diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 6cd4b7ba..964f77d1 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -22,47 +22,47 @@ */ #include - #include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp" +#include "leveldb/db.h" +#include + +#include "third_party/intel/create_enclave.h" + #include "bls.h" #include -#include "leveldb/db.h" -#include #include "BLSPrivateKeyShareSGX.h" -#include "sgxwallet_common.h" -#include "third_party/intel/create_enclave.h" -#include "secure_enclave_u.h" -#include "third_party/intel/sgx_detect.h" -#include -#include +#include "sgxwallet_common.h" #include "sgxwallet.h" - +#include "SGXException.h" +#include "third_party/spdlog/spdlog.h" +#include "common.h" #include "SGXWalletServer.h" -#include "BLSCrypto.h" +#include "SEKManager.h" +#include "LevelDB.h" #include "ServerInit.h" +#include "BLSCrypto.h" -#include "SGXException.h" -#include "third_party/spdlog/spdlog.h" -#include "common.h" +string *FqToString(libff::alt_bn128_Fq *_fq) { + + CHECK_STATE(_fq); -std::string *FqToString(libff::alt_bn128_Fq *_fq) { mpz_t t; mpz_init(t); _fq->as_bigint().to_mpz(t); - char arr[mpz_sizeinbase(t, 10) + 2]; + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2); mpz_get_str(arr, 10, t); mpz_clear(t); - return new std::string(arr); + return new string(arr); } int char2int(char _input) { @@ -75,11 +75,18 @@ int char2int(char _input) { return -1; } -void carray2Hex(const unsigned char *d, int _len, char *_hexArray) { +void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray, + uint64_t _hexArrayLen) { + + CHECK_STATE(d); + CHECK_STATE(_hexArray); + char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; - for (int j = 0; j < _len; j++) { + CHECK_STATE(_hexArrayLen > 2 * _len); + + for (uint64_t j = 0; j < _len; j++) { _hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)]; _hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F]; } @@ -87,38 +94,29 @@ void carray2Hex(const unsigned char *d, int _len, char *_hexArray) { _hexArray[_len * 2] = 0; } -bool hex2carray(const char *_hex, uint64_t *_bin_len, uint8_t *_bin) { - int len = strnlen(_hex, 2 * BUF_LEN); - if (len == 0 && len % 2 == 1) - return false; +bool hex2carray(const char *_hex, uint64_t *_bin_len, + uint8_t *_bin, uint64_t _max_length) { - *_bin_len = len / 2; - for (int i = 0; i < len / 2; i++) { - int high = char2int((char) _hex[i * 2]); - int low = char2int((char) _hex[i * 2 + 1]); + CHECK_STATE(_hex); + CHECK_STATE(_bin); + CHECK_STATE(_bin_len) - if (high < 0 || low < 0) { - return false; - } - _bin[i] = (unsigned char) (high * 16 + low); - } + uint64_t len = strnlen(_hex, 2 * _max_length + 1); - return true; -} + CHECK_STATE(len != 2 * _max_length + 1); + + CHECK_STATE(len <= 2 * _max_length); -bool hex2carray2(const char *_hex, uint64_t *_bin_len, - uint8_t *_bin, const int _max_length) { - int len = strnlen(_hex, _max_length); if (len == 0 && len % 2 == 1) return false; *_bin_len = len / 2; - for (int i = 0; i < len / 2; i++) { + for (uint64_t i = 0; i < len / 2; i++) { int high = char2int((char) _hex[i * 2]); int low = char2int((char) _hex[i * 2 + 1]); @@ -134,13 +132,20 @@ bool hex2carray2(const char *_hex, uint64_t *_bin_len, bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex, char *_sig) { + + + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); + CHECK_STATE(_sig); + auto keyStr = make_shared(_encryptedKeyHex); - auto hash = make_shared>(); + auto hash = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; - if (!hex2carray(_hashHex, &binLen, hash->data())) { + if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -156,43 +161,39 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t } bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) { - auto hash = make_shared>(); + + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); + CHECK_STATE(_sig); + + auto hash = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; - if (!hex2carray(_hashHex, &binLen, hash->data())) { + if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) { throw SGXException(INVALID_HEX, "Invalid hash"); } - shared_ptr obj; + shared_ptr obj; obj = make_shared(signatures::Bls(_t, _n)); - std::pair hash_with_hint = obj->HashtoG1withHint(hash); + pair hash_with_hint = obj->HashtoG1withHint(hash); string *xStr = FqToString(&(hash_with_hint.first.X)); - if (xStr == nullptr) { - std::cerr << "Null xStr" << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("Null xStr")); - } + CHECK_STATE(xStr); string *yStr = FqToString(&(hash_with_hint.first.Y)); if (yStr == nullptr) { - std::cerr << "Null yStr" << std::endl; delete xStr; BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } - char errMsg[BUF_LEN]; - memset(errMsg, 0, BUF_LEN); + vector errMsg(BUF_LEN, 0); - char xStrArg[BUF_LEN]; - char yStrArg[BUF_LEN]; - char signature[BUF_LEN]; - - memset(xStrArg, 0, BUF_LEN); - memset(yStrArg, 0, BUF_LEN); + SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN); strncpy(xStrArg, xStr->c_str(), BUF_LEN); strncpy(yStrArg, yStr->c_str(), BUF_LEN); @@ -202,34 +203,30 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz size_t sz = 0; - uint8_t encryptedKey[BUF_LEN]; + SAFE_UINT8_BUF(encryptedKey, BUF_LEN); - bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey); + bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN); if (!result) { - cerr << "Invalid hex encrypted key" << endl; - BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key")); + BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); } int errStatus = 0; - sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, - sz, xStrArg, yStrArg, signature); - if (status != SGX_SUCCESS) { - cerr << "SGX enclave call to trustedBlsSignMessage failed with status:" << status << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); - } + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - cerr << "SGX enclave call to trustedBlsSignMessage failed with errStatus:" << errStatus << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); - } + RESTART_BEGIN + status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey, + sz, xStrArg, yStrArg, signature); + RESTART_END - std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; - std::string sig = signature; + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); + + string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; + + string sig = signature; sig.append(":"); sig.append(hint); @@ -240,36 +237,37 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz } bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) { + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig); } -std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { - auto keyArray = make_shared>(BUF_LEN, 0); - auto encryptedKey = make_shared>(BUF_LEN, 0); - auto errMsg = make_shared>(BUF_LEN, 0); +string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { + CHECK_STATE(errStatus); + CHECK_STATE(err_string); + CHECK_STATE(_key); + auto keyArray = make_shared < vector < char >> (BUF_LEN, 0); + auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0); - strncpy(keyArray->data(), _key, BUF_LEN); - *errStatus = -1; + vector errMsg(BUF_LEN, 0); - unsigned int encryptedLen = 0; + strncpy(keyArray->data(), _key, BUF_LEN); + *errStatus = 0; - status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen); + uint64_t encryptedLen = 0; - spdlog::debug("errStatus is {}", *errStatus); - spdlog::debug("errMsg is ", errMsg->data()); + sgx_status_t status = SGX_SUCCESS; - if (*errStatus != 0) { - throw SGXException(-666, errMsg->data()); - } + RESTART_BEGIN + status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), + &encryptedLen); + RESTART_END_POINTER - if (status != SGX_SUCCESS) { - *errStatus = -1; - return ""; - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); - std::string result(2 * BUF_LEN, '\0'); + SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1); - carray2Hex(encryptedKey->data(), encryptedLen, &result.front()); + carray2Hex(encryptedKey->data(), encryptedLen, resultBuf, 2 * BUF_LEN + 1); - return result; + return string(resultBuf); } diff --git a/BLSCrypto.h b/BLSCrypto.h index 15bedec1..102fe992 100644 --- a/BLSCrypto.h +++ b/BLSCrypto.h @@ -38,13 +38,10 @@ EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t EXTERNC int char2int(char _input); -EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray); +EXTERNC void carray2Hex(const unsigned char *d, uint64_t , char* _hexArray, + uint64_t _hexArrayLen); EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len, - uint8_t* _bin ); -EXTERNC bool hex2carray2(const char * _hex, uint64_t *_bin_len, - uint8_t* _bin, const int _max_length ); - - + uint8_t* _bin, uint64_t _max_length ); std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index bc469b27..9a899cc9 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -25,172 +25,167 @@ #include "BLSSignature.h" #include "BLSutils.h" +#include "third_party/spdlog/spdlog.h" +#include "common.h" #include "secure_enclave_u.h" #include "sgxwallet_common.h" #include "sgxwallet.h" #include "BLSCrypto.h" #include "ServerInit.h" -#include "common.h" - +#include "SEKManager.h" #include "BLSPrivateKeyShareSGX.h" -std::string *stringFromFq(libff::alt_bn128_Fq*_fq) { - mpz_t t; - mpz_init(t); +string *stringFromFq(libff::alt_bn128_Fq *_fq) { + + CHECK_STATE(_fq); - _fq->as_bigint().to_mpz(t); + mpz_t t; + mpz_init(t); - char arr[mpz_sizeinbase(t, 10) + 2]; + _fq->as_bigint().to_mpz(t); - char *tmp = mpz_get_str(arr, 10, t); - mpz_clear(t); + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2); - return new std::string(tmp); + char *tmp = mpz_get_str(arr, 10, t); + + mpz_clear(t); + + return new string(tmp); } -std::string *stringFromG1(libff::alt_bn128_G1 *_g1) { - auto sX = stringFromFq(&_g1->X); - auto sY = stringFromFq(&_g1->Y); - auto sZ = stringFromFq(&_g1->Z); +string *stringFromG1(libff::alt_bn128_G1 *_g1) { + + CHECK_STATE(_g1); - auto sG1 = new std::string(*sX + ":" + *sY + ":" + *sZ); + auto sX = stringFromFq(&_g1->X); + auto sY = stringFromFq(&_g1->Y); + auto sZ = stringFromFq(&_g1->Z); - delete(sX); - delete(sY); - delete(sZ); + auto sG1 = new string(*sX + ":" + *sY + ":" + *sZ); - return sG1; + delete (sX); + delete (sY); + delete (sZ); + + return sG1; } BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX( - shared_ptr _encryptedKeyHex, size_t _requiredSigners, - size_t _totalSigners) { - requiredSigners = _requiredSigners; - totalSigners = _totalSigners; + shared_ptr _encryptedKeyHex, size_t _requiredSigners, + size_t _totalSigners) { + requiredSigners = _requiredSigners; + totalSigners = _totalSigners; - if (requiredSigners > totalSigners) { - throw std::invalid_argument("requiredSigners > totalSigners"); - } + if (requiredSigners > totalSigners) { + throw invalid_argument("requiredSigners > totalSigners"); + } - if (totalSigners == 0) { - throw std::invalid_argument("totalSigners == 0"); - } + if (totalSigners == 0) { + throw invalid_argument("totalSigners == 0"); + } - if (_encryptedKeyHex == nullptr) { - throw std::invalid_argument("Null key"); - } + if (_encryptedKeyHex == nullptr) { + throw invalid_argument("Null key"); + } - if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) { - throw std::invalid_argument("Encrypted key size too long"); - } + if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) { + throw invalid_argument("Encrypted key size too long"); + } - encryptedKeyHex = _encryptedKeyHex; + encryptedKeyHex = _encryptedKeyHex; } -std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( - std::shared_ptr> hash_byte_arr, - size_t _signerIndex) { - shared_ptr obj; +string BLSPrivateKeyShareSGX::signWithHelperSGXstr( + shared_ptr > hash_byte_arr, + size_t _signerIndex) { + shared_ptr obj; - if (hash_byte_arr == nullptr) { - std::cerr << "Hash is null" << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("Hash is null")); - } + CHECK_STATE(hash_byte_arr) - obj = make_shared( - signatures::Bls(requiredSigners, totalSigners)); + obj = make_shared( + signatures::Bls(requiredSigners, totalSigners)); - std::pair hash_with_hint = - obj->HashtoG1withHint(hash_byte_arr); + pair hash_with_hint = + obj->HashtoG1withHint(hash_byte_arr); - int errStatus = 0; + int errStatus = 0; - string* xStr = stringFromFq(&(hash_with_hint.first.X)); + string *xStr = stringFromFq(&(hash_with_hint.first.X)); - if (xStr == nullptr) { - std::cerr << "Null xStr" << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("Null xStr")); - } + CHECK_STATE(xStr); - string* yStr = stringFromFq(&(hash_with_hint.first.Y)); + string *yStr = stringFromFq(&(hash_with_hint.first.Y)); + + if (yStr == nullptr) { + delete xStr; + BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); + } - if (yStr == nullptr) { - std::cerr << "Null yStr" << std::endl; - delete xStr; - BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); - } - char errMsg[BUF_LEN]; - memset(errMsg, 0, BUF_LEN); + vector errMsg(BUF_LEN, 0); - char xStrArg[BUF_LEN]; - char yStrArg[BUF_LEN]; - char signature [BUF_LEN]; - memset(xStrArg, 0, BUF_LEN); - memset(yStrArg, 0, BUF_LEN); + SAFE_CHAR_BUF(xStrArg, BUF_LEN)SAFE_CHAR_BUF(yStrArg, BUF_LEN)SAFE_CHAR_BUF(signature, BUF_LEN); - strncpy(xStrArg, xStr->c_str(), BUF_LEN); - strncpy(yStrArg, yStr->c_str(), BUF_LEN); - delete xStr; - delete yStr; + strncpy(xStrArg, xStr->c_str(), BUF_LEN); + strncpy(yStrArg, yStr->c_str(), BUF_LEN); - size_t sz = 0; + delete xStr; + delete yStr; - uint8_t encryptedKey[BUF_LEN]; + size_t sz = 0; - bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); + SAFE_UINT8_BUF(encryptedKey, BUF_LEN); - if (!result) { - cerr << "Invalid hex encrypted key" << endl; - BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key")); - } + bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey, + BUF_LEN); - cerr << "Key is " + *encryptedKeyHex << endl; + if (!result) { + spdlog::error("Invalid hex encrypted key"); + BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); + } - sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, - encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); + sgx_status_t status = SGX_SUCCESS; - printf("sig is: %s\n", signature); + RESTART_BEGIN + status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey, + encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); + RESTART_END - if (status != SGX_SUCCESS) { - gmp_printf("SGX enclave call to trustedBlsSignMessage failed: 0x%04x\n", status); - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - if (errStatus != 0) { - BOOST_THROW_EXCEPTION(runtime_error("Enclave trustedBlsSignMessage failed:" + to_string(errStatus) + ":" + errMsg )); - } - int sigLen; + int sigLen; - if ((sigLen = strnlen(signature, 10)) < 10) { - BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen))); - } + if ((sigLen = strnlen(signature, 10)) < 10) { + BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen))); + } - std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + - hash_with_hint.second; + string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + + hash_with_hint.second; - std::string sig = signature; + string sig = signature; - sig.append(":"); - sig.append(hint); + sig.append(":"); + sig.append(hint); - return sig; + return sig; } -std::shared_ptr BLSPrivateKeyShareSGX::signWithHelperSGX( - std::shared_ptr> hash_byte_arr, - size_t _signerIndex) { - std::string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex); +shared_ptr BLSPrivateKeyShareSGX::signWithHelperSGX( + shared_ptr > hash_byte_arr, + size_t _signerIndex) { + + CHECK_STATE(hash_byte_arr); + + string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex); - auto sig = make_shared(signature); + auto sig = make_shared(signature); - std::shared_ptr s = std::make_shared(sig, _signerIndex, requiredSigners, - totalSigners); + shared_ptr s = make_shared(sig, _signerIndex, requiredSigners, + totalSigners); - return s; + return s; } diff --git a/CMakeLists.txt b/CMakeLists.txt index a1707ce9..24af87e3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ add_executable(sgxwallet secure_enclave/DHDkg.h secure_enclave/DKGUtils.cpp secure_enclave/DKGUtils.h - secure_enclave/DomainParameters.c + secure_enclave/DomainParameters.cpp secure_enclave/DomainParameters.h secure_enclave/EnclaveConstants.h secure_enclave/NumberTheory.c diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index af925789..c92ddc53 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -21,25 +21,27 @@ @date 2019 */ -#include "DKGCrypto.h" -#include "BLSCrypto.h" -#include "sgxwallet.h" -#include +#include #include -#include "SGXWalletServer.hpp" -#include "SGXException.h" + #include "third_party/spdlog/spdlog.h" #include "common.h" +#include "sgxwallet.h" +#include "SGXException.h" +#include "SGXWalletServer.hpp" +#include "BLSCrypto.h" +#include "SEKManager.h" +#include "DKGCrypto.h" - -vector splitString(const char *coeffs, const char symbol) { +vector splitString(const char *coeffs, const char symbol) { + CHECK_STATE(coeffs); string str(coeffs); string delim; delim.push_back(symbol); - vector G2_strings; + vector G2_strings; size_t prev = 0, pos = 0; do { pos = str.find(delim, prev); @@ -55,13 +57,14 @@ vector splitString(const char *coeffs, const char symbol) { return G2_strings; } -template string ConvertToString(T field_elem, int base = 10) { +template +string ConvertToString(T field_elem, int base = 10) { mpz_t t; mpz_init(t); field_elem.as_bigint().to_mpz(t); - char arr[mpz_sizeinbase(t, base) + 2]; + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, base) + 2); mpz_get_str(arr, base, t); mpz_clear(t); @@ -71,7 +74,7 @@ template string ConvertToString(T field_elem, int base = 10) { return output; } -string convertHexToDec(const string& hex_str) { +string convertHexToDec(const string &hex_str) { mpz_t dec; mpz_init(dec); @@ -83,7 +86,7 @@ string convertHexToDec(const string& hex_str) { return ret; } - char arr[mpz_sizeinbase(dec, 10) + 2]; + SAFE_CHAR_BUF(arr, mpz_sizeinbase(dec, 10) + 2); mpz_get_str(arr, 10, dec); ret = arr; } catch (exception &e) { @@ -97,7 +100,7 @@ string convertHexToDec(const string& hex_str) { return ret; } -string convertG2ToString(const libff::alt_bn128_G2& elem, int base, const string& delim) { +string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string &delim) { string result = ""; try { @@ -123,109 +126,102 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base, const string } string gen_dkg_poly(int _t) { - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; + uint64_t enc_len = 0; - vector encrypted_dkg_secret(BUF_LEN, 0); + vector encrypted_dkg_secret(BUF_LEN, 0); - uint32_t enc_len = 0; + sgx_status_t status = SGX_SUCCESS; - status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); - if (errStatus != 0) { - spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data()); - spdlog::debug("in DKGCrypto encr len is {}", enc_len); - throw SGXException(-666, errMsg.data()); - } + RESTART_BEGIN + status = trustedGenDkgSecret( + eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); + RESTART_END - if (status != 0) { - spdlog::debug("trustedGenDkgSecret, status {}", status, " err msg ", errMsg.data()); - spdlog::debug("in DKGCrypto encr len is {}", enc_len); - throw SGXException(-666, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); uint64_t length = enc_len;; - vector hexEncrPoly(2 * length + 1, 0); + vector hexEncrPoly(BUF_LEN, 0); CHECK_STATE(encrypted_dkg_secret.size() >= length); - carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data()); + carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data(), BUF_LEN); string result(hexEncrPoly.data()); return result; } -vector> get_verif_vect(const char *encryptedPolyHex, int t, int n) { +vector > get_verif_vect(const char *encryptedPolyHex, int t, int n) { + + CHECK_STATE(encryptedPolyHex); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - spdlog::debug("got encr poly size {}", char_traits::length(encryptedPolyHex)); - vector pubShares(10000, 0); uint64_t encLen = 0; - vector encrDKGPoly(2 * BUF_LEN, 0); + vector encrDKGPoly(2 * BUF_LEN, 0); - if (!hex2carray2(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { + if (!hex2carray(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex)); - spdlog::debug("enc len {}", encLen); - - status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, - pubShares.data(), t, n); - if (errStatus != 0) { - throw SGXException(-666, errMsg.data()); - } + sgx_status_t status = SGX_SUCCESS; - if (status != 0) { - throw SGXException(-666, errMsg.data()); - } - spdlog::debug("err msg is {}", errMsg.data()); + RESTART_BEGIN + status = trustedGetPublicShares(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, + pubShares.data(), t, n); + RESTART_END - spdlog::debug("public_shares:"); - spdlog::debug("{}", pubShares.data());; - spdlog::debug("trustedGetPublicShares status: {}", errStatus); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - vector g2Strings = splitString(pubShares.data(), ','); - vector> pubSharesVect; + vector g2Strings = splitString(pubShares.data(), ','); + vector > pubSharesVect; for (uint64_t i = 0; i < g2Strings.size(); i++) { - vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); + vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); pubSharesVect.push_back(coeffStr); } return pubSharesVect; } -string trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, - int _t, - int _n) { +string +getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, + int _t, + int _n) { + + CHECK_STATE(_encryptedPolyHex); + vector hexEncrKey(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); + vector encrDKGPoly(BUF_LEN, 0); int errStatus = 0; uint64_t encLen = 0; - vector encrDKGPoly(BUF_LEN, 0); - if (!hex2carray2(_encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { + if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + sgx_status_t status = SGX_SUCCESS; - if (status != SGX_SUCCESS || errStatus != 0) { - throw SGXException(-666, errMsg1.data()); - } + READ_LOCK(initMutex); + + status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); string result; for (int i = 0; i < _n; i++) { - vector encryptedSkey(BUF_LEN, 0); - uint32_t decLen; + vector encryptedSkey(BUF_LEN, 0); + uint64_t decLen; vector currentShare(193, 0); vector sShareG2(320, 0); @@ -237,129 +233,135 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol spdlog::debug("pubKeyB is {}", pub_keyB); - trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, - currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); + sgx_status_t status = SGX_SUCCESS; + status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, + currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, + i + 1); - if (errStatus != 0) { - throw SGXException(-666, errMsg1.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); spdlog::debug("cur_share is {}", currentShare.data()); result += string(currentShare.data()); spdlog::debug("dec len is {}", decLen); - carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data()); + carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data(), BUF_LEN); string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":"; spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data()); spdlog::debug("name to write to db is {}", dhKeyName); - SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":"; spdlog::debug("name to write to db is {}", shareG2_name); spdlog::debug("s_shareG2: {}", sShareG2.data()); + SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); - - spdlog::debug("errMsg: {}", errMsg1.data()); } + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + SGXWalletServer::writeDataToDB(encryptedSecretShareName, result); + return result; } bool verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) { - char errMsg[BUF_LEN]; + + CHECK_STATE(publicShares); + CHECK_STATE(encr_sshare); + CHECK_STATE(encryptedKeyHex); + + vector errMsg(BUF_LEN, 0); int errStatus = 0; + uint64_t decKeyLen = 0; + int result = 0; - uint64_t decKeyLen; - uint8_t encr_key[BUF_LEN]; - memset(encr_key, 0, BUF_LEN); - if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { + SAFE_UINT8_BUF(encr_key, BUF_LEN); + if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - int result; - - spdlog::debug("publicShares length is {}", char_traits::length(publicShares)); - char pshares[8193]; - memset(pshares, 0, 8193); + SAFE_CHAR_BUF(pshares, 8193); strncpy(pshares, publicShares, strlen(publicShares)); - trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result); + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - throw SGXException(-666, errMsg); - } + RESTART_BEGIN + status = trustedDkgVerify(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, + ind, &result); + RESTART_END + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); if (result == 2) { throw SGXException(INVALID_HEX, "Invalid public shares"); } - spdlog::debug("errMsg1: {}", errMsg); - spdlog::debug("result is: {}", result); - return result; } -bool CreateBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { - spdlog::debug("ENTER CreateBLSShare"); +bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { + + CHECK_STATE(s_shares); + CHECK_STATE(encryptedKeyHex); - char errMsg[BUF_LEN]; + vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint64_t decKeyLen; - uint8_t encr_bls_key[BUF_LEN]; - memset(encr_bls_key, 0, BUF_LEN); - uint8_t encr_key[BUF_LEN]; - memset(encr_key, 0, BUF_LEN); - if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { + uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN); + if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - uint32_t enc_bls_len = 0; + uint64_t enc_bls_len = 0; - trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - spdlog::error(errMsg); - spdlog::error("status {}", errStatus); - throw SGXException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave"); - } else { - char hexBLSKey[2 * BUF_LEN]; + RESTART_BEGIN + status = trustedCreateBlsKey(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, + &enc_bls_len); + RESTART_END - carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey); + SAFE_CHAR_BUF(hexBLSKey, 2 * BUF_LEN) + + carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN); + + SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey); + + return true; - return true; - } } -vector GetBLSPubKey(const char *encryptedKeyHex) { - char errMsg1[BUF_LEN]; +vector getBLSPubKey(const char *encryptedKeyHex) { + + CHECK_STATE(encryptedKeyHex); + + vector errMsg1(BUF_LEN, 0); int errStatus = 0; + uint64_t decKeyLen = 0; - uint64_t decKeyLen; - uint8_t encrKey[BUF_LEN]; - if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey)) { + SAFE_UINT8_BUF(encrKey, BUF_LEN); + if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - char pubKey[320]; - spdlog::debug("decKeyLen is {}", decKeyLen); + SAFE_CHAR_BUF(pubKey, 320) - trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey); - if (errStatus != 0) { - spdlog::error(string(errMsg1) + " . Status is {}", errStatus); - throw SGXException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave"); - } - vector pubKeyVect = splitString(pubKey, ':'); + sgx_status_t status = SGX_SUCCESS; + + RESTART_BEGIN + status = trustedGetBlsPubKey(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); + RESTART_END + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); + + vector pubKeyVect = splitString(pubKey, ':'); - spdlog::debug("errMsg1 is {}", errMsg1); spdlog::debug("pub key is "); for (int i = 0; i < 4; i++) spdlog::debug("{}", pubKeyVect.at(i)); @@ -367,15 +369,15 @@ vector GetBLSPubKey(const char *encryptedKeyHex) { return pubKeyVect; } -vector calculateAllBlsPublicKeys(const vector& public_shares) { +vector calculateAllBlsPublicKeys(const vector &public_shares) { size_t n = public_shares.size(); size_t t = public_shares[0].length() / 256; uint64_t share_length = 256; uint8_t coord_length = 64; - vector public_keys(n, libff::alt_bn128_G2::zero()); + vector public_keys(n, libff::alt_bn128_G2::zero()); - vector public_values(t, libff::alt_bn128_G2::zero()); + vector public_values(t, libff::alt_bn128_G2::zero()); for (size_t i = 0; i < n; ++i) { for (size_t j = 0; j < t; ++j) { libff::alt_bn128_G2 public_share; @@ -408,7 +410,7 @@ vector calculateAllBlsPublicKeys(const vector& public_shares) { public_keys[i].to_affine_coordinates(); } - vector result(n); + vector result(n); for (size_t i = 0; i < n; ++i) { result[i] = convertG2ToString(public_keys[i]); } @@ -417,37 +419,37 @@ vector calculateAllBlsPublicKeys(const vector& public_shares) { } string decryptDHKey(const string &polyName, int ind) { - vector errMsg1(1024, 0); + vector errMsg1(BUF_LEN, 0); int errStatus = 0; string DH_key_name = polyName + "_" + to_string(ind) + ":"; - shared_ptr hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_"); + shared_ptr hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_"); spdlog::debug("encr DH key is {}", *hexEncrKeyPtr); vector hexEncrKey(2 * BUF_LEN, 0); - uint64_t dhEncLen = 0; - uint8_t encryptedDHKey[BUF_LEN]; - if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey)) { + uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN); + if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid hexEncrKey"); } spdlog::debug("encr DH key length is {}", dhEncLen); spdlog::debug("hex encr DH key length is {}", hexEncrKeyPtr->length()); - char DHKey[ECDSA_SKEY_LEN]; + SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN); - trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - throw SGXException(errStatus, "decrypt key failed in enclave"); - } + RESTART_BEGIN + status = trustedDecryptKey(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + RESTART_END + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); return DHKey; } -vector mult_G2(const string &x) { - vector result(4); +vector mult_G2(const string &x) { + vector result(4); libff::alt_bn128_Fr el(x.c_str()); libff::alt_bn128_G2 elG2 = el * libff::alt_bn128_G2::one(); elG2.to_affine_coordinates(); diff --git a/DKGCrypto.h b/DKGCrypto.h index c1342f84..5ec9eb61 100644 --- a/DKGCrypto.h +++ b/DKGCrypto.h @@ -37,15 +37,15 @@ vector > get_verif_vect(const char* encryptedPolyHex, int t, int vector splitString(const char* coeffs, const char symbol); -string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector& _publicKeys, int _t, int _n); +string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector& _publicKeys, int _t, int _n); bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind); string decryptDHKey(const string& polyName, int ind); -bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex); +bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex); -vector GetBLSPubKey(const char * encryptedKeyHex); +vector getBLSPubKey(const char * encryptedKeyHex); vector mult_G2(const string& x); @@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s vector calculateAllBlsPublicKeys(const vector& public_shares); -bool TestCreateBLSShare( const char * s_shares); +bool testCreateBLSShare( const char * s_shares); #endif //SGXD_DKGCRYPTO_H diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 53fa23b9..cbba5b1d 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -38,6 +38,7 @@ #include "BLSCrypto.h" +#include "SEKManager.h" #include "ECDSACrypto.h" void fillRandomBuffer(vector &_buffer) { @@ -48,36 +49,39 @@ void fillRandomBuffer(vector &_buffer) { } vector genECDSAKey() { - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encr_pr_key(1024, 0); - vector pub_key_x(1024, 0); - vector pub_key_y(1024, 0); + vector encr_pr_key(BUF_LEN, 0); + vector pub_key_x(BUF_LEN, 0); + vector pub_key_y(BUF_LEN, 0); - uint32_t enc_len = 0; + uint64_t enc_len = 0; - status = trustedGenerateEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encr_pr_key.data(), &enc_len, - pub_key_x.data(), pub_key_y.data()); + sgx_status_t status = SGX_SUCCESS; + + RESTART_BEGIN + status = trustedGenerateEcdsaKey(eid, &errStatus, + errMsg.data(), encr_pr_key.data(), &enc_len, + pub_key_x.data(), pub_key_y.data()); + RESTART_END + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data()); - if (status != SGX_SUCCESS || errStatus != 0) { - spdlog::error("RPCException thrown with status {}", status); - throw SGXException(status, errMsg.data()); - } vector keys(3); vector hexEncrKey(BUF_LEN * 2, 0); - carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); + carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data(), + BUF_LEN * 2); keys.at(0) = hexEncrKey.data(); keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); vector randBuffer(32, 0); fillRandomBuffer(randBuffer); - vector rand_str(64, 0); + vector rand_str(BUF_LEN, 0); - carray2Hex(randBuffer.data(), 32, rand_str.data()); + carray2Hex(randBuffer.data(), 32, rand_str.data(), BUF_LEN); keys.at(2) = rand_str.data(); @@ -95,22 +99,20 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { int errStatus = 0; uint64_t enc_len = 0; - if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data())) { + if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data(), + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - spdlog::error("failed to get ECDSA public key {}", status); - throw SGXException(-666, errMsg.data()); - } + RESTART_BEGIN + status = trustedGetPublicEcdsaKey(eid, &errStatus, + errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + RESTART_END + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()) - if (status != SGX_SUCCESS) { - spdlog::error("failed to get ECDSA public key {}", status); - throw SGXException(666, "failed to get ECDSA public key"); - } string pubKey = string(pubKeyX.data()) + string(pubKeyY.data()); if (pubKey.size() != 128) { @@ -123,6 +125,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, const char *signatureS, int base) { + + CHECK_STATE(hashHex) + CHECK_STATE(signatureR) + CHECK_STATE(signatureS) + auto x = pubKeyStr.substr(0, 64); auto y = pubKeyStr.substr(64, 128); @@ -166,38 +173,40 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur } vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *hashHex, int base) { + + CHECK_STATE(hashHex); + vector signatureVector(3); - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector signatureR(1024, 0); - vector signatureS(1024, 0); - vector encryptedKey(1024, 0); + vector signatureR(BUF_LEN, 0); + vector signatureS(BUF_LEN, 0); + vector encryptedKey(BUF_LEN, 0); uint8_t signatureV = 0; uint64_t decLen = 0; string pubKeyStr = ""; - if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) { + if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data(), + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - status = trustedEcdsaSignAES(eid, &errStatus, - errMsg.data(), encryptedKey.data(), decLen, hashHex, - signatureR.data(), - signatureS.data(), &signatureV, base); + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - spdlog::error("failed to sign {}", errStatus); - throw SGXException(666, errMsg.data()); - } + RESTART_BEGIN + status = trustedEcdsaSign(eid, &errStatus, + errMsg.data(), encryptedKey.data(), decLen, hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); + RESTART_END + + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - if (status != SGX_SUCCESS) { - spdlog::error("failed to sign in enclave {}", status); - throw SGXException(666, "failed to sign"); - } signatureVector.at(0) = to_string(signatureV); + if (base == 16) { signatureVector.at(1) = "0x" + string(signatureR.data()); signatureVector.at(2) = "0x" + string(signatureS.data()); diff --git a/ECDSAImpl.c b/ECDSAImpl.c index 60d41ccf..2ac7668e 100644 --- a/ECDSAImpl.c +++ b/ECDSAImpl.c @@ -1,5 +1,5 @@ #include "secure_enclave/Point.c" -#include "secure_enclave/DomainParameters.c" +#include "secure_enclave/DomainParameters.cpp" #include "secure_enclave/NumberTheory.c" #include "secure_enclave/Signature.c" #include "secure_enclave/Curves.c" diff --git a/LevelDB.cpp b/LevelDB.cpp index cf590420..7e7fc240 100644 --- a/LevelDB.cpp +++ b/LevelDB.cpp @@ -154,17 +154,16 @@ std::vector LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){ return keys; } -void LevelDB::writeDataUnique(const string & Name, const string &value) { - auto key = Name; +void LevelDB::writeDataUnique(const string & name, const string &value) { + auto key = name; - if (readString(Name) != nullptr) { - spdlog::debug("name {}",Name, " already exists"); + if (readString(name)) { + spdlog::debug("Name {} already exists", name); throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists"); } writeString(key, value); - } diff --git a/Makefile.am b/Makefile.am index e482e618..7a3dca0f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -64,6 +64,7 @@ bin_PROGRAMS = sgxwallet testw cert_util ## You can't use $(wildcard ...) with automake so all source files ## have to be explicitly listed. +## have to be explicitly listed COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp BLSCrypto.cpp \ @@ -102,7 +103,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in -l:libbls.a -l:libleveldb.a \ -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \ -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \ - -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs + -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs testw_SOURCES=testw.cpp $(COMMON_SRC) diff --git a/SEKManager.cpp b/SEKManager.cpp index d47a2ad6..eeb0e89c 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -21,21 +21,25 @@ @date 2020 */ -#include "SEKManager.h" -#include "SGXException.h" -#include "BLSCrypto.h" -#include "LevelDB.h" #include #include #include +#include "third_party/spdlog/spdlog.h" + + #include "sgxwallet_common.h" #include "common.h" #include "sgxwallet.h" +#include "SGXException.h" +#include "BLSCrypto.h" +#include "LevelDB.h" + #include "ServerDataChecker.h" -#include "third_party/spdlog/spdlog.h" +#include "ServerInit.h" +#include "SEKManager.h" using namespace std; @@ -52,82 +56,90 @@ bool case_insensitive_match(string s1, string s2) { void create_test_key() { int errStatus = 0; vector errMsg(1024, 0); - uint32_t enc_len; + uint64_t enc_len; - uint8_t encrypted_key[BUF_LEN]; - memset(encrypted_key, 0, BUF_LEN); + SAFE_UINT8_BUF(encrypted_key, BUF_LEN); string key = TEST_VALUE; - status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); - if (status != SGX_SUCCESS) { - cerr << "encrypt test key failed with status " << status << endl; - throw SGXException(status, errMsg.data()); - } + sgx_status_t status = SGX_SUCCESS; - if (errStatus != 0) { - cerr << "encrypt test key failed with status " << errStatus << endl; - throw SGXException(errStatus, errMsg.data()); + { + READ_LOCK(initMutex); + status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); } - vector hexEncrKey(2 * enc_len + 1, 0); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - carray2Hex(encrypted_key, enc_len, hexEncrKey.data()); + vector hexEncrKey(2 * enc_len + 1, 0); - uint64_t test_len; - vector test_encr_key(1024, 0); - if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) { - cerr << "wrong encrypted test key" << endl; - } + carray2Hex(encrypted_key, enc_len, hexEncrKey.data(), 2 * enc_len + 1); LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data()); } -shared_ptr > check_and_set_SEK(const string &SEK) { +void validate_SEK() { + shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); vector encr_test_key(BUF_LEN, 0); - uint64_t len; - if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) { - spdlog::error("wrong test key"); - exit(-1); - } + vector decr_key(BUF_LEN, 0); + uint64_t len = 0; + vector errMsg(BUF_LEN, 0); - vector decr_key(1024, 0); - vector errMsg(1024, 0); int err_status = 0; - auto encrypted_SEK = make_shared < vector < uint8_t >> (1024, 0); - - uint32_t l = len; - - status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); - - if (status != SGX_SUCCESS) { - spdlog::error("trustedSetSEK_backup failed with error code {}", status); + if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(), + BUF_LEN)) { + spdlog::error("Corrupt test key is LevelDB"); exit(-1); } - if (err_status != 0) { - spdlog::error("trustedSetSEK_backup failed with error status {}", status); - exit(-1); - } + sgx_status_t status = SGX_SUCCESS; - status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); - if (status != SGX_SUCCESS || err_status != 0) { - spdlog::error("Failed to decrypt test key"); - spdlog::error(errMsg.data()); - exit(-1); + { + READ_LOCK(initMutex); + status = trustedDecryptKey(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); } + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + string test_key = TEST_VALUE; + if (test_key.compare(decr_key.data()) != 0) { - spdlog::error("Invalid SEK"); + spdlog::error("Invalid storage key. You need to recover using backup key"); + spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt"); + spdlog::error("Then run sgxwallet using backup flag"); exit(-1); } +} + + +shared_ptr > check_and_set_SEK(const string &SEK) { + + vector decr_key(BUF_LEN, 0); + vector errMsg(BUF_LEN, 0); + int err_status = 0; + + auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0); + + uint64_t l = 0; + + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedSetSEKBackup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, + SEK.c_str()); + } + + + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); encrypted_SEK->resize(l); + validate_SEK(); + return encrypted_SEK; } @@ -135,30 +147,31 @@ void gen_SEK() { vector errMsg(1024, 0); int err_status = 0; vector encrypted_SEK(1024, 0); - uint32_t enc_len = 0; + uint64_t enc_len = 0; - char SEK[65]; - memset(SEK, 0, 65); + SAFE_CHAR_BUF(SEK, 65); spdlog::info("Generating backup key. Will be stored in backup_key.txt ... "); - status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); - if (status != SGX_SUCCESS) { - throw SGXException(status, errMsg.data()); - } + sgx_status_t status = SGX_SUCCESS; + { - if (err_status != 0) { - throw SGXException(err_status, errMsg.data()); + status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); } + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + + if (strnlen(SEK, 33) != 32) { throw SGXException(-1, "strnlen(SEK,33) != 32"); } vector hexEncrKey(2 * enc_len + 1, 0); - carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data()); + carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data(), 2 * enc_len + 1); + + spdlog::info(string("Encrypted storage encryption key:") + hexEncrKey.data()); ofstream sek_file(BACKUP_PATH); sek_file.clear(); @@ -185,31 +198,51 @@ void gen_SEK() { LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data()); create_test_key(); + + validate_SEK(); + + shared_ptr encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK"); + + setSEK(encrypted_SEK_ptr); + + validate_SEK(); + +} + +void reinitEnclave() { + // unfortunately process needs to be restarted to reinit enclave + // exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the + // wallet + exit(3); } -void trustedSetSEK(shared_ptr hex_encrypted_SEK) { +void setSEK(shared_ptr hex_encrypted_SEK) { + + CHECK_STATE(hex_encrypted_SEK); + vector errMsg(1024, 0); int err_status = 0; - uint8_t encrypted_SEK[BUF_LEN]; - memset(encrypted_SEK, 0, BUF_LEN); + SAFE_UINT8_BUF(encrypted_SEK, BUF_LEN); - uint64_t len; + uint64_t len = 0; - if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) { + if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK, + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex"); } - status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); - if (status != SGX_SUCCESS) { - cerr << "RPCException thrown" << endl; - throw SGXException(status, errMsg.data()); + sgx_status_t status = SGX_SUCCESS; + { + status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); } - if (err_status != 0) { - cerr << "RPCException thrown" << endl; - throw SGXException(err_status, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + + + validate_SEK(); + + } #include "experimental/filesystem" @@ -218,7 +251,6 @@ void trustedSetSEK(shared_ptr hex_encrypted_SEK) { void enter_SEK() { - shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); if (test_key_ptr == nullptr) { spdlog::error("Error: corrupt or empty LevelDB database"); @@ -251,7 +283,8 @@ void enter_SEK() { vector hexEncrKey(BUF_LEN, 0); - carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data()); + carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data(), + BUF_LEN); spdlog::info("Got sealed storage encryption key."); @@ -274,7 +307,7 @@ void initSEK() { spdlog::warn("SEK was not created yet. Going to create SEK"); gen_SEK(); } else { - trustedSetSEK(encrypted_SEK_ptr); + setSEK(encrypted_SEK_ptr); } } } diff --git a/SEKManager.h b/SEKManager.h index 26e2550f..df533044 100644 --- a/SEKManager.h +++ b/SEKManager.h @@ -32,7 +32,7 @@ void gen_SEK(); #ifdef __cplusplus -void trustedSetSEK(std::shared_ptr hex_encr_SEK); +void setSEK(std::shared_ptr hex_encr_SEK); #endif #ifdef __cplusplus @@ -45,4 +45,11 @@ EXTERNC void enter_SEK(); EXTERNC void initSEK(); +EXTERNC void setSEK(); + +EXTERNC void reinitEnclave(); + + + + #endif //SGXD_SEKMANAGER_H diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index c6ec8a8c..8c87ae7c 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -54,6 +54,9 @@ using namespace std; +std::shared_timed_mutex initMutex; +uint64_t initTime; + void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) { spdlog::info("Entering {}", __FUNCTION__); @@ -243,6 +246,7 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin } value = readFromDb(_keyShareName); + if (!bls_sign(value->c_str(), _messageHash.c_str(), t, n, signature.data())) { throw SGXException(-1, "Could not sign data "); } @@ -402,7 +406,6 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J spdlog::info("Entering {}", __FUNCTION__); INIT_RESULT(result); result["secretShare"] = ""; - result["SecretShare"] = ""; try { if (_pubKeys.size() != (uint64_t) _n) { @@ -425,9 +428,15 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J pubKeysStrs.push_back(_pubKeys[i].asString()); } - string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); - result["secretShare"] = s; - result["SecretShare"] = s; + string secret_share_name = "encryptedSecretShare:" + _polyName; + shared_ptr encryptedSecretShare = checkDataFromDb(secret_share_name); + + if (encryptedSecretShare != nullptr) { + result["secretShare"] = *encryptedSecretShare.get(); + } else { + string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); + result["secretShare"] = s; + } } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result) @@ -489,7 +498,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string shared_ptr encryptedKeyHex_ptr = readFromDb(_ethKeyName); - bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str()); + bool res = createBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str()); if (res) { spdlog::info("BLS KEY SHARE CREATED "); } else { @@ -504,6 +513,9 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string } LevelDB::getLevelDb()->deleteKey(_polyName); + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName); + } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result); @@ -519,7 +531,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName) } shared_ptr encryptedKeyHex_ptr = readFromDb(_blsKeyName); - vector public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str()); + vector public_key_vect = getBLSPubKey(encryptedKeyHex_ptr->c_str()); for (uint8_t i = 0; i < 4; i++) { result["blsPublicKeyShare"][i] = public_key_vect.at(i); } @@ -562,7 +574,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu vector public_keys = calculateAllBlsPublicKeys(public_shares); - if (public_keys.size() != n) { + if (public_keys.size() != (uint64_t)n) { throw SGXException(UNKNOWN_ERROR, ""); } @@ -590,6 +602,18 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int result["share*G2"] = *shareG2_ptr; result["dhKey"] = DHKey; + +// TODO: delete dh keys +// for (int i = 0; i < _n; i++) { +// string name = _polyName + "_" + to_string(i) + ":"; +// LevelDB::getLevelDb()->deleteDHDKGKey(name); +// string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":"; +// LevelDB::getLevelDb()->deleteKey(shareG2_name); +// } + LevelDB::getLevelDb()->deleteKey(_polyName); + + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName); } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result); @@ -738,7 +762,7 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) { } shared_ptr SGXWalletServer::readFromDb(const string &name, const string &prefix) { - auto dataStr = LevelDB::getLevelDb()->readString(prefix + name); + auto dataStr = checkDataFromDb(prefix + name); if (dataStr == nullptr) { throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist"); @@ -747,6 +771,12 @@ shared_ptr SGXWalletServer::readFromDb(const string &name, const string return dataStr; } +shared_ptr SGXWalletServer::checkDataFromDb(const string &name, const string &prefix) { + auto dataStr = LevelDB::getLevelDb()->readString(prefix + name); + + return dataStr; +} + void SGXWalletServer::writeKeyShare(const string &_keyShareName, const string &_value) { if (LevelDB::getLevelDb()->readString(_keyShareName) != nullptr) { throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Key share with this name already exists"); diff --git a/SGXWalletServer.hpp b/SGXWalletServer.hpp index 59ab91f7..816cfab0 100644 --- a/SGXWalletServer.hpp +++ b/SGXWalletServer.hpp @@ -90,6 +90,8 @@ class SGXWalletServer : public AbstractStubServer { static shared_ptr readFromDb(const string &name, const string &prefix = ""); + static shared_ptr checkDataFromDb(const string &name, const string &prefix = ""); + static void writeDataToDB(const string &Name, const string &value); static void writeKeyShare(const string &_keyShareName, const string &_value); diff --git a/ServerDataChecker.cpp b/ServerDataChecker.cpp index 92c844c7..575a7803 100644 --- a/ServerDataChecker.cpp +++ b/ServerDataChecker.cpp @@ -72,7 +72,7 @@ bool checkECDSAKeyName(const string& keyName) { bool checkHex(const string& hex, const uint32_t sizeInBytes){ if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){ - spdlog::error("key is too long or zero - ", hex.length()); + spdlog::error("key is too long or zero {} ", hex.length()); return false; } diff --git a/ServerInit.cpp b/ServerInit.cpp index deb592a6..c69388b8 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -57,6 +57,8 @@ #include "SGXException.h" #include "SGXWalletServer.hpp" +uint32_t enclaveLogLevel = 0; + void initUserSpace() { libff::inhibit_profiling_counters = true; @@ -66,9 +68,8 @@ void initUserSpace() { LevelDB::initDataFolderAndDBs(); } -void initEnclave(uint32_t _logLevel) { - eid = 0; - updated = 0; +uint64_t initEnclave() { + #ifndef SGX_HW_SIM unsigned long support; @@ -81,35 +82,57 @@ void initEnclave(uint32_t _logLevel) { spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG); - status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, - &updated, &eid, 0); + sgx_status_t status = SGX_SUCCESS; - if (status != SGX_SUCCESS) { - if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) { - spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME); - spdlog::error("Did you forget to set LD_LIBRARY_PATH?"); - } else { - spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status); + { + + WRITE_LOCK(initMutex); + + if (eid != 0) { + if (sgx_destroy_enclave(eid) != SGX_SUCCESS) { + spdlog::error("Could not destroy enclave"); + } } - exit(1); - } - spdlog::info("Enclave created and started successfully"); + eid = 0; + updated = 0; + + status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, + &updated, &eid, 0); + + if (status != SGX_SUCCESS) { + if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) { + spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME); + spdlog::error("Did you forget to set LD_LIBRARY_PATH?"); + } else { + spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status); + } + exit(1); + } + + spdlog::info("Enclave created and started successfully"); + + status = trustedEnclaveInit(eid, enclaveLogLevel); + } - status = trustedEnclaveInit(eid, _logLevel); if (status != SGX_SUCCESS) { spdlog::error("trustedEnclaveInit failed: {}", status); - exit(1); + return status; } spdlog::info("Enclave libtgmp library and logging initialized successfully"); + + return SGX_SUCCESS; } + + void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { static atomic sgxServerInited(false); static mutex initMutex; + enclaveLogLevel = _logLevel; lock_guard lock(initMutex); @@ -122,7 +145,19 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { CHECK_STATE(sgxServerInited != 1) sgxServerInited = 1; - initEnclave(_logLevel); + + uint64_t counter = 0; + + uint64_t initResult = 0; + while ((initResult = initEnclave()) != 0 && counter < 10){ + sleep(1); + counter ++; + } + + if (initResult != 0) { + spdlog::error("Coult not init enclave"); + } + initUserSpace(); initSEK(); @@ -136,12 +171,15 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { sgxServerInited = true; } catch (SGXException &_e) { spdlog::error(_e.getMessage()); + exit(-1); } catch (exception &_e) { spdlog::error(_e.what()); + exit(-1); } catch (...) { exception_ptr p = current_exception(); printf("Exception %s \n", p.__cxa_exception_type()->name()); spdlog::error("Unknown exception"); + exit(-1); } }; diff --git a/ServerInit.h b/ServerInit.h index 73296b61..69fdc801 100644 --- a/ServerInit.h +++ b/ServerInit.h @@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign); EXTERNC void initUserSpace(); -EXTERNC void initEnclave(uint32_t _logLevel); +EXTERNC uint64_t initEnclave(); diff --git a/TestUtils.cpp b/TestUtils.cpp index f12479f7..12771b8a 100644 --- a/TestUtils.cpp +++ b/TestUtils.cpp @@ -32,6 +32,7 @@ #include "third_party/intel/create_enclave.h" #include "secure_enclave_u.h" #include "third_party/intel/sgx_detect.h" +#include "third_party/spdlog/spdlog.h" #include #include #include @@ -218,7 +219,7 @@ void TestUtils::sendRPCRequest() { auto hash_arr = make_shared < array < uint8_t, 32 >> (); uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -351,7 +352,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t, auto hash_arr = make_shared>(); uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } diff --git a/VERSION b/VERSION index f269cd1b..a01b168d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.0 \ No newline at end of file +1.58.5 \ No newline at end of file diff --git a/common.h b/common.h index ee21d17d..4b35f715 100644 --- a/common.h +++ b/common.h @@ -32,6 +32,8 @@ using namespace std; #include #include +#include + #include #include "secure_enclave/Verify.h" #include "InvalidStateException.h" @@ -50,10 +52,64 @@ inline std::string className(const std::string &prettyFunction) { #define __CLASS_NAME__ className( __PRETTY_FUNCTION__ ) +#include + +inline void print_stack() { + void *array[10]; + size_t size; + + // get void*'s for all entries on the stack + size = backtrace(array, 10); + + // print out all the frames to stderr + fprintf(stderr, "Error: signal \n"); + backtrace_symbols_fd(array, size, STDERR_FILENO); + exit(1); +} + + #define CHECK_STATE(_EXPRESSION_) \ if (!(_EXPRESSION_)) { \ auto __msg__ = std::string("State check failed::") + #_EXPRESSION_ + " " + std::string(__FILE__) + ":" + std::to_string(__LINE__); \ + print_stack(); \ throw InvalidStateException(__msg__, __CLASS_NAME__);} +#define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \ +if (__STATUS__ != SGX_SUCCESS) { \ +string __ERR_STRING__ = string("SGX enclave call to ") + \ + __FUNCTION__ + " failed with status:" \ + + to_string(__STATUS__) + \ + " Err message:" + __ERR_MSG__; \ +BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \ +}\ +\ +if (__ERR_STATUS__ != 0) {\ +string __ERR_STRING__ = string("SGX enclave call to ") +\ + __FUNCTION__ + " failed with errStatus:" + \ + to_string(__ERR_STATUS__) + \ + " Err message:" + __ERR_MSG__;\ +BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \ +} + + +#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); +#define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__); + +#include + +extern std::shared_timed_mutex initMutex; +extern uint64_t initTime; + +#if SGX_MODE == SIM +#define ENCLAVE_RESTART_PERIOD_S 5 +#else +#define ENCLAVE_RESTART_PERIOD_S 60 * 10 +#endif + +#define READ_LOCK(__X__) std::shared_lock __LOCK__(__X__); +#define WRITE_LOCK(__X__) std::unique_lock __LOCK__(__X__); + + + #endif //SGXWALLET_COMMON_H diff --git a/docker/start.sh b/docker/start.sh index 66a91bc5..96cb3de8 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -43,8 +43,10 @@ fi if [[ "$1" == "-t" ]]; then echo "Test run requested" +sleep 5 ./testw.py else + sleep 3 ./sgxwallet $1 $2 $3 $4 $5 fi diff --git a/docs/backup-procedure.md b/docs/backup-procedure.md index 39c0911f..4f02ae60 100644 --- a/docs/backup-procedure.md +++ b/docs/backup-procedure.md @@ -2,12 +2,12 @@ # SGXWallet Backup Procedure -When SGXWallet is initialized, the server will print the backup key. +When SGXWallet is initialized, the server will write the backup key into `sgx_data/sgxwallet_backup_key.txt`. **This key must be securely recorded and stored.** Be sure to store this key in a safe place, then go into a docker container and securely remove it with the following command: ```bash -docker exec -it bash && apt-get install secure-delete && srm -vz backup_key.txt +docker exec -it bash && srm -vz ./sgx_data/sgxwallet_backup_key.txt ``` Master-Slave replication is recommended to support the SGXWallet backup strategy. Below are general instructions for a basic backup and recovery process. @@ -30,24 +30,12 @@ docker-compose down command: -s -y -d -b ``` -2. Edit the `docker-compose.yml` and add `stdin_open: true` option. For example: - -```yaml -version: "3" -services: - sgxwallet: - image: skalenetwork/sgxwallet:latest - stdin_open: true -``` - -3. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory. +2. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory. +3. Create file `sgx_data/sgxwallet_backup_key.txt` in the recovery directory and write the backup key into it. 4. Execute: ```bash docker-compose up -d ``` -5. Open another terminal window and run `docker attach container_name` there. - -6. Enter the backup key when prompted. -7. Edit the `docker-compose.yml` file, remove the `-b` flag and `stdin_open: true` option. +5. Edit the `docker-compose.yml` file, remove the `-b` flag. diff --git a/run_sgx/docker-compose.yml b/run_sgx/docker-compose.yml index 2605b53f..5e171b85 100644 --- a/run_sgx/docker-compose.yml +++ b/run_sgx/docker-compose.yml @@ -2,6 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet:latest + restart: always ports: - "1026:1026" - "1027:1027" diff --git a/run_sgx_sim/docker-compose.yml b/run_sgx_sim/docker-compose.yml index 8826ab0b..b5db9187 100644 --- a/run_sgx_sim/docker-compose.yml +++ b/run_sgx_sim/docker-compose.yml @@ -2,6 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet_sim:develop-latest + restart: always ports: - "1026:1026" - "1027:1027" diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index d7f0e28b..9380b605 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -27,9 +27,23 @@ #include "stdlib.h" #include + #include "AESUtils.h" -int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { +sgx_aes_gcm_128bit_key_t AES_key[1024]; + + +#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); + +int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type, + unsigned char exportable, uint64_t* resultLen) { + + + + if (!type) { + LOG_ERROR("Null type in AES_encrypt"); + return -1; + } if (!message) { LOG_ERROR("Null message in AES_encrypt"); @@ -41,25 +55,38 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { return -2; } - uint64_t len = strlen(message); + uint64_t len = strlen(message) + 1; - if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { + if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) { LOG_ERROR("Output buffer too small"); return -3; } + SAFE_CHAR_BUF(fullMessage, len + 2); + + fullMessage[0] = type; + fullMessage[1] = exportable; + + strncpy(fullMessage + 2, message, len ); + + len = len + 2; + message = fullMessage; + sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message), + sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[512]), (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *) encr_message); + *resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; + return status; } -int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { +int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, + uint8_t *type, uint8_t* exportable){ if (!message) { LOG_ERROR("Null message in AES_encrypt"); @@ -71,6 +98,16 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } + if (!type) { + LOG_ERROR("Null type in AES_encrypt"); + return -3; + } + + if (!encr_message) { + LOG_ERROR("Null exportable in AES_encrypt"); + return -4; + } + if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"); @@ -86,12 +123,18 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, + sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]), encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *)encr_message); + *type = message[0]; + *exportable = message[1]; + for (int i = 2; i < strlen(message) + 1; i++) { + message[i - 2 ] = message[i]; + } + return status; } diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 037ca62a..d57e5a95 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,10 +24,22 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -sgx_aes_gcm_128bit_key_t AES_key; +extern sgx_aes_gcm_128bit_key_t AES_key[1024]; + +int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, + unsigned char type, unsigned char exportable, uint64_t* resultLen); +int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, + uint8_t *type, uint8_t* exportable) ; + + + +#define ECDSA '1' +#define BLS '2' +#define DKG '3' + +#define EXPORTABLE '1' +#define NON_EXPORTABLE '2' -int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen); -int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; #endif //SGXD_AESUTILS_H diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.cpp similarity index 93% rename from secure_enclave/DomainParameters.c rename to secure_enclave/DomainParameters.cpp index 241c43e4..5d91561c 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.cpp @@ -31,10 +31,13 @@ #include <../tgmp-build/include/sgx_tgmp.h> #endif +#include #include #include #include +#include "EnclaveCommon.h" #include "Point.h" + #include "DomainParameters.h" #define CHECK_ARG_ABORT(_EXPRESSION_) \ @@ -46,16 +49,27 @@ /*Initialize a curve*/ domain_parameters domain_parameters_init() { + + + domain_parameters curve; - curve = calloc(sizeof(struct domain_parameters_s),1); + curve = (domain_parameters) calloc(sizeof(struct domain_parameters_s),1); + + CHECK_ARG_ABORT(curve); + //Initialize all members mpz_init(curve->p); mpz_init(curve->a); mpz_init(curve->b); + mpz_init(curve->n); + mpz_init(curve->h); + + curve->G = point_init(); - mpz_init(curve->n); - mpz_init(curve->h); + + CHECK_ARG_ABORT(curve->G); + return curve; } diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index 8d061d47..20eb15d3 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -173,14 +173,25 @@ void enclave_init() { return; inited = 1; + LOG_INFO("Initing libff"); try { + + LOG_INFO("Initing params"); + libff::init_alt_bn128_params(); + + LOG_INFO("Initing curve"); curve = domain_parameters_init(); + LOG_INFO("Initing curve domain"); domain_parameters_load_curve(curve, secp256k1); } catch (exception& e) { LOG_ERROR("Exception in libff init"); LOG_ERROR(e.what()); + abort(); + } catch (...) { + LOG_ERROR("Unknown exception in libff"); + abort(); } LOG_INFO("Inited libff"); } @@ -345,19 +356,19 @@ void logMsg(log_level _level, const char *_msg) { } -EXTERNC void LOG_INFO(const char *_msg) { +void LOG_INFO(const char *_msg) { logMsg(L_INFO, _msg); }; -EXTERNC void LOG_WARN(const char *_msg) { +void LOG_WARN(const char *_msg) { logMsg(L_WARNING, _msg); }; -EXTERNC void LOG_ERROR(const char *_msg) { +void LOG_ERROR(const char *_msg) { logMsg(L_ERROR, _msg); }; -EXTERNC void LOG_DEBUG(const char *_msg) { +void LOG_DEBUG(const char *_msg) { logMsg(L_DEBUG, _msg); }; -EXTERNC void LOG_TRACE(const char *_msg) { +void LOG_TRACE(const char *_msg) { logMsg(L_TRACE, _msg); }; diff --git a/secure_enclave/Makefile.am b/secure_enclave/Makefile.am index 188d2f21..64ce66b8 100644 --- a/secure_enclave/Makefile.am +++ b/secure_enclave/Makefile.am @@ -83,8 +83,8 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \ secure_enclave.c \ - Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ - DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ + Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ + DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG) diff --git a/secure_enclave/Makefile.in b/secure_enclave/Makefile.in index a0dd8749..23c510ef 100644 --- a/secure_enclave/Makefile.in +++ b/secure_enclave/Makefile.in @@ -108,9 +108,9 @@ PROGRAMS = $(libexec_PROGRAMS) am__objects_1 = am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \ secure_enclave.$(OBJEXT) Curves.$(OBJEXT) \ - DomainParameters.$(OBJEXT) NumberTheory.$(OBJEXT) \ - Point.$(OBJEXT) Signature.$(OBJEXT) DHDkg.$(OBJEXT) \ - AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) EnclaveCommon.$(OBJEXT) \ + NumberTheory.$(OBJEXT) Point.$(OBJEXT) Signature.$(OBJEXT) \ + DHDkg.$(OBJEXT) AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) \ + EnclaveCommon.$(OBJEXT) DomainParameters.$(OBJEXT) \ alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \ alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1) secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS) @@ -337,8 +337,8 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml ENCLAVE_KEY = test_insecure_private_key.pem #$(ENCLAVE)_private.pem secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \ secure_enclave.c \ - Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ - DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ + Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ + DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG) diff --git a/secure_enclave/SIGNED_ENCLAVE_VERSION b/secure_enclave/SIGNED_ENCLAVE_VERSION index 38a849b1..84e8fe49 100644 --- a/secure_enclave/SIGNED_ENCLAVE_VERSION +++ b/secure_enclave/SIGNED_ENCLAVE_VERSION @@ -1 +1 @@ -#define SIGNED_ENCLAVE_VERSION "0" \ No newline at end of file +#define SIGNED_ENCLAVE_VERSION "1" \ No newline at end of file diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index b19b3e66..91e1eab7 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -57,6 +57,15 @@ signature signature_init() { return sig; } +/*Release signature*/ +void signature_free(signature sig) { + if (!sig) + return; + mpz_clear(sig->r); + mpz_clear(sig->s); + free(sig); +} + /*Set signature from strings of a base from 2-62*/ int signature_set_str(signature sig, const char *r, const char *s, int base) { @@ -104,10 +113,9 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para return; } - point Q = point_init(); - //Initializing variables - mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed; + point Q = point_init(); + mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed, s_mul_2; mpz_init(k); mpz_init(x); mpz_init(r); @@ -121,7 +129,6 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para mpz_init(rem); mpz_init(neg); mpz_init(seed); - mpz_t s_mul_2; mpz_init(s_mul_2); SAFE_CHAR_BUF(rand_char, 32); @@ -182,32 +189,27 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para point_clear(Q); - mpz_clear(k); - mpz_clear(r); mpz_clear(s); + mpz_clear(r); mpz_clear(x); mpz_clear(rem); mpz_clear(neg); mpz_clear(t1); mpz_clear(t2); mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); mpz_clear(seed); mpz_clear(n_div_2); mpz_clear(s_mul_2); + } #endif -/*Release signature*/ -void signature_free(signature sig) { - if (!sig) - return; - mpz_clear(sig->r); - mpz_clear(sig->s); - free(sig); -} + /*Verify the integrity of a message using it's signature*/ bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 8ccc6bc4..ea30fca5 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -111,7 +111,7 @@ void *reallocate_function(void *, size_t, size_t); void free_function(void *, size_t); -unsigned char *globalRandom; +unsigned char *globalRandom = NULL; #define CALL_ONCE \ @@ -122,7 +122,7 @@ unsigned char *globalRandom; abort(); \ } else {called = true;}; -void trustedEnclaveInit(uint32_t _logLevel) { +void trustedEnclaveInit(uint64_t _logLevel) { CALL_ONCE LOG_INFO(__FUNCTION__); @@ -136,9 +136,14 @@ void trustedEnclaveInit(uint32_t _logLevel) { mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func); mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func); - LOG_INFO("Reading random"); + LOG_INFO("Calling enclave init"); + + + enclave_init(); + LOG_INFO("Reading random"); + globalRandom = calloc(32,1); int ret = sgx_read_rand(globalRandom, 32); @@ -149,11 +154,6 @@ void trustedEnclaveInit(uint32_t _logLevel) { abort(); } - - LOG_INFO("Calling enclave init"); - - enclave_init(); - LOG_INFO("Successfully inited enclave. Signed enclave version:" SIGNED_ENCLAVE_VERSION ); #ifndef SGX_DEBUG LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!"); @@ -232,7 +232,7 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) { void sealHexSEK(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) { + uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -242,7 +242,7 @@ void sealHexSEK(int *errStatus, char *errString, CHECK_STATE(strnlen(sek_hex, 33) == 32) - uint64_t plaintextLen = strlen(sek_hex + 1); + uint64_t plaintextLen = strlen(sek_hex) + 1; uint64_t sealedLen = sgx_calc_sealed_data_size(0, plaintextLen); @@ -255,7 +255,7 @@ void sealHexSEK(int *errStatus, char *errString, (sgx_sealed_data_t *) encrypted_sek); CHECK_STATUS("seal SEK failed after SEK generation"); - uint32_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek); + uint64_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(encrypt_text_length = plaintextLen); @@ -263,7 +263,7 @@ void sealHexSEK(int *errStatus, char *errString, SAFE_CHAR_BUF(unsealedKey, BUF_LEN); uint32_t decLen = BUF_LEN; - uint32_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek); + uint64_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(add_text_length == 0); CHECK_STATE(sgx_is_within_enclave(encrypted_sek,sizeof(sgx_sealed_data_t))); status = sgx_unseal_data((const sgx_sealed_data_t *)encrypted_sek, NULL, NULL, @@ -279,7 +279,7 @@ void sealHexSEK(int *errStatus, char *errString, } void trustedGenerateSEK(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) { + uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -291,7 +291,8 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key[512], SEK_raw, SGX_AESGCM_KEY_SIZE); + sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -330,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); + hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[512])); SET_SUCCESS clean: @@ -338,8 +339,8 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { LOG_INFO("SGX call completed"); } -void trustedSetSEK_backup(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) { +void trustedSetSEKBackup(int *errStatus, char *errString, + uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -348,7 +349,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) AES_key); + hex2carray(sek_hex, &len, (uint8_t *) (AES_key[512])); + sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); @@ -366,8 +368,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString, -void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, - uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGenerateEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -407,22 +409,24 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); + SAFE_CHAR_BUF(skey_str, BUF_LEN); + SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey); n_zeroes = 64 - strlen(arr_skey_str); for (int i = 0; i < n_zeroes; i++) { skey_str[i] = '0'; } strncpy(skey_str + n_zeroes, arr_skey_str, 65 - n_zeroes); - skey_str[ECDSA_SKEY_LEN - 1] = 0; snprintf(errString, BUF_LEN, "skey len is %d\n", (int) strlen(skey_str)); - int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN); + int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN, + ECDSA, NON_EXPORTABLE, enc_len); CHECK_STATUS("ecdsa private key encryption failed"); - *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; + uint8_t type = 0; + uint8_t exportable = 0; - status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN); + status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &exportable); CHECK_STATUS2("ecdsa private key decr failed with status %d"); @@ -435,12 +439,12 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, LOG_INFO("SGX call completed"); } -void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, - uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGetPublicEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t privateKeyMpz; mpz_init(privateKeyMpz); @@ -452,7 +456,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &exportable); CHECK_STATUS2("AES_decrypt failed with status %d"); skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; @@ -512,7 +520,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, static uint64_t sigCounter = 0; -void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, +void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG(__FUNCTION__); @@ -523,7 +531,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv CHECK_STATE(sigR); CHECK_STATE(sigS); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t privateKeyMpz; mpz_init(privateKeyMpz); @@ -531,7 +539,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv mpz_init(msgMpz); signature sign = signature_init(); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &exportable); CHECK_STATUS2("aes decrypt failed with status %d"); @@ -596,8 +609,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv } -void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, - uint32_t enc_len, char *key) { +void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, + uint64_t enc_len, char *key) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE @@ -607,7 +620,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri *errStatus = -9; - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072); + uint8_t type = 0; + uint8_t exportable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072, + &type, &exportable); + + if (exportable != EXPORTABLE) { + *errStatus = -11; + snprintf(errString, BUF_LEN, "Key is not exportable"); + } if (status != 0) { *errStatus = status; @@ -632,8 +654,8 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri } -void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, - uint8_t *encryptedPrivateKey, uint32_t *enc_len) { +void trustedEncryptKey(int *errStatus, char *errString, const char *key, + uint8_t *encryptedPrivateKey, uint64_t *enc_len) { LOG_INFO(__FUNCTION__); *errString = 0; @@ -644,15 +666,18 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, *errStatus = UNKNOWN_ERROR; - int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN); + int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN, + DKG, EXPORTABLE, enc_len); CHECK_STATUS2("AES encrypt failed with status %d"); - *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - SAFE_CHAR_BUF(decryptedKey, BUF_LEN); - status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + + status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN, + &type, &exportable); CHECK_STATUS2("trustedDecryptKey failed with status %d"); @@ -668,6 +693,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); + LOG_ERROR(key); + LOG_ERROR(decryptedKey); LOG_ERROR(errString); goto clean; } @@ -680,8 +707,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, } -void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, - uint32_t enc_len, char *_hashX, +void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, + uint64_t enc_len, char *_hashX, char *_hashY, char *signature) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE @@ -693,7 +720,10 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN); - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &exportable); CHECK_STATUS("AES decrypt failed") @@ -723,7 +753,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte } void -trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -735,16 +765,20 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s CHECK_STATUS("gen_dkg_poly failed") - status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN); + status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN, + DKG, EXPORTABLE, enc_len); CHECK_STATUS("SGX AES encrypt DKG poly failed"); - *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; + SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH); + uint8_t type = 0; + uint8_t exportable = 0; + status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret, - DKG_BUFER_LENGTH); + DKG_BUFER_LENGTH, &type, &exportable); CHECK_STATUS("aes decrypt dkg poly failed"); @@ -764,8 +798,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s } void -trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, - uint32_t enc_len, +trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, + uint64_t enc_len, uint8_t *decrypted_dkg_secret) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -773,8 +807,11 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(decrypted_dkg_secret); + uint8_t type; + uint8_t exportable; + int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret, - 3072); + 3072, &type, &exportable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d") @@ -787,7 +824,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d } -void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) { +void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -795,8 +832,11 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH); + uint8_t type = 0; + uint8_t exportable = 0; + int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(), - DKG_BUFER_LENGTH); + DKG_BUFER_LENGTH, &type, &exportable); CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d") @@ -807,14 +847,14 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc LOG_INFO("SGX call completed"); } -void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE - uint32_t enc_len; + uint64_t enc_len; int status; CHECK_STATE(encrypted_skey); @@ -824,15 +864,18 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t LOG_DEBUG(__FUNCTION__); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN); - trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + + CHECK_STATUS("trustedGenerateEcdsaKey failed"); - CHECK_STATUS("trustedGenerateEcdsaKeyAES failed"); + uint8_t type = 0; + uint8_t exportable = 0; - status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN); + status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -840,13 +883,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *dec_len = enc_len; - SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(common_key, BUF_LEN); status = gen_session_key(skey, pub_keyB, common_key); CHECK_STATUS("gen_session_key failed") - SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(s_share, BUF_LEN); status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind); CHECK_STATUS("calc secret share failed") @@ -855,7 +898,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t status = calc_secret_shareG2(s_share, s_shareG2); CHECK_STATUS("invalid decr secret share"); - SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(cypher, BUF_LEN); status=xor_encrypt(common_key, s_share, cypher); CHECK_STATUS("xor_encrypt failed") @@ -872,7 +915,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t LOG_INFO("SGX call completed"); } -void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, char *public_shares, unsigned _t, unsigned _n) { LOG_INFO(__FUNCTION__); @@ -885,8 +928,11 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret, - DKG_MAX_SEALED_LEN); + DKG_MAX_SEALED_LEN, &type, &exportable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d"); @@ -900,7 +946,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt LOG_INFO("SGX call completed"); } -void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, +void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { LOG_INFO(__FUNCTION__); @@ -910,26 +956,30 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha CHECK_STATE(s_share); CHECK_STATE(encryptedPrivateKey); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey,BUF_LEN); mpz_t s; mpz_init(s); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + uint8_t type = 0; + uint8_t exportable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &exportable); CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d"); - SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(encr_sshare, BUF_LEN); strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1); - SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(common_key, BUF_LEN); status = session_key_recover(skey, s_share, common_key); CHECK_STATUS("session_key_recover failed"); - SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(decr_sshare, BUF_LEN); status=xor_decrypt(common_key, encr_sshare, decr_sshare); @@ -949,9 +999,9 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha LOG_INFO("SGX call completed"); } -void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, +void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, - uint32_t *enc_bls_key_len) { + uint64_t *enc_bls_key_len) { LOG_INFO(__FUNCTION__); @@ -961,7 +1011,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encr_bls_key); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t sum; mpz_init(sum); @@ -974,8 +1024,12 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share mpz_t bls_key; mpz_init(bls_key); + uint8_t type = 0; + uint8_t exportable = 0; + - int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN, + &type, &exportable); CHECK_STATUS2("aes decrypt failed with status %d"); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1035,12 +1089,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); key_share[BLS_KEY_LENGTH - 1] = 0; - status = AES_encrypt(key_share, encr_bls_key, BUF_LEN); + status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_EXPORTABLE, enc_bls_key_len); CHECK_STATUS2("aes encrypt bls private key failed with status %d "); - *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - SET_SUCCESS clean: @@ -1052,7 +1104,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share } void -trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, +trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG(__FUNCTION__); @@ -1061,9 +1113,15 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat CHECK_STATE(bls_pub_key); CHECK_STATE(encryptedPrivateKey); - SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey_hex, BUF_LEN); + + uint8_t type = 0; + uint8_t exportable = 0; + + - int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN, + &type, &exportable); CHECK_STATUS2("AES decrypt failed %d"); diff --git a/secure_enclave/secure_enclave.config.xml b/secure_enclave/secure_enclave.config.xml index 23617c17..45283f17 100644 --- a/secure_enclave/secure_enclave.config.xml +++ b/secure_enclave/secure_enclave.config.xml @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1000000 0x100000000 128 diff --git a/secure_enclave/secure_enclave.config.xml.release b/secure_enclave/secure_enclave.config.xml.release index d4685ca9..d8d5aad1 100644 --- a/secure_enclave/secure_enclave.config.xml.release +++ b/secure_enclave/secure_enclave.config.xml.release @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1000000 0x100000000 128 diff --git a/secure_enclave/secure_enclave.config.xml.sim b/secure_enclave/secure_enclave.config.xml.sim index 9e8aad20..7e77b69c 100644 --- a/secure_enclave/secure_enclave.config.xml.sim +++ b/secure_enclave/secure_enclave.config.xml.sim @@ -1,11 +1,11 @@ 0 - 0 + 1 0x1000000 - 0x10000000 - 32 - 32 - 32 + 0x1000000 + 16 + 16 + 16 0 0 diff --git a/secure_enclave/secure_enclave.edl b/secure_enclave/secure_enclave.edl index b5b57835..9d476ee8 100644 --- a/secure_enclave/secure_enclave.edl +++ b/secure_enclave/secure_enclave.edl @@ -11,14 +11,14 @@ enclave { trusted { include "sgx_tgmp.h" - public void trustedEnclaveInit(uint32_t _logLevel); + public void trustedEnclaveInit(uint64_t _logLevel); public void trustedGenerateSEK( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [out, count = 65] char* hex_SEK); public void trustedSetSEK( @@ -26,79 +26,79 @@ enclave { [out, count = SMALL_BUF_SIZE] char *err_string, [in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK); - public void trustedSetSEK_backup( + public void trustedSetSEKBackup( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [in, string] const char* SEK_hex); - public void trustedGenerateEcdsaKeyAES ( + public void trustedGenerateEcdsaKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); - public void trustedGetPublicEcdsaKeyAES( + public void trustedGetPublicEcdsaKey( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t dec_len, + uint64_t dec_len, [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); - public void trustedEcdsaSignAES( + public void trustedEcdsaSign( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [in, string] const char* hash, [out, count = SMALL_BUF_SIZE] char* sig_r, [out, count = SMALL_BUF_SIZE] char* sig_s, [out] uint8_t* sig_v, int base); - public void trustedEncryptKeyAES ( + public void trustedEncryptKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] const char* key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - [out] uint32_t *enc_len); + [out] uint64_t *enc_len); - public void trustedDecryptKeyAES ( + public void trustedDecryptKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [out, count = SMALL_BUF_SIZE] char* key ); - public void trustedGenDkgSecretAES ( + public void trustedGenDkgSecret ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = 3072] uint8_t* encrypted_dkg_secret, - [out] uint32_t * enc_len, size_t _t); + [out] uint64_t * enc_len, size_t _t); - public void trustedDecryptDkgSecretAES ( + public void trustedDecryptDkgSecret ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, - uint32_t enc_len, + uint64_t enc_len, [out, count = 3072] uint8_t* decrypted_dkg_secret ); - public void trustedSetEncryptedDkgPolyAES( + public void trustedSetEncryptedDkgPoly( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_poly, - uint32_t enc_len); + uint64_t enc_len); - public void trustedGetEncryptedSecretShareAES( + public void trustedGetEncryptedSecretShare( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey, - [out] uint32_t* dec_len, + [out] uint64_t* dec_len, [out, count = 193] char* result_str, [out, count = 320] char* s_shareG2, [in, string] char* pub_keyB, @@ -106,16 +106,16 @@ enclave { uint8_t _n, uint8_t ind); - public void trustedGetPublicSharesAES( + public void trustedGetPublicShares( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, - uint32_t enc_len, + uint64_t enc_len, [out, count = 10000] char* public_shares, unsigned _t, unsigned _n); - public void trustedDkgVerifyAES( + public void trustedDkgVerify( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, string] const char* public_shares, @@ -126,25 +126,25 @@ enclave { int _ind, [out] int* result); - public void trustedCreateBlsKeyAES( + public void trustedCreateBlsKey( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 6145] const char* s_shares, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, uint64_t