Merge pull request #257 from skalenetwork/feature/SKALE-3661-add-v2-methods

Feature/skale 3661 add v2 methods

DKGCrypto.cpp

@@ -440,6 +440,36 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
 
 }
 
+bool createBLSShareV2(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
+
+    CHECK_STATE(s_shares);
+    CHECK_STATE(encryptedKeyHex);
+
+    vector<char> errMsg(BUF_LEN, 0);
+    int errStatus = 0;
+
+    uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN);
+    if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
+        throw SGXException(CREATE_BLS_SHARE_INVALID_KEY_HEX, string(__FUNCTION__) + ":Invalid encryptedKeyHex");
+    }
+
+    uint64_t enc_bls_len = 0;
+
+    sgx_status_t status = SGX_SUCCESS;
+
+    status = trustedCreateBlsKeyV2(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
+                                 &enc_bls_len);
+
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
+
+    vector<char> hexBLSKey = carray2Hex(encr_bls_key, enc_bls_len);
+
+    SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey.data());
+
+    return true;
+
+}
+
 vector <string> getBLSPubKey(const char *encryptedKeyHex) {
 
     CHECK_STATE(encryptedKeyHex);
@@ -533,7 +563,8 @@ string decryptDHKey(const string &polyName, int ind) {
 
     vector<char> hexEncrKey(2 * BUF_LEN, 0);
 
-    uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN)
+    uint64_t dhEncLen = 0;
+    SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
     if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) {
         throw SGXException(DECRYPT_DH_KEY_INVALID_KEY_HEX, string(__FUNCTION__) + ":Invalid hexEncrKey");
     }

DKGCrypto.h

@@ -51,6 +51,8 @@ string decryptDHKey(const string& polyName, int ind);
 
 bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
 
+bool createBLSShareV2( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
+
 vector<string> getBLSPubKey(const char * encryptedKeyHex);
 
 vector<string> mult_G2(const string& x);

LevelDB.cpp

@@ -161,14 +161,12 @@ std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
 }
 
 void LevelDB::writeDataUnique(const string & name, const string &value) {
-  auto key = name;
-
   if (readString(name)) {
     spdlog::debug("Name {} already exists", name);
     throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
   }
 
-  writeString(key, value);
+  writeString(name, value);
 }
 
 pair<stringstream, uint64_t> LevelDB::getAllKeys() {

Makefile.am

@@ -59,7 +59,7 @@ CLEANFILES = $(COMMON_ENCLAVE_SRC) secure_enclave.edl secure_enclave.signed.so
 
 ## The build target
 
-bin_PROGRAMS =  sgxwallet testw sgx_util
+bin_PROGRAMS = sgxwallet testw sgx_util
 
 
 ## You can't use $(wildcard ...) with automake so all source files
@@ -117,4 +117,4 @@ sgx_util_SOURCES= InvalidStateException.cpp Exception.cpp InvalidArgumentExcepti
 sgx_util_LDADD= -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
                 -LlibBLS/build/libff/libff \
                 -l:libbls.a -l:libleveldb.a \
-                -l:libff.a -lgmp  -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lidn2 -lcurl -lssl -lcrypto -lz -lpthread -ldl
+                -l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lidn2 -lcurl -lssl -lcrypto -lz -lpthread -ldl

SGXWalletServer.cpp

@@ -899,6 +899,66 @@ Json::Value SGXWalletServer::dkgVerificationV2Impl(const string &_publicShares,
     RETURN_SUCCESS(result)
 }
 
