From a71e43c23c9823a88c276ed0bb3f46340d93a53f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 11:03:34 +0300 Subject: [PATCH 01/61] SKALE-3213-improve-error-handling --- BLSCrypto.cpp | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 6cd4b7ba..1e27e456 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -218,14 +218,19 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz sz, xStrArg, yStrArg, signature); if (status != SGX_SUCCESS) { - cerr << "SGX enclave call to trustedBlsSignMessage failed with status:" << status << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); + string errString = string("SGX enclave call to ") + + __FUNCTION__ + " failed with errStatus:" + to_string(status) + + " Err message:" + errMsg; + BOOST_THROW_EXCEPTION(runtime_error(errString)); } if (errStatus != 0) { - cerr << "SGX enclave call to trustedBlsSignMessage failed with errStatus:" << errStatus << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); + string errString = string("SGX enclave call to ") + + __FUNCTION__ + " failed with errStatus:" + to_string(errStatus) + + " Err message:" + errMsg; + BOOST_THROW_EXCEPTION(runtime_error(errString)); } + std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; @@ -255,11 +260,8 @@ std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen); - spdlog::debug("errStatus is {}", *errStatus); - spdlog::debug("errMsg is ", errMsg->data()); - if (*errStatus != 0) { - throw SGXException(-666, errMsg->data()); + BOOST_THROW_EXCEPTION(SGXException(-666, errMsg->data())); } if (status != SGX_SUCCESS) { From 17dca977465800e2751fee25efe93b5a5654eb29 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 11:21:15 +0300 Subject: [PATCH 02/61] SKALE-3213 --- BLSCrypto.cpp | 47 ++++++++++----------------------------- BLSPrivateKeyShareSGX.cpp | 19 +++++----------- common.h | 18 +++++++++++++++ 3 files changed, 36 insertions(+), 48 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 1e27e456..2b3b273b 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -51,7 +51,7 @@ #include "third_party/spdlog/spdlog.h" #include "common.h" -std::string *FqToString(libff::alt_bn128_Fq *_fq) { +string *FqToString(libff::alt_bn128_Fq *_fq) { mpz_t t; mpz_init(t); @@ -62,7 +62,7 @@ std::string *FqToString(libff::alt_bn128_Fq *_fq) { mpz_get_str(arr, 10, t); mpz_clear(t); - return new std::string(arr); + return new string(arr); } int char2int(char _input) { @@ -167,19 +167,19 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz shared_ptr obj; obj = make_shared(signatures::Bls(_t, _n)); - std::pair hash_with_hint = obj->HashtoG1withHint(hash); + pair hash_with_hint = obj->HashtoG1withHint(hash); string *xStr = FqToString(&(hash_with_hint.first.X)); if (xStr == nullptr) { - std::cerr << "Null xStr" << std::endl; + cerr << "Null xStr" << endl; BOOST_THROW_EXCEPTION(runtime_error("Null xStr")); } string *yStr = FqToString(&(hash_with_hint.first.Y)); if (yStr == nullptr) { - std::cerr << "Null yStr" << std::endl; + cerr << "Null yStr" << endl; delete xStr; BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } @@ -208,33 +208,18 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz if (!result) { cerr << "Invalid hex encrypted key" << endl; - BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key")); + BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); } int errStatus = 0; - sgx_status_t status = trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, sz, xStrArg, yStrArg, signature); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); - if (status != SGX_SUCCESS) { - string errString = string("SGX enclave call to ") + - __FUNCTION__ + " failed with errStatus:" + to_string(status) + - " Err message:" + errMsg; - BOOST_THROW_EXCEPTION(runtime_error(errString)); - } - - if (errStatus != 0) { - string errString = string("SGX enclave call to ") + - __FUNCTION__ + " failed with errStatus:" + to_string(errStatus) + - " Err message:" + errMsg; - BOOST_THROW_EXCEPTION(runtime_error(errString)); - } - - - std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; + string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; - std::string sig = signature; + string sig = signature; sig.append(":"); sig.append(hint); @@ -248,28 +233,20 @@ bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig); } -std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { +string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { auto keyArray = make_shared>(BUF_LEN, 0); auto encryptedKey = make_shared>(BUF_LEN, 0); auto errMsg = make_shared>(BUF_LEN, 0); strncpy(keyArray->data(), _key, BUF_LEN); *errStatus = -1; - unsigned int encryptedLen = 0; status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen); - if (*errStatus != 0) { - BOOST_THROW_EXCEPTION(SGXException(-666, errMsg->data())); - } - - if (status != SGX_SUCCESS) { - *errStatus = -1; - return ""; - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg->data()); - std::string result(2 * BUF_LEN, '\0'); + string result(2 * BUF_LEN, '\0'); carray2Hex(encryptedKey->data(), encryptedLen, &result.front()); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index bc469b27..e3748896 