SKALE-3067-cleanup-sgx

f88387af · kladko · c79d6ef6 · f88387af · f88387af · f88387af
Unverified Commit f88387af authored Aug 11, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 36 deletions

ECDSACrypto.cpp ECDSACrypto.cpp +10 -2

secure_enclave.c secure_enclave/secure_enclave.c +19 -30

testw.cpp testw.cpp +14 -4

No files found.
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -192,6 +192,7 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,
        spdlog::error("failed to sign {}", status);
        throw SGXException(666, "failed to sign");
    }
+
    signatureVector.at(0) = to_string(signatureV);
    if (base == 16) {
        signatureVector.at(1) = "0x" + string(signatureR.data());
@@ -205,8 +206,15 @@ vector <string> ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex,

    pubKeyStr = getECDSAPubKey(encryptedKeyHex);

-    if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
-        throw SGXException(667, "ECDSA did not verify");
+    static uint64_t  i = 0;
+
+    i++;
+
+    if (i % 1000 == 0) {
+
+        if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data(), base)) {
+            throw SGXException(667, "ECDSA did not verify");
+        }
    }

    return signatureVector;

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -1268,41 +1268,38 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv

    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);

+    mpz_t privateKeyMpz;
+    mpz_init(privateKeyMpz);
+    mpz_t msgMpz;
+    mpz_init(msgMpz);
+    signature sign = signature_init();
+
    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);

    if (status != 0) {
        *errStatus = status;
        snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
-        return;
+        LOG_ERROR(status);
+        goto clean;
    }

    skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';

-    snprintf(errString, BUF_LEN, "pr key length is %zu ", strlen(skey));
-    mpz_t privateKeyMpz;
-    mpz_init(privateKeyMpz);
    if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
        *errStatus = -1;
        snprintf(errString, BUF_LEN, "invalid secret key");
-        LOG_ERROR(skey);
-        mpz_clear(privateKeyMpz);
-        return;
+        LOG_ERROR(errString);
+        goto clean;
    }

-    mpz_t msgMpz;
-    mpz_init(msgMpz);
+
    if (mpz_set_str(msgMpz, hash, 16) == -1) {
        *errStatus = -1;
        snprintf(errString, BUF_LEN, "invalid message hash");
-
-        mpz_clear(privateKeyMpz);
-        mpz_clear(msgMpz);
-
-        return;
+        LOG_ERROR(errString);
+        goto clean;
    }

-    signature sign = signature_init();
-
    signature_sign(sign, msgMpz, privateKeyMpz, curve);

    sigCounter++;
@@ -1316,28 +1313,22 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
        if (!signature_verify(msgMpz, sign, Pkey, curve)) {
            *errStatus = -2;
            snprintf(errString, BUF_LEN, "signature is not verified! ");
-
-            mpz_clear(privateKeyMpz);
-            mpz_clear(msgMpz);
-
-            signature_free(sign);
            point_clear(Pkey);
-
-            return;
+            goto clean;
        }

        point_clear(Pkey);
    }

-    SAFE_CHAR_BUF(arrM, mpz_sizeinbase(msgMpz, 16) + 2);
+    SAFE_CHAR_BUF(arrM, BUF_LEN);
    mpz_get_str(arrM, 16, msgMpz);
    snprintf(errString, BUF_LEN, "message is %s ", arrM);

-    SAFE_CHAR_BUF(arrR, mpz_sizeinbase(sign->r, base) + 2);
+    SAFE_CHAR_BUF(arrR, BUF_LEN);
    mpz_get_str(arrR, base, sign->r);
    strncpy(sigR, arrR, 1024);

-    SAFE_CHAR_BUF(arrS, mpz_sizeinbase(sign->s, base) + 2);
+    SAFE_CHAR_BUF(arrS, BUF_LEN);
    mpz_get_str(arrS, base, sign->s);
    strncpy(sigS, arrS, 1024);

@@ -1345,6 +1336,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv

    *errStatus = 0;

+    clean:
+
    mpz_clear(privateKeyMpz);
    mpz_clear(msgMpz);
    signature_free(sign);
@@ -1362,10 +1355,6 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,

    *errStatus = UNKNOWN_ERROR;

-    memset(errString, 0, BUF_LEN);
-
-    memset(encryptedPrivateKey, 0, BUF_LEN);
-
    int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
    if (stat != 0) {
        *errStatus = stat;

--- a/testw.cpp
+++ b/testw.cpp
@@ -111,10 +111,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig
    vector<char> signatureS(BUF_LEN, 0);
    uint8_t signatureV = 0;

-    status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
-                              (unsigned char *) hex.data(),
-                              signatureR.data(),
-                              signatureS.data(), &signatureV, 16);
+
+    for (int i = 0; i < 50; i++) {
+        status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
+                                  (unsigned char *) hex.data(),
+                                  signatureR.data(),
+                                  signatureS.data(), &signatureV, 16);
+    }


    REQUIRE(status == SGX_SUCCESS);
@@ -286,6 +289,13 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") {
        }
    }

+    auto keyName = genECDSAKeyAPI(c);
+
+
+Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH);
+
+
+
    for (int i = 0; i <= 20; i++) {
        try {
            auto keyName = genECDSAKeyAPI(c);