+Json::Value
+SGXWalletServer::createBLSPrivateKeyV2Impl(const string &_blsKeyName, const string &_ethKeyName, const string &_polyName,
+                                         const string &_secretShare, int _t, int _n) {
+    COUNT_STATISTICS
+    spdlog::info("Entering {}", __FUNCTION__);
+    INIT_RESULT(result)
+
+    try {
+        if (_secretShare.length() != (uint64_t) _n * 192) {
+            throw SGXException(INVALID_CREATE_BLS_KEY_SECRET_SHARES_LENGTH,
+                               string(__FUNCTION__) + ":Invalid secret share length");
+        }
+        if (!checkECDSAKeyName(_ethKeyName)) {
+            throw SGXException(INVALID_CREATE_BLS_ECDSA_KEY_NAME,
+                               string(__FUNCTION__) + ":Invalid ECDSA key name");
+        }
+        if (!checkName(_polyName, "POLY")) {
+            throw SGXException(INVALID_CREATE_BLS_POLY_NAME, string(__FUNCTION__) +
+                                                             ":Invalid polynomial name");
+        }
+        if (!checkName(_blsKeyName, "BLS_KEY")) {
+            throw SGXException(INVALID_CREATE_BLS_KEY_NAME, string(__FUNCTION__) +
+                                                            ":Invalid BLS key name");
+        }
+        if (!check_n_t(_t, _n)) {
+            throw SGXException(INVALID_CREATE_BLS_DKG_PARAMS,
+                               string(__FUNCTION__) + ":Invalid DKG parameters: n or t ");
+        }
+        vector <string> sshares_vect;
+
+        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
+
+        CHECK_STATE(encryptedKeyHex_ptr);
+
+        bool res = createBLSShareV2(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
+        if (res) {
+            spdlog::info("BLS KEY SHARE CREATED ");
+        } else {
+            throw SGXException(INVALID_CREATE_BLS_SHARE,
+                               string(__FUNCTION__) + ":Error while creating BLS key share");
+        }
+
+
+        for (int i = 0; i < _n; i++) {
+            string name = _polyName + "_" + to_string(i) + ":";
+            LevelDB::getLevelDb()->deleteDHDKGKey(name);
+            string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
+            LevelDB::getLevelDb()->deleteKey(shareG2_name);
+        }
+        LevelDB::getLevelDb()->deleteKey(_polyName);
+
+
+        string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
+        LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName);
+
+    } HANDLE_SGX_EXCEPTION(result)
+
+    RETURN_SUCCESS(result);
+}
+
 Json::Value SGXWalletServer::generateDKGPoly(const string &_polyName, int _t) {
     return generateDKGPolyImpl(_polyName, _t);
 }
@@ -993,6 +1053,12 @@ SGXWalletServer::dkgVerificationV2(const string &_publicShares, const string &et
     return dkgVerificationV2Impl(_publicShares, ethKeyName, SecretShare, t, n, index);
 }
 
+Json::Value
+SGXWalletServer::createBLSPrivateKeyV2(const string &blsKeyName, const string &ethKeyName, const string &polyName,
+                                     const string &SecretShare, int t, int n) {
+    return createBLSPrivateKeyV2Impl(blsKeyName, ethKeyName, polyName, SecretShare, t, n);
+}
+
 shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
     auto dataStr = checkDataFromDb(prefix + name);
 

SGXWalletServer.hpp

@@ -111,6 +111,8 @@ public:
 
     virtual Json::Value dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare, int t, int n, int index);
 
+    virtual Json::Value createBLSPrivateKeyV2(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+
     static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
 
     static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
@@ -167,6 +169,8 @@ public:
 
     static Json::Value dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName, const string &_secretShare, int _t, int _n, int _index);
 
+    virtual Json::Value createBLSPrivateKeyV2Impl(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+
     static void printDB();
 
     static int initHttpServer();

TestUtils.cpp

@@ -373,7 +373,7 @@ void TestUtils::sendRPCRequestV2() {
         string blsName = "BLS_KEY" + polyNames[i].substr(4);
         string secretShare = secretShares[i]["secretShare"].asString();
 
-        auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t, n);
+        auto response = c.createBLSPrivateKeyV2(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t, n);
         CHECK_STATE(response["status"] == 0);
         pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);
         CHECK_STATE(pubBLSKeys[i]["status"] == 0);
@@ -640,7 +640,7 @@ void TestUtils::doDKGV2(StubClient &c, int n, int t,
         _blsKeyNames.push_back(blsName);
         string secretShare = secretShares[i]["secretShare"].asString();
 
-        auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
+        auto response = c.createBLSPrivateKeyV2(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
                                               n);
         CHECK_STATE(response["status"] == 0);
         pubBLSKeys[i] = c.getBLSPublicKeyShare(blsName);