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -25,6 +25,8 @@ #include "BLSSignature.h" #include "BLSutils.h" +#include "third_party/spdlog/spdlog.h" + #include "secure_enclave_u.h" #include "sgxwallet_common.h" #include "sgxwallet.h" @@ -121,6 +123,7 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } + char errMsg[BUF_LEN]; memset(errMsg, 0, BUF_LEN); @@ -144,26 +147,16 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); if (!result) { - cerr << "Invalid hex encrypted key" << endl; - BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid hex encrypted key")); + spdlog::error("Invalid hex encrypted key"); + BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); } - cerr << "Key is " + *encryptedKeyHex << endl; - sgx_status_t status = trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); - printf("sig is: %s\n", signature); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg ); - if (status != SGX_SUCCESS) { - gmp_printf("SGX enclave call to trustedBlsSignMessage failed: 0x%04x\n", status); - BOOST_THROW_EXCEPTION(runtime_error("SGX enclave call to trustedBlsSignMessage failed")); - } - - if (errStatus != 0) { - BOOST_THROW_EXCEPTION(runtime_error("Enclave trustedBlsSignMessage failed:" + to_string(errStatus) + ":" + errMsg )); - } int sigLen; diff --git a/common.h b/common.h index ee21d17d..92833d43 100644 --- a/common.h +++ b/common.h @@ -56,4 +56,22 @@ inline std::string className(const std::string &prettyFunction) { throw InvalidStateException(__msg__, __CLASS_NAME__);} +#define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \ +if (__STATUS__ != SGX_SUCCESS) { \ +string __ERR_STRING__ = string("SGX enclave call to ") + \ + __FUNCTION__ + " failed with status:" \ + + to_string(__STATUS__) + \ + " Err message:" + __ERR_MSG__; \ +BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \ +}\ +\ +if (__ERR_STATUS__ != 0) {\ +string __ERR_STRING__ = string("SGX enclave call to ") +\ + __FUNCTION__ + " failed with errStatus:" + \ + to_string(__ERR_STATUS__) + \ + " Err message:" + __ERR_MSG__;\ +BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \ +} + + #endif //SGXWALLET_COMMON_H From ecdc091eb6a7ee7beffbe235040455fd0279b0a6 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 13:12:37 +0300 Subject: [PATCH 03/61] SKALW-3213-improve-error-handling --- BLSCrypto.cpp | 25 +++++----- DKGCrypto.cpp | 115 ++++++++++++++++++++++---------------------- DKGCrypto.h | 6 +-- SGXWalletServer.cpp | 4 +- common.h | 3 ++ 5 files changed, 76 insertions(+), 77 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 2b3b273b..dad4357d 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -22,34 +22,31 @@ */ #include - #include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp" +#include "leveldb/db.h" +#include + +#include "third_party/intel/create_enclave.h" + + #include "bls.h" #include -#include "leveldb/db.h" -#include #include "BLSPrivateKeyShareSGX.h" -#include "sgxwallet_common.h" -#include "third_party/intel/create_enclave.h" -#include "secure_enclave_u.h" -#include "third_party/intel/sgx_detect.h" -#include -#include -#include "sgxwallet.h" +#include "sgxwallet_common.h" +#include "sgxwallet.h" +#include "SGXException.h" +#include "third_party/spdlog/spdlog.h" +#include "common.h" #include "SGXWalletServer.h" #include "BLSCrypto.h" #include "ServerInit.h" -#include "SGXException.h" - -#include "third_party/spdlog/spdlog.h" -#include "common.h" string *FqToString(libff::alt_bn128_Fq *_fq) { mpz_t t; diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index af925789..9d981bd6 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -21,25 +21,33 @@ @date 2019 */ -#include "DKGCrypto.h" -#include "BLSCrypto.h" -#include "sgxwallet.h" -#include +#include #include -#include "SGXWalletServer.hpp" -#include "SGXException.h" + + #include "third_party/spdlog/spdlog.h" +#include "sgxwallet.h" +#include "SGXException.h" #include "common.h" +#include "SGXWalletServer.hpp" +#include "DKGCrypto.h" +#include "BLSCrypto.h" + -vector splitString(const char *coeffs, const char symbol) { + + + + + +vector splitString(const char *coeffs, const char symbol) { string str(coeffs); string delim; delim.push_back(symbol); - vector G2_strings; + vector G2_strings; size_t prev = 0, pos = 0; do { pos = str.find(delim, prev); @@ -55,7 +63,8 @@ vector splitString(const char *coeffs, const char symbol) { return G2_strings; } -template string ConvertToString(T field_elem, int base = 10) { +template +string ConvertToString(T field_elem, int base = 10) { mpz_t t; mpz_init(t); @@ -71,7 +80,7 @@ template string ConvertToString(T field_elem, int base = 10) { return output; } -string convertHexToDec(const string& hex_str) { +string convertHexToDec(const string &hex_str) { mpz_t dec; mpz_init(dec); @@ -97,7 +106,7 @@ string convertHexToDec(const string& hex_str) { return ret; } -string convertG2ToString(const libff::alt_bn128_G2& elem, int base, const string& delim) { +string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string &delim) { string result = ""; try { @@ -126,7 +135,7 @@ string gen_dkg_poly(int _t) { vector errMsg(1024, 0); int errStatus = 0; - vector encrypted_dkg_secret(BUF_LEN, 