Merge pull request #109 from skalenetwork/bug/SKALE-2748-ecdsa-not-verified

Bug/skale 2748 ecdsa not verified

Merge pull request #109 from skalenetwork/bug/SKALE-2748-ecdsa-not-verified
Bug/skale 2748 ecdsa not verified
f5f6d6cd · Oleh Nikolaiev · GitHub · 5b71e0f4 · 609d155b · f5f6d6cd
Unverified Commit f5f6d6cd authored Jun 18, 2020 by Oleh Nikolaiev Committed by GitHub Jun 18, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 7 deletions

ECDSACrypto.cpp ECDSACrypto.cpp +14 -6

secure_enclave.c secure_enclave/secure_enclave.c +1 -1

testw.cpp testw.cpp +15 -0

No files found.
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -114,6 +114,11 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
    if (errStatus != 0) {
        throw SGXException(-666, errMsg.data());
    }
+
+    if (status != SGX_SUCCESS) {
+        spdlog::error("failed to get ECDSA public key {}", status);
+        throw SGXException(666, "failed to get ECDSA public key");
+    }
    string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);//


@@ -126,13 +131,13 @@ string getECDSAPubKey(const char *_encryptedKeyHex) {
 }

 bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR,
-        const char *signatureS) {
+        const char *signatureS, int base) {
    bool result = false;

    signature sig = signature_init();

-    auto r = pubKeyStr.substr(0, 64);
-    auto s = pubKeyStr.substr(64, 128);
+    auto x = pubKeyStr.substr(0, 64);
+    auto y = pubKeyStr.substr(64, 128);
    domain_parameters curve = domain_parameters_init();
    domain_parameters_load_curve(curve, secp256k1);
    point publicKey = point_init();
@@ -144,9 +149,12 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur
        goto clean;
    }

-    signature_set_str(sig, signatureR, signatureS, 16);
+    if (signature_set_str(sig, signatureR, signatureS, base) != 0) {
+        spdlog::error("Failed to set str signature");
+        goto clean;
+    }

-    point_set_hex(publicKey, r.c_str(), s.c_str());
+    point_set_hex(publicKey, x.c_str(), y.c_str());
    if (!signature_verify(msgMpz, sig, publicKey, curve)) {
        spdlog::error("ECDSA sig not verified");
        goto clean;
@@ -212,7 +220,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,

    /* Now verify signature */

-    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) {
+    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
        exception = make_shared<SGXException>(667, "ECDSA did not verify");
        goto clean;
    }

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -361,7 +361,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate

    if (!signature_verify(msgMpz, sign, publicKey, curve)) {
        *errStatus = 2;
-        snprintf(errString, BUF_LEN, "ECDSA sig not verified");
+        snprintf(errString, BUF_LEN, "ECDSA signature is not verified");
        LOG_WARN(errString);
        goto clean;
    }

--- a/testw.cpp
+++ b/testw.cpp
@@ -296,6 +296,21 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
            throw;
        }
    }
+
+    for (int i = 0; i <= 20; i++) {
+        try {
+
+            auto keyName = genECDSAKeyAPI(c);
+
+            Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
+            REQUIRE(sig["status"].asInt() == 0);
+            Json::Value getPubKey = c.getPublicECDSAKey(keyName);
+            REQUIRE(getPubKey["status"].asInt() == 0);
+        } catch (JsonRpcException &e) {
+            cerr << e.what() << endl;
+            throw;
+        }
+    }
 }

 TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") {