VERSION

-1.64.2
\ No newline at end of file
+1.65.0

abstractstubserver.h

@@ -61,6 +61,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
 
           this->bindAndAddMethod(jsonrpc::Procedure("getSecretShareV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "polyName",jsonrpc::JSON_STRING,"publicKeys",jsonrpc::JSON_ARRAY, "n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::getSecretShareV2I);
           this->bindAndAddMethod(jsonrpc::Procedure("dkgVerificationV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "publicShares",jsonrpc::JSON_STRING, "ethKeyName",jsonrpc::JSON_STRING, "secretShare",jsonrpc::JSON_STRING,"t",jsonrpc::JSON_INTEGER, "n",jsonrpc::JSON_INTEGER, "index",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::dkgVerificationV2I);
+          this->bindAndAddMethod(jsonrpc::Procedure("createBLSPrivateKeyV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "blsKeyName",jsonrpc::JSON_STRING, "ethKeyName",jsonrpc::JSON_STRING, "polyName", jsonrpc::JSON_STRING, "secretShare",jsonrpc::JSON_STRING,"t", jsonrpc::JSON_INTEGER,"n",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::createBLSPrivateKeyV2I);
         }
 
         inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
@@ -155,6 +156,10 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
         {
             response = this->dkgVerificationV2(request["publicShares"].asString(), request["ethKeyName"].asString(), request["secretShare"].asString(), request["t"].asInt(), request["n"].asInt(), request["index"].asInt());
         }
+        inline virtual void createBLSPrivateKeyV2I(const Json::Value &request, Json::Value &response)
+        {
+            response = this->createBLSPrivateKeyV2(request["blsKeyName"].asString(), request["ethKeyName"].asString(), request["polyName"].asString(),request["secretShare"].asString(),request["t"].asInt(), request["n"].asInt());
+        }
 
         virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName) = 0;
         virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int t, int n ) = 0;
@@ -167,8 +172,8 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
         virtual Json::Value getVerificationVector(const std::string& polyName, int t, int n) = 0;
         virtual Json::Value getSecretShare(const std::string& polyName, const Json::Value& publicKeys, int t, int n) = 0;
         virtual Json::Value dkgVerification( const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
-        virtual Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n) = 0;
-        virtual Json::Value getBLSPublicKeyShare(const std::string & blsKeyName) = 0;
+        virtual Json::Value createBLSPrivateKey(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n) = 0;
+        virtual Json::Value getBLSPublicKeyShare(const std::string& blsKeyName) = 0;
         virtual Json::Value calculateAllBLSPublicKeys(const Json::Value& publicShares, int t, int n) = 0;
         virtual Json::Value complaintResponse(const std::string& polyName, int t, int n, int ind) = 0;
         virtual Json::Value multG2(const std::string & x) = 0;
@@ -180,6 +185,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
 
         virtual Json::Value getSecretShareV2(const std::string& polyName, const Json::Value& publicKeys, int t, int n) = 0;
         virtual Json::Value dkgVerificationV2( const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
+        virtual Json::Value createBLSPrivateKeyV2(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n) = 0;
 };
 
 #endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_

secure_enclave/secure_enclave.c

@@ -1244,6 +1244,117 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
     LOG_INFO("SGX call completed");
 }
 