0); + vector encrypted_dkg_secret(BUF_LEN, 0); uint32_t enc_len = 0; @@ -154,7 +163,7 @@ string gen_dkg_poly(int _t) { return result; } -vector> get_verif_vect(const char *encryptedPolyHex, int t, int n) { +vector > get_verif_vect(const char *encryptedPolyHex, int t, int n) { vector errMsg(BUF_LEN, 0); int errStatus = 0; @@ -165,7 +174,7 @@ vector> get_verif_vect(const char *encryptedPolyHex, int t, int n uint64_t encLen = 0; - vector encrDKGPoly(2 * BUF_LEN, 0); + vector encrDKGPoly(2 * BUF_LEN, 0); if (!hex2carray2(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); @@ -175,7 +184,7 @@ vector> get_verif_vect(const char *encryptedPolyHex, int t, int n spdlog::debug("enc len {}", encLen); status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, - pubShares.data(), t, n); + pubShares.data(), t, n); if (errStatus != 0) { throw SGXException(-666, errMsg.data()); @@ -191,25 +200,26 @@ vector> get_verif_vect(const char *encryptedPolyHex, int t, int n spdlog::debug("{}", pubShares.data());; spdlog::debug("trustedGetPublicShares status: {}", errStatus); - vector g2Strings = splitString(pubShares.data(), ','); - vector> pubSharesVect; + vector g2Strings = splitString(pubShares.data(), ','); + vector > pubSharesVect; for (uint64_t i = 0; i < g2Strings.size(); i++) { - vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); + vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); pubSharesVect.push_back(coeffStr); } return pubSharesVect; } -string trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, - int _t, - int _n) { +string +trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, + int _t, + int _n) { vector hexEncrKey(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); int errStatus = 0; uint64_t encLen = 0; - vector encrDKGPoly(BUF_LEN, 0); + vector encrDKGPoly(BUF_LEN, 0); if (!hex2carray2(_encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); @@ -224,7 +234,7 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol string result; for (int i = 0; i < _n; i++) { - vector encryptedSkey(BUF_LEN, 0); + vector encryptedSkey(BUF_LEN, 0); uint32_t decLen; vector currentShare(193, 0); vector sShareG2(320, 0); @@ -238,7 +248,7 @@ string trustedGetSecretShares(const string &_polyName, const char *_encryptedPol spdlog::debug("pubKeyB is {}", pub_keyB); trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, - currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); + currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); if (errStatus != 0) { throw SGXException(-666, errMsg1.data()); @@ -287,24 +297,20 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr memset(pshares, 0, 8193); strncpy(pshares, publicShares, strlen(publicShares)); - trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result); + sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, + ind, &result); - if (errStatus != 0) { - throw SGXException(-666, errMsg); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); if (result == 2) { throw SGXException(INVALID_HEX, "Invalid public shares"); } - spdlog::debug("errMsg1: {}", errMsg); - spdlog::debug("result is: {}", result); - return result; } -bool CreateBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { - spdlog::debug("ENTER CreateBLSShare"); +bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { + spdlog::debug("ENTER createBLSShare"); char errMsg[BUF_LEN]; int errStatus = 0; @@ -320,24 +326,22 @@ bool CreateBLSShare(const string &blsKeyName, const char *s_shares, const char * uint32_t enc_bls_len = 0; - trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); + sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, + &enc_bls_len); - if (errStatus != 0) { - spdlog::error(errMsg); - spdlog::error("status {}", errStatus); - throw SGXException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave"); - } else { - char hexBLSKey[2 * BUF_LEN]; + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); - carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey); + char hexBLSKey[2 * BUF_LEN]; - SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey); + carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey); + + SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey); + + return true; - return true; - } } -vector GetBLSPubKey(const char *encryptedKeyHex) { +vector getBLSPubKey(const char *encryptedKeyHex) { char errMsg1[BUF_LEN]; int errStatus = 0; @@ -349,15 +353,10 @@ vector GetBLSPubKey(const char *encryptedKeyHex) { } char pubKey[320]; - spdlog::debug("decKeyLen is {}", decKeyLen); trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey); - if (errStatus != 0) { - spdlog::error(string(errMsg1) + " . Status is {}", errStatus); - throw SGXException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave"); - } - vector pubKeyVect = splitString(pubKey, ':'); + vector pubKeyVect = splitString(pubKey, ':'); spdlog::debug("errMsg1 is {}", errMsg1); spdlog::debug("pub key is "); @@ -367,15 +366,15 @@ vector GetBLSPubKey(const char *encryptedKeyHex) { return pubKeyVect; } -vector calculateAllBlsPublicKeys(const vector& public_shares) { +vector calculateAllBlsPublicKeys(const vector &public_shares) { size_t