key"
+    }
  }



--- a/stubclient.h
+++ b/stubclient.h
@@ -119,21 +119,35 @@ class StubClient : public jsonrpc::Client
        else
            throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
    }
-        Json::Value DKGVerification(const std::string& polyName, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index) throw (jsonrpc::JsonRpcException)
-        {
-            Json::Value p;
-            p["EthKeyName"] = EthKeyName;
-            p["SecretShare"] = SecretShare;
-            p["index"] = index;
-            p["n"] = n;
-            p["polyName"] = polyName;
-            p["t"] = t;
-            Json::Value result = this->CallMethod("DKGVerification",p);
-            if (result.isObject())
-                return result;
-            else
-                throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
-        }
+    Json::Value DKGVerification(const std::string& polyName, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index) throw (jsonrpc::JsonRpcException)
+    {
+        Json::Value p;
+        p["EthKeyName"] = EthKeyName;
+        p["SecretShare"] = SecretShare;
+        p["index"] = index;
+        p["n"] = n;
+        p["polyName"] = polyName;
+        p["t"] = t;
+        Json::Value result = this->CallMethod("DKGVerification",p);
+        if (result.isObject())
+          return result;
+        else
+          throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+    }
+    Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const Json::Value& SecretShare, int n, int t) throw (jsonrpc::JsonRpcException)
+    {
+      Json::Value p;
+      p["BLSKeyName"] = BLSKeyName;
+      p["EthKeyName"] = EthKeyName;
+      p["SecretShare"] = SecretShare;
+      p["n"] = n;
+      p["t"] = t;
+      Json::Value result = this->CallMethod("CreateBLSPrivateKey",p);
+      if (result.isObject())
+       return result;
+      else
+       throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+    }
 };

 #endif //JSONRPC_CPP_STUB_STUBCLIENT_H_
--- a/testw.cpp
+++ b/testw.cpp
@@ -715,9 +715,9 @@ TEST_CASE("API test", "[api_test]") {
 //          "505f55a38f9c064da744f217d1cb993a17705e9839801958cda7c884e08ab4dad7fd8d22953d3ac7f0913de24fd67d7ed36741141b8a3da152d7ba954b0f14e232d69c361f0bc9e05f1cf8ef387122dc1d2f7cee7b6cda3537fc9427c02328b01f02fd94ec933134dc795a642864f8cb41ae263e11abaf992e21fcf9be732deb",
 //         2,2);

-        cout << c.getSecretShare("p2",
-              "669aa790e1c5f5199af82ab0b6f1965c382d23a2ebdda581454adba3fd082a30edab62b545f78f1e402ceef7340a0364a7046633d6151fe7e657d8b8a6352378b3e6fdfe2633256ae1662fcd23466d02ead907b5d4366136341cea5e46f5a7bb67d897d6e35f619810238aa143c416f61c640ed214eb9c67a34c4a31b7d25e6e",
-              2,2);
+//        cout << c.getSecretShare("p2",
+//              "669aa790e1c5f5199af82ab0b6f1965c382d23a2ebdda581454adba3fd082a30edab62b545f78f1e402ceef7340a0364a7046633d6151fe7e657d8b8a6352378b3e6fdfe2633256ae1662fcd23466d02ead907b5d4366136341cea5e46f5a7bb67d897d6e35f619810238aa143c416f61c640ed214eb9c67a34c4a31b7d25e6e",
+//              2,2);

     // cout << c.generateDKGPoly("p3", 3);
     // cout << c.getSecretShare("p3",
@@ -725,12 +725,17 @@ TEST_CASE("API test", "[api_test]") {
         //                      3,3);


-//     std::string share_big = "501e364a6ea516f4812b013bcc150cbb435a2c465c9fd525951264969d8441a986798fd3317c1c3e60f868bb26c4cff837d9185f4be6015d8326437cb5b69480495859cd5a385430ece51252acdc234d8dbde75708b600ac50b2974e813ee26bd87140d88647fcc44df7262bbba24328e8ce622cd627a15b508ffa0db9ae81e0e110fab42cfe40da66b524218ca3c8e5aa3363fbcadef748dc3523a7ffb95b8f5d8141a5163db9f69d1ab223494ed71487c9bb032a74c08a222d897a5e49a617";
+      std::string share_big0 = "501e364a6ea516f4812b013bcc150cbb435a2c465c9fd525951264969d8441a986798fd3317c1c3e60f868bb26c4cff837d9185f4be6015d8326437cb5b69480495859cd5a385430ece51252acdc234d8dbde75708b600ac50b2974e813ee26bd87140d88647fcc44df7262bbba24328e8ce622cd627a15b508ffa0db9ae81e0e110fab42cfe40da66b524218ca3c8e5aa3363fbcadef748dc3523a7ffb95b8f5d8141a5163db9f69d1ab223494ed71487c9bb032a74c08a222d897a5e49a617";
      std::string share_big = "03f749e2fcc28021895d757ec16d1636784446f5effcd3096b045136d8ab02657b32adc577f421330b81f5b7063df3b08a0621a897df2584b9046ca416e50ecc27e8c3277e981f7e650f8640289be128eecf0105f89a20e5ffb164744c45cf191d627ce9ab6c44e2ef96f230f2a4de742ea43b6f74b56849138026610b2d965605ececba527048a0f29f46334b1cec1d23df036248b24eccca99057d24764acee66c1a3f2f44771d0d237bf9d18c4177277e3ce3dc4e83686a2647fce1565ee0";
      std::string share = share_big.substr(0, 192);

-      cout << c.DKGVerification("p2", "test_key1", share, 2, 2, 0);
+      //cout << c.DKGVerification("p2", "test_key1", share, 2, 2, 0);

+      Json::Value SecretShare;
+      SecretShare.append(share_big0);
+      SecretShare.append(share_big);
+
+      cout << c.CreateBLSPrivateKey( "test_bls_key","test_key1", SecretShare, 2, 2 );

    } catch (JsonRpcException &e) {
        cerr << e.what() << endl;