key_len, [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key, - [out] uint32_t *enc_bls_key_len); + [out] uint64_t *enc_bls_key_len); - public void trustedBlsSignMessageAES ( + public void trustedBlsSignMessage ( [out] int *errStatus, [out, count = TINY_BUF_SIZE] char* err_string, [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [in, string] char* hashX , [in, string] char* hashY, [out, count = SMALL_BUF_SIZE] char* signature); - public void trustedGetBlsPubKeyAES( + public void trustedGetBlsPubKey( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, diff --git a/sgxwallet.c b/sgxwallet.c index 078fa411..5c6d16eb 100644 --- a/sgxwallet.c +++ b/sgxwallet.c @@ -36,6 +36,5 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "sgxwallet.h" sgx_launch_token_t token = {0}; -sgx_enclave_id_t eid; -sgx_status_t status; -int updated; +sgx_enclave_id_t eid = 0; +int updated = 0; diff --git a/sgxwallet.h b/sgxwallet.h index 0a497448..d7944c22 100644 --- a/sgxwallet.h +++ b/sgxwallet.h @@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. extern sgx_enclave_id_t eid; extern int updated; extern sgx_launch_token_t token; -extern sgx_status_t status; #define ENCLAVE_NAME "secure_enclave.signed.so" diff --git a/sgxwallet_common.h b/sgxwallet_common.h index 8dcb846d..5f5aba59 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -109,4 +109,34 @@ extern bool autoconfirm; #define TEST_VALUE "1234567890" + +#define RESTART_BEGIN \ +int __ATTEMPTS__ = 0; \ +do {\ +__ATTEMPTS__++; \ +{\ +READ_LOCK(initMutex); + +#define RESTART_END \ +} \ +if (status != SGX_SUCCESS || errStatus == 3) { \ +spdlog::error(__FUNCTION__); \ +spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \ +reinitEnclave(); \ +} \ +} while ((status != SGX_SUCCESS || errStatus == 3) && __ATTEMPTS__ < 2); + + + +#define RESTART_END_POINTER \ +} \ +if (status != SGX_SUCCESS || *errStatus == 3) { \ +spdlog::error(__FUNCTION__);\ +spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus); \ +reinitEnclave(); \ +} \ +} while ((status != SGX_SUCCESS || *errStatus == 3) && __ATTEMPTS__ < 2); + + + #endif //SGXWALLET_SGXWALLET_COMMON_H diff --git a/testw.cpp b/testw.cpp index baf09c09..f4175aa8 100644 --- a/testw.cpp +++ b/testw.cpp @@ -98,7 +98,7 @@ class TestFixtureHTTPS { class TestFixtureNoResetFromBackup { public: TestFixtureNoResetFromBackup() { - setFullOptions(L_INFO, false, true, true ); + setFullOptions(L_INFO, false, true, true); initAll(L_INFO, false, true); } @@ -123,13 +123,13 @@ class TestFixtureNoReset { TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes-key-sig-gen]") { vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encrPrivKey(BUF_LEN, 0); + vector encrPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -141,27 +141,28 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes uint8_t signatureV = 0; - for (int i=0; i < 50; i++) { + for (int i = 0; i < 50; i++) { PRINT_SRC_LINE - status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, + status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, hex.data(), signatureR.data(), signatureS.data(), &signatureV, 16); + REQUIRE(status == SGX_SUCCESS); + REQUIRE(errStatus == SGX_SUCCESS); } - REQUIRE(status == SGX_SUCCESS); - REQUIRE(errStatus == SGX_SUCCESS); + } TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encrPrivKey(BUF_LEN, 0); + vector encrPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); @@ -173,13 +174,14 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-key]") { int errStatus = 0; vector errMsg(BUF_LEN, 0); - vector encPrivKey(BUF_LEN, 0); + vector encPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + + uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(), + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -189,7 +191,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke vector receivedPubKeyY(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, + status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, receivedPubKeyX.data(), receivedPubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -259,8 +261,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") { auto keyName = genECDSAKeyAPI(c); -Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH); - + Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH); for (int i = 0; i <= 20; i++) { @@ -287,21 +288,21 @@ TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") { TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); vector secret(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); - status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), + status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, (uint8_t *) secret.data()); REQUIRE(status == SGX_SUCCESS); @@ -309,17 +310,16 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { } - TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares]") { - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; unsigned t = 32, n = 32; PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); @@ -328,30 +328,30 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares char colon = ':'; vector pubShares(10000, 0); PRINT_SRC_LINE - status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(), + status = trustedGetPublicShares(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, pubShares.data(), t, n); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); - vector g2Strings = splitString(pubShares.data(), ','); - vector pubSharesG2; + vector g2Strings = splitString(pubShares.data(), ','); + vector pubSharesG2; for (u_int64_t i = 0; i < g2Strings.size(); i++) { - vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); + vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); pubSharesG2.push_back(TestUtils::vectStringToG2(coeffStr)); } vector secret(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, + status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, (uint8_t *) secret.data()); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); signatures::Dkg dkgObj(t, n); - vector poly = TestUtils::splitStringToFr(secret.data(), colon); - vector pubSharesDkg = dkgObj.VerificationVector(poly); + vector poly = TestUtils::splitStringToFr(secret.data(), colon); + vector pubSharesDkg = dkgObj.VerificationVector(poly); for (uint32_t i = 0; i < pubSharesDkg.size(); i++) { libff::alt_bn128_G2 el = pubSharesDkg.at(i); el.to_affine_coordinates(); @@ -364,28 +364,28 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- vector result(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); uint64_t enc_len = encLen; PRINT_SRC_LINE - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len); + status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); - vector encrPRDHKey(BUF_LEN, 0); + vector encrPRDHKey(BUF_LEN, 0); string pub_keyB = SAMPLE_PUBLIC_KEY_B; vector s_shareG2(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen, + status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen, result.data(), s_shareG2.data(), (char *) pub_keyB.data(), 2, 2, 1); @@ -419,8 +419,8 @@ TEST_CASE_METHOD(TestFixture, "DKG_BLS test", "[dkg-bls]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); - vector ecdsaKeyNames; - vector blsKeyNames; + vector ecdsaKeyNames; + vector blsKeyNames; int schainID = TestUtils::randGen(); int dkgID = TestUtils::randGen(); @@ -440,7 +440,8 @@ TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); std::string name = "BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0"; - libff::alt_bn128_Fr key = libff::alt_bn128_Fr("6507625568967977077291849236396320012317305261598035438182864059942098934847"); + libff::alt_bn128_Fr key = libff::alt_bn128_Fr( + "6507625568967977077291849236396320012317305261598035438182864059942098934847"); std::string key_str = TestUtils::stringFromFr(key); PRINT_SRC_LINE c.importBLSKeyShare(key_str, name); @@ -473,7 +474,6 @@ TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") { } - TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") { PRINT_SRC_LINE @@ -552,7 +552,13 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") { //wrong verif Json::Value Skeys = c.getSecretShare(polyName, publicKeys, 2, 2); + REQUIRE_NOTHROW(c.getSecretShare(polyName, publicKeys, 2, 2)); + REQUIRE(Skeys == c.getSecretShare(polyName, publicKeys, 2, 2)); + Json::Value verifVect = c.getVerificationVector(polyName, 2, 2); + REQUIRE_NOTHROW(c.getVerificationVector(polyName, 2, 2)); + REQUIRE(verifVect == c.getVerificationVector(polyName, 2, 2)); + Json::Value verificationWrongSkeys = c.dkgVerification("", "", "", 2, 2, 1); REQUIRE(verificationWrongSkeys["status"].asInt() != 0); } @@ -587,8 +593,8 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { Json::Value secretShares[n]; Json::Value pubBLSKeys[n]; Json::Value blsSigShares[n]; - vector pubShares(n); - vector polyNames(n); + vector pubShares(n); + vector polyNames(n); int schainID = TestUtils::randGen(); int dkgID = TestUtils::randGen(); @@ -623,7 +629,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { } int k = 0; - vector secShares(n); + vector secShares(n); for (int i = 0; i < n; i++) for (int j = 0; j < n; j++) { @@ -644,15 +650,16 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { string hash = SAMPLE_HASH; - auto hash_arr = make_shared>(); + auto hash_arr = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } - map> coeffs_pkeys_map; + map > coeffs_pkeys_map; for (int i = 0; i < t; i++) { string endName = polyNames[i].substr(4); @@ -669,43 +676,44 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n); REQUIRE(blsSigShares[i]["status"] == 0); - shared_ptr sig_share_ptr = make_shared(blsSigShares[i]["signatureShare"].asString()); + shared_ptr sig_share_ptr = make_shared(blsSigShares[i]["signatureShare"].asString()); BLSSigShare sig(sig_share_ptr, i + 1, t, n); sigShareSet.addSigShare(make_shared(sig)); - vector pubKey_vect; + vector pubKey_vect; for (uint8_t j = 0; j < 4; j++) { pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString()); } - BLSPublicKeyShare pubKey(make_shared>(pubKey_vect), t, n); + BLSPublicKeyShare pubKey(make_shared < vector < string >> (pubKey_vect), t, n); PRINT_SRC_LINE REQUIRE(pubKey.VerifySigWithHelper(hash_arr, make_shared(sig), t, n)); coeffs_pkeys_map[i + 1] = make_shared(pubKey); } - shared_ptr commonSig = sigShareSet.merge(); - BLSPublicKey common_public(make_shared>>(coeffs_pkeys_map), t, - n); + shared_ptr commonSig = sigShareSet.merge(); + BLSPublicKey + common_public(make_shared < map < size_t, shared_ptr < BLSPublicKeyShare >>>(coeffs_pkeys_map), t, + n); REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n)); } TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { - int errStatus = -1; + int errStatus = 0; vector errMsg(BUF_LEN, 0); - uint32_t encLen; + uint64_t encLen; string key = SAMPLE_AES_KEY; - vector encrypted_key(BUF_LEN, 0); + vector encrypted_key(BUF_LEN, 0); PRINT_SRC_LINE - auto status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); + auto status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); REQUIRE(status == 0); REQUIRE(errStatus == 0); vector decr_key(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data()); + status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data()); REQUIRE(status == 0); REQUIRE(errStatus == 0); @@ -714,7 +722,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypto]") { - vector threads; + vector threads; int num_threads = 4; for (int i = 0; i < num_threads; i++) { threads.push_back(thread(TestUtils::sendRPCRequest)); @@ -726,10 +734,45 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt } TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") { + + HttpClient client(RPC_ENDPOINT); + StubClient c(client, JSONRPC_CLIENT_V2); + try { + PRINT_SRC_LINE + auto keyName = genECDSAKeyAPI(c); + ofstream namefile("/tmp/keyname"); + namefile << keyName; + + PRINT_SRC_LINE + } catch (JsonRpcException & e) + { + cerr << e.what() << endl; + throw; + } + + } TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") { + + HttpClient client(RPC_ENDPOINT); + StubClient c(client, JSONRPC_CLIENT_V2); + try { + PRINT_SRC_LINE + string keyName; + ifstream namefile("/tmp/keyname"); + getline(namefile, keyName); + + Json::Value sig = c.ecdsaSignMessageHash(16, keyName, SAMPLE_HASH); + REQUIRE(sig["status"].asInt() == 0); + Json::Value getPubKey = c.getPublicECDSAKey(keyName); + REQUIRE(getPubKey["status"].asInt() == 0); + } catch (JsonRpcException &e) { + cerr << e.what() << endl; + throw; + } } + TEST_CASE_METHOD(TestFixtureNoResetFromBackup, "Backup restore", "[backup-restore]") { }