n = public_shares.size(); size_t t = public_shares[0].length() / 256; uint64_t share_length = 256; uint8_t coord_length = 64; - vector public_keys(n, libff::alt_bn128_G2::zero()); + vector public_keys(n, libff::alt_bn128_G2::zero()); - vector public_values(t, libff::alt_bn128_G2::zero()); + vector public_values(t, libff::alt_bn128_G2::zero()); for (size_t i = 0; i < n; ++i) { for (size_t j = 0; j < t; ++j) { libff::alt_bn128_G2 public_share; @@ -408,7 +407,7 @@ vector calculateAllBlsPublicKeys(const vector& public_shares) { public_keys[i].to_affine_coordinates(); } - vector result(n); + vector result(n); for (size_t i = 0; i < n; ++i) { result[i] = convertG2ToString(public_keys[i]); } @@ -421,7 +420,7 @@ string decryptDHKey(const string &polyName, int ind) { int errStatus = 0; string DH_key_name = polyName + "_" + to_string(ind) + ":"; - shared_ptr hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_"); + shared_ptr hexEncrKeyPtr = SGXWalletServer::readFromDb(DH_key_name, "DKG_DH_KEY_"); spdlog::debug("encr DH key is {}", *hexEncrKeyPtr); @@ -446,8 +445,8 @@ string decryptDHKey(const string &polyName, int ind) { return DHKey; } -vector mult_G2(const string &x) { - vector result(4); +vector mult_G2(const string &x) { + vector result(4); libff::alt_bn128_Fr el(x.c_str()); libff::alt_bn128_G2 elG2 = el * libff::alt_bn128_G2::one(); elG2.to_affine_coordinates(); diff --git a/DKGCrypto.h b/DKGCrypto.h index c1342f84..cb86f0df 100644 --- a/DKGCrypto.h +++ b/DKGCrypto.h @@ -43,9 +43,9 @@ bool verifyShares(const char* publicShares, const char* encr_sshare, const char string decryptDHKey(const string& polyName, int ind); -bool CreateBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex); +bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex); -vector GetBLSPubKey(const char * encryptedKeyHex); +vector getBLSPubKey(const char * encryptedKeyHex); vector mult_G2(const string& x); @@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s vector calculateAllBlsPublicKeys(const vector& public_shares); -bool TestCreateBLSShare( const char * s_shares); +bool TestcreateBLSShare( const char * s_shares); #endif //SGXD_DKGCRYPTO_H diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index c6ec8a8c..195ad4cf 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -489,7 +489,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string shared_ptr encryptedKeyHex_ptr = readFromDb(_ethKeyName); - bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str()); + bool res = createBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str()); if (res) { spdlog::info("BLS KEY SHARE CREATED "); } else { @@ -519,7 +519,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName) } shared_ptr encryptedKeyHex_ptr = readFromDb(_blsKeyName); - vector public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str()); + vector public_key_vect = getBLSPubKey(encryptedKeyHex_ptr->c_str()); for (uint8_t i = 0; i < 4; i++) { result["blsPublicKeyShare"][i] = public_key_vect.at(i); } diff --git a/common.h b/common.h index 92833d43..0c4df324 100644 --- a/common.h +++ b/common.h @@ -32,6 +32,8 @@ using namespace std; #include #include +#include + #include #include "secure_enclave/Verify.h" #include "InvalidStateException.h" @@ -74,4 +76,5 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \ } + #endif //SGXWALLET_COMMON_H From 0684b96a3eaa22e229ec01324966fb7697ae02cb Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 14:13:11 +0300 Subject: [PATCH 04/61] SKALE-3213-improve-error-handling --- BLSCrypto.cpp | 9 +++-- BLSPrivateKeyShareSGX.cpp | 8 ++-- DKGCrypto.cpp | 81 +++++++++++---------------------------- DKGCrypto.h | 2 +- ECDSACrypto.cpp | 31 ++++----------- SEKManager.cpp | 54 +++++++------------------- SEKManager.h | 2 +- SGXWalletServer.cpp | 2 +- ServerInit.cpp | 3 +- VERSION | 2 +- sgxwallet.c | 1 - sgxwallet.h | 1 - testw.cpp | 7 ++-- 13 files changed, 62 insertions(+), 141 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index dad4357d..e8cf6041 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -233,15 +233,16 @@ bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { auto keyArray = make_shared>(BUF_LEN, 0); auto encryptedKey = make_shared>(BUF_LEN, 0); - auto errMsg = make_shared>(BUF_LEN, 0); + + vector errMsg(BUF_LEN, 0); strncpy(keyArray->data(), _key, BUF_LEN); - *errStatus = -1; + *errStatus = 0; unsigned int encryptedLen = 0; - status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen); + sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); - HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg->data()); + HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); string result(2 * BUF_LEN, '\0'); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index e3748896..330f4783 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -124,8 +124,8 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( } - char errMsg[BUF_LEN]; - memset(errMsg, 0, BUF_LEN); + vector errMsg(BUF_LEN, 0); + char xStrArg[BUF_LEN]; char yStrArg[BUF_LEN]; @@ -152,10 +152,10 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( } sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, + trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); - HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg ); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data() ); int sigLen; diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 9d981bd6..148b1013 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -139,19 +139,8 @@ string gen_dkg_poly(int _t) { uint32_t enc_len = 0; - status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); - - if (errStatus != 0) { - spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data()); - spdlog::debug("in DKGCrypto encr len is {}", enc_len); - throw SGXException(-666, errMsg.data()); - } - - if (status != 0) { - spdlog::debug("trustedGenDkgSecret, status {}", status, " err msg ", errMsg.data()); - spdlog::debug("in DKGCrypto encr len is {}", enc_len); - throw SGXException(-666, errMsg.data()); - } + sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); uint64_t length = enc_len;; @@ -180,25 +169,11 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex)); - spdlog::debug("enc len {}", encLen); - status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, - pubShares.data(), t, n); - if (errStatus != 0) { - throw SGXException(-666, errMsg.data()); - } - - if (status != 0) { - throw SGXException(-666, errMsg.data()); - } - - spdlog::debug("err msg is {}", errMsg.data()); - - spdlog::debug("public_shares:"); - spdlog::debug("{}", pubShares.data());; - spdlog::debug("trustedGetPublicShares status: {}", errStatus); + sgx_status_t status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, + pubShares.data(), t, n); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); vector g2Strings = splitString(pubShares.data(), ','); vector > pubSharesVect; @@ -211,7 +186,7 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int } string -trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, +getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, int _t, int _n) { vector hexEncrKey(BUF_LEN, 0); @@ -225,11 +200,8 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); - - if (status != SGX_SUCCESS || errStatus != 0) { - throw SGXException(-666, errMsg1.data()); - } + sgx_status_t status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); string result; @@ -247,12 +219,9 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c spdlog::debug("pubKeyB is {}", pub_keyB); - trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, + sgx_status_t status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); - - if (errStatus != 0) { - throw SGXException(-666, errMsg1.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); spdlog::debug("cur_share is {}", currentShare.data()); @@ -272,7 +241,7 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); - spdlog::debug("errMsg: {}", errMsg1.data()); + } return result; @@ -280,7 +249,7 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c bool verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) { - char errMsg[BUF_LEN]; + vector errMsg(BUF_LEN, 0); int errStatus = 0; uint64_t decKeyLen; @@ -297,10 +266,9 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr memset(pshares, 0, 8193); strncpy(pshares, publicShares, strlen(publicShares)); - sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t, + sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result); - - HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); if (result == 2) { throw SGXException(INVALID_HEX, "Invalid public shares"); @@ -310,9 +278,8 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr } bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { - spdlog::debug("ENTER createBLSShare"); - char errMsg[BUF_LEN]; + vector errMsg(BUF_LEN,0); int errStatus = 0; uint64_t decKeyLen; @@ -326,10 +293,10 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * uint32_t enc_bls_len = 0; - sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key, + sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); - HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); char hexBLSKey[2 * BUF_LEN]; @@ -342,8 +309,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * } vector getBLSPubKey(const char *encryptedKeyHex) { - char errMsg1[BUF_LEN]; - + vector errMsg1(BUF_LEN, 0); int errStatus = 0; uint64_t decKeyLen; @@ -354,11 +320,11 @@ vector getBLSPubKey(const char *encryptedKeyHex) { char pubKey[320]; - trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey); + sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); vector pubKeyVect = splitString(pubKey, ':'); - spdlog::debug("errMsg1 is {}", errMsg1); spdlog::debug("pub key is "); for (int i = 0; i < 4; i++) spdlog::debug("{}", pubKeyVect.at(i)); @@ -436,11 +402,8 @@ string decryptDHKey(const string &polyName, int ind) { char DHKey[ECDSA_SKEY_LEN]; - trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); - - if (errStatus != 0) { - throw SGXException(errStatus, "decrypt key failed in enclave"); - } + sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); return DHKey; } diff --git a/DKGCrypto.h b/DKGCrypto.h index cb86f0df..c3227d62 100644 --- a/DKGCrypto.h +++ b/DKGCrypto.h @@ -37,7 +37,7 @@ vector > get_verif_vect(const char* encryptedPolyHex, int t, int