+void trustedCreateBlsKeyV2(int *errStatus, char *errString, const char *s_shares,
+                            uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
+                            uint64_t *enc_bls_key_len) {
+
+    LOG_INFO(__FUNCTION__);
+
+    INIT_ERROR_STATE
+
+    CHECK_STATE(s_shares);
+    CHECK_STATE(encryptedPrivateKey);
+    CHECK_STATE(encr_bls_key);
+
+    SAFE_CHAR_BUF(skey, BUF_LEN);
+
+    mpz_t sum;
+    mpz_init(sum);
+    mpz_set_ui(sum, 0);
+
+    mpz_t q;
+    mpz_init(q);
+    mpz_set_str(q, "21888242871839275222246405745257275088548364400416034343698204186575808495617", 10);
+
+    mpz_t bls_key;
+    mpz_init(bls_key);
+
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+
+    int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN,
+                             &type, &exportable);
+    CHECK_STATUS2("aes decrypt failed with status %d");
+
+    skey[ECDSA_SKEY_LEN - 1] = 0;
+
+    int num_shares = strlen(s_shares) / 192;
+
+    for (int i = 0; i < num_shares; i++) {
+        SAFE_CHAR_BUF(encr_sshare, 65);
+        strncpy(encr_sshare, s_shares + 192 * i, 64);
+        encr_sshare[64] = 0;
+
+        SAFE_CHAR_BUF(s_share, 193);
+        strncpy(s_share, s_shares + 192 * i, 192);
+        s_share[192] = 0;
+
+        SAFE_CHAR_BUF(common_key, 65);
+
+        status = session_key_recover(skey, s_share, common_key);
+
+        CHECK_STATUS("session_key_recover failed");
+
+        common_key[64] = 0;
+
+        SAFE_CHAR_BUF(derived_key, BUF_LEN);
+        status = hash_key(common_key, derived_key);
+        CHECK_STATUS("hash key failed")
+        derived_key[ECDSA_BIN_LEN - 1] = 0;
+
+        SAFE_CHAR_BUF(decr_sshare, 65);
+
+        status = xor_decrypt_v2(derived_key, encr_sshare, decr_sshare);
+
+        CHECK_STATUS("xor_decrypt failed");
+
+        decr_sshare[64] = 0;
+
+        mpz_t decr_secret_share;
+        mpz_init(decr_secret_share);
+        if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) {
+            *errStatus = 111;
+            snprintf(errString, BUF_LEN, "invalid decrypted secret share");
+            LOG_ERROR(errString);
+
+            mpz_clear(decr_secret_share);
+            goto clean;
+        }
+
+        mpz_addmul_ui(sum, decr_secret_share, 1);
+        mpz_clear(decr_secret_share);
+    }
+
+
+    mpz_mod(bls_key, sum, q);
+
+    SAFE_CHAR_BUF(key_share, BLS_KEY_LENGTH);
+
+    SAFE_CHAR_BUF(arr_skey_str, BUF_LEN);
+
+    mpz_get_str(arr_skey_str, 16, bls_key);
+    int n_zeroes = 64 - strlen(arr_skey_str);
+    for (int i = 0; i < n_zeroes; i++) {
+        key_share[i] = '0';
+    }
+    strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes);
+    key_share[BLS_KEY_LENGTH - 1] = 0;
+
+    status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_EXPORTABLE, enc_bls_key_len);
+
+    CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
+
+    SET_SUCCESS
+    clean:
+
+    mpz_clear(bls_key);
+    mpz_clear(sum);
+    mpz_clear(q);
+    LOG_INFO(__FUNCTION__ );
+    LOG_INFO("SGX call completed");
+}
+
 void
 trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
                        char *bls_pub_key) {

secure_enclave/secure_enclave.edl

@@ -156,6 +156,15 @@ enclave {
                                 [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
                                 [out] uint64_t *enc_bls_key_len);
 
+        public void trustedCreateBlsKeyV2(
+                                [out]int *errStatus,
+                                [out, count = SMALL_BUF_SIZE] char* err_string,
+                                [in, count = 6145] const char* s_shares,
+                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
+                                uint64_t key_len,
+                                [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
+                                [out] uint64_t *enc_bls_key_len);
+
         public void trustedBlsSignMessage (
                                 [out] int *errStatus,
                                 [out, count = TINY_BUF_SIZE] char* err_string,

stubclient.h

@@ -187,6 +187,22 @@ class StubClient : public jsonrpc::Client
            throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
         }
 
+        Json::Value createBLSPrivateKeyV2(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n)
+        {
+          Json::Value p;
+          p["blsKeyName"] = blsKeyName;
+          p["ethKeyName"] = ethKeyName;
+          p["polyName"] = polyName;
+          p["secretShare"] = SecretShare;
+          p["n"] = n;
+          p["t"] = t;
+          Json::Value result = this->CallMethod("createBLSPrivateKeyV2",p);
+          if (result.isObject())
+           return result;
+          else
+           throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+        }
+
         Json::Value getBLSPublicKeyShare(const std::string & blsKeyName) 
         {
             Json::Value p;

testw.cpp

@@ -999,7 +999,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG V2 test", "[aes-dkg-v2]") {
     for (int i = 0; i < t; i++) {
         string endName = polyNames[i].substr(4);
         string blsName = "BLS_KEY" + polyNames[i].substr(4);
-        auto response = c.createBLSPrivateKey(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
+        auto response = c.createBLSPrivateKeyV2(blsName, ethKeys[i]["keyName"].asString(), polyNames[i], secShares[i], t,
                                               n);
         REQUIRE(response["status"] == 0);
 
@@ -1071,7 +1071,7 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg v2 bls", "[many-threads-cr
     vector <thread> threads;
     int num_threads = 4;
     for (int i = 0; i < num_threads; i++) {
-        threads.push_back(thread(TestUtils::sendRPCRequest));
+        threads.push_back(thread(TestUtils::sendRPCRequestV2));
     }
 
     for (auto &thread : threads) {