vector splitString(const char* coeffs, const char symbol); -string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector& _publicKeys, int _t, int _n); +string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector& _publicKeys, int _t, int _n); bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind); diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 53fa23b9..6ea53c11 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -56,14 +56,12 @@ vector genECDSAKey() { uint32_t enc_len = 0; - status = trustedGenerateEcdsaKeyAES(eid, &errStatus, + sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encr_pr_key.data(), &enc_len, pub_key_x.data(), pub_key_y.data()); - if (status != SGX_SUCCESS || errStatus != 0) { - spdlog::error("RPCException thrown with status {}", status); - throw SGXException(status, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data()); + vector keys(3); vector hexEncrKey(BUF_LEN * 2, 0); @@ -99,18 +97,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, + sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); - if (errStatus != 0) { - spdlog::error("failed to get ECDSA public key {}", status); - throw SGXException(-666, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()) - if (status != SGX_SUCCESS) { - spdlog::error("failed to get ECDSA public key {}", status); - throw SGXException(666, "failed to get ECDSA public key"); - } string pubKey = string(pubKeyX.data()) + string(pubKeyY.data()); if (pubKey.size() != 128) { @@ -182,22 +173,16 @@ vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - status = trustedEcdsaSignAES(eid, &errStatus, + sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encryptedKey.data(), decLen, hashHex, signatureR.data(), signatureS.data(), &signatureV, base); - if (errStatus != 0) { - spdlog::error("failed to sign {}", errStatus); - throw SGXException(666, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - if (status != SGX_SUCCESS) { - spdlog::error("failed to sign in enclave {}", status); - throw SGXException(666, "failed to sign"); - } signatureVector.at(0) = to_string(signatureV); + if (base == 16) { signatureVector.at(1) = "0x" + string(signatureR.data()); signatureVector.at(2) = "0x" + string(signatureS.data()); diff --git a/SEKManager.cpp b/SEKManager.cpp index d47a2ad6..4009df0c 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -59,16 +59,9 @@ void create_test_key() { string key = TEST_VALUE; - status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); - if (status != SGX_SUCCESS) { - cerr << "encrypt test key failed with status " << status << endl; - throw SGXException(status, errMsg.data()); - } + sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); - if (errStatus != 0) { - cerr << "encrypt test key failed with status " << errStatus << endl; - throw SGXException(errStatus, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); vector hexEncrKey(2 * enc_len + 1, 0); @@ -101,24 +94,14 @@ shared_ptr > check_and_set_SEK(const string &SEK) { uint32_t l = len; - status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); + sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); - if (status != SGX_SUCCESS) { - spdlog::error("trustedSetSEK_backup failed with error code {}", status); - exit(-1); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); - if (err_status != 0) { - spdlog::error("trustedSetSEK_backup failed with error status {}", status); - exit(-1); - } status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); - if (status != SGX_SUCCESS || err_status != 0) { - spdlog::error("Failed to decrypt test key"); - spdlog::error(errMsg.data()); - exit(-1); - } + + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); string test_key = TEST_VALUE; if (test_key.compare(decr_key.data()) != 0) { @@ -142,15 +125,10 @@ void gen_SEK() { spdlog::info("Generating backup key. Will be stored in backup_key.txt ... "); - status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); + sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); - if (status != SGX_SUCCESS) { - throw SGXException(status, errMsg.data()); - } + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); - if (err_status != 0) { - throw SGXException(err_status, errMsg.data()); - } if (strnlen(SEK, 33) != 32) { throw SGXException(-1, "strnlen(SEK,33) != 32"); @@ -187,7 +165,7 @@ void gen_SEK() { create_test_key(); } -void trustedSetSEK(shared_ptr hex_encrypted_SEK) { +void setSEK(shared_ptr hex_encrypted_SEK) { vector errMsg(1024, 0); int err_status = 0; @@ -200,16 +178,10 @@ void trustedSetSEK(shared_ptr hex_encrypted_SEK) { throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex"); } - status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); - if (status != SGX_SUCCESS) { - cerr << "RPCException thrown" << endl; - throw SGXException(status, errMsg.data()); - } + sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); + + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); - if (err_status != 0) { - cerr << "RPCException thrown" << endl; - throw SGXException(err_status, errMsg.data()); - } } #include "experimental/filesystem" @@ -274,7 +246,7 @@ void initSEK() { spdlog::warn("SEK was not created yet. Going to create SEK"); gen_SEK(); } else { - trustedSetSEK(encrypted_SEK_ptr); + setSEK(encrypted_SEK_ptr); } } } diff --git a/SEKManager.h b/SEKManager.h index 26e2550f..d2c86a4f 100644 --- a/SEKManager.h +++ b/SEKManager.h @@ -32,7 +32,7 @@ void gen_SEK(); #ifdef __cplusplus -void trustedSetSEK(std::shared_ptr hex_encr_SEK); +void setSEK(std::shared_ptr hex_encr_SEK); #endif #ifdef __cplusplus diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index 195ad4cf..0ea6134b 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -425,7 +425,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J pubKeysStrs.push_back(_pubKeys[i].asString()); } - string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); + string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); result["secretShare"] = s; result["SecretShare"] = s; } HANDLE_SGX_EXCEPTION(result) diff --git a/ServerInit.cpp b/ServerInit.cpp index deb592a6..a37e520d 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -81,7 +81,7 @@ void initEnclave(uint32_t _logLevel) { spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG); - status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, + sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, &updated, &eid, 0); if (status != SGX_SUCCESS) { @@ -97,6 +97,7 @@ void initEnclave(uint32_t _logLevel) { spdlog::info("Enclave created and started successfully"); status = trustedEnclaveInit(eid, _logLevel); + if (status != SGX_SUCCESS) { spdlog::error("trustedEnclaveInit failed: {}", status); exit(1); diff --git a/VERSION b/VERSION index f269cd1b..0472a57d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.0 \ No newline at end of file +1.58.1 \ No newline at end of file diff --git a/sgxwallet.c b/sgxwallet.c index 078fa411..c1258c31 100644 --- a/sgxwallet.c +++ b/sgxwallet.c @@ -37,5 +37,4 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. sgx_launch_token_t token = {0}; sgx_enclave_id_t eid; -sgx_status_t status; int updated; diff --git a/sgxwallet.h b/sgxwallet.h index 0a497448..d7944c22 100644 --- a/sgxwallet.h +++ b/sgxwallet.h @@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. extern sgx_enclave_id_t eid; extern int updated; extern sgx_launch_token_t token; -extern sgx_status_t status; #define ENCLAVE_NAME "secure_enclave.signed.so" diff --git a/testw.cpp b/testw.cpp index baf09c09..372447f8 100644 --- a/testw.cpp +++ b/testw.cpp @@ -147,9 +147,10 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes hex.data(), signatureR.data(), signatureS.data(), &signatureV, 16); + REQUIRE(status == SGX_SUCCESS); + REQUIRE(errStatus == SGX_SUCCESS); } - REQUIRE(status == SGX_SUCCESS); - REQUIRE(errStatus == SGX_SUCCESS); + } @@ -691,7 +692,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { } TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { - int errStatus = -1; + int errStatus = 0; vector errMsg(BUF_LEN, 0); uint32_t encLen; string key = SAMPLE_AES_KEY; From 0da61e570ab37115db0ae06edf0750a1356e1bff Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 14:24:35 +0300 Subject: [PATCH 05/61] SKALE-3213 --- BLSCrypto.cpp | 21 ++++++++------------- common.h | 3 +++ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index e8cf6041..b8adfe36 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -54,7 +54,7 @@ string *FqToString(libff::alt_bn128_Fq *_fq) { _fq->as_bigint().to_mpz(t); - char arr[mpz_sizeinbase(t, 10) + 2]; + SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2); mpz_get_str(arr, 10, t); mpz_clear(t); @@ -181,15 +181,11 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } - char errMsg[BUF_LEN]; - memset(errMsg, 0, BUF_LEN); + vector errMsg(BUF_LEN,0); - char xStrArg[BUF_LEN]; - char yStrArg[BUF_LEN]; - char signature[BUF_LEN]; - - memset(xStrArg, 0, BUF_LEN); - memset(yStrArg, 0, BUF_LEN); + SAFE_CHAR_BUF(xStrArg,BUF_LEN); + SAFE_CHAR_BUF(yStrArg,BUF_LEN); + SAFE_CHAR_BUF(signature,BUF_LEN); strncpy(xStrArg, xStr->c_str(), BUF_LEN); strncpy(yStrArg, yStr->c_str(), BUF_LEN); @@ -199,20 +195,19 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz size_t sz = 0; - uint8_t encryptedKey[BUF_LEN]; + SAFE_UINT8_BUF(encryptedKey,BUF_LEN); bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey); if (!result) { - cerr << "Invalid hex encrypted key" << endl; BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); } int errStatus = 0; sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey, + trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, sz, xStrArg, yStrArg, signature); - HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; diff --git a/common.h b/common.h index 0c4df324..aea7f6b7 100644 --- a/common.h +++ b/common.h @@ -76,5 +76,8 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \ } +#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); +#define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__); + #endif //SGXWALLET_COMMON_H From 393445b18654816b86e9d4306bef9b3c00c1580e Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 15:07:53 +0300 Subject: [PATCH 06/61] SKALE-3213-improve-error-handling --- BLSPrivateKeyShareSGX.cpp | 13 ++++++------- DKGCrypto.cpp | 36 ++++++++++++++++++------------------ SEKManager.cpp | 11 ++++------- 3 files changed, 28 insertions(+), 32 deletions(-) diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index 330f4783..475d03c2 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -43,9 +43,10 @@ std::string *stringFromFq(libff::alt_bn128_Fq*_fq) { _fq->as_bigint().to_mpz(t); - char arr[mpz_sizeinbase(t, 10) + 2]; + SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2); char *tmp = mpz_get_str(arr, 10, t); + mpz_clear(t); return new std::string(tmp); @@ -127,12 +128,10 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( vector errMsg(BUF_LEN, 0); - char xStrArg[BUF_LEN]; - char yStrArg[BUF_LEN]; - char signature [BUF_LEN]; + SAFE_CHAR_BUF(xStrArg,BUF_LEN) + SAFE_CHAR_BUF(yStrArg,BUF_LEN) + SAFE_CHAR_BUF(signature,BUF_LEN); - memset(xStrArg, 0, BUF_LEN); - memset(yStrArg, 0, BUF_LEN); strncpy(xStrArg, xStr->c_str(), BUF_LEN); strncpy(yStrArg, yStr->c_str(), BUF_LEN); @@ -142,7 +141,7 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( size_t sz = 0; - uint8_t encryptedKey[BUF_LEN]; + SAFE_UINT8_BUF(encryptedKey,BUF_LEN); bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 148b1013..8ace4ace 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -70,7 +70,7 @@ string ConvertToString(T field_elem, int base = 10) { field_elem.as_bigint().to_mpz(t); - char arr[mpz_sizeinbase(t, base) + 2]; + SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, base) + 2); mpz_get_str(arr, base, t); mpz_clear(t); @@ -92,7 +92,7 @@ string convertHexToDec(const string &hex_str) { return ret; } - char arr[mpz_sizeinbase(dec, 10) + 2]; + SAFE_CHAR_BUF(arr,mpz_sizeinbase(dec, 10) + 2); mpz_get_str(arr, 10, dec); ret = arr; } catch (exception &e) { @@ -134,10 +134,11 @@ string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string string gen_dkg_poly(int _t) { vector errMsg(1024, 0); int errStatus = 0; + uint32_t enc_len = 0; vector encrypted_dkg_secret(BUF_LEN, 0); - uint32_t enc_len = 0; + sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -251,19 +252,19 @@ bool verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) { vector errMsg(BUF_LEN, 0); int errStatus = 0; + uint64_t decKeyLen = 0; + int result = 0; - uint64_t decKeyLen; - uint8_t encr_key[BUF_LEN]; - memset(encr_key, 0, BUF_LEN); + SAFE_UINT8_BUF(encr_key, BUF_LEN); if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - int result; + + spdlog::debug("publicShares length is {}", char_traits::length(publicShares)); - char pshares[8193]; - memset(pshares, 0, 8193); + SAFE_CHAR_BUF(pshares,8193); strncpy(pshares, publicShares, strlen(publicShares)); sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, @@ -283,10 +284,8 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * int errStatus = 0; uint64_t decKeyLen; - uint8_t encr_bls_key[BUF_LEN]; - memset(encr_bls_key, 0, BUF_LEN); - uint8_t encr_key[BUF_LEN]; - memset(encr_key, 0, BUF_LEN); + SAFE_UINT8_BUF(encr_bls_key,BUF_LEN); + SAFE_UINT8_BUF(encr_key,BUF_LEN); if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } @@ -298,7 +297,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - char hexBLSKey[2 * BUF_LEN]; + SAFE_CHAR_BUF(hexBLSKey,2 * BUF_LEN) carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey); @@ -313,12 +312,13 @@ vector getBLSPubKey(const char *encryptedKeyHex) { int errStatus = 0; uint64_t decKeyLen; - uint8_t encrKey[BUF_LEN]; + + SAFE_UINT8_BUF(encrKey, BUF_LEN); if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - char pubKey[320]; + SAFE_CHAR_BUF(pubKey,320) sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); @@ -393,14 +393,14 @@ string decryptDHKey(const string &polyName, int ind) { vector hexEncrKey(2 * BUF_LEN, 0); uint64_t dhEncLen = 0; - uint8_t encryptedDHKey[BUF_LEN]; + SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN); if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey)) { throw SGXException(INVALID_HEX, "Invalid hexEncrKey"); } spdlog::debug("encr DH key length is {}", dhEncLen); spdlog::debug("hex encr DH key length is {}", hexEncrKeyPtr->length()); - char DHKey[ECDSA_SKEY_LEN]; + SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN); sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); diff --git a/SEKManager.cpp b/SEKManager.cpp index 4009df0c..1ba455c3 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -54,8 +54,7 @@ void create_test_key() { vector errMsg(1024, 0); uint32_t enc_len; - uint8_t encrypted_key[BUF_LEN]; - memset(encrypted_key, 0, BUF_LEN); + SAFE_UINT8_BUF(encrypted_key, BUF_LEN); string key = TEST_VALUE; @@ -120,8 +119,7 @@ void gen_SEK() { vector encrypted_SEK(1024, 0); uint32_t enc_len = 0; - char SEK[65]; - memset(SEK, 0, 65); + SAFE_CHAR_BUF(SEK,65); spdlog::info("Generating backup key. Will be stored in backup_key.txt ... "); @@ -169,10 +167,9 @@ void setSEK(shared_ptr hex_encrypted_SEK) { vector errMsg(1024, 0); int err_status = 0; - uint8_t encrypted_SEK[BUF_LEN]; - memset(encrypted_SEK, 0, BUF_LEN); + SAFE_UINT8_BUF(encrypted_SEK, BUF_LEN); - uint64_t len; + uint64_t len = 0; if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) { throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex"); From b82888f2de93a04f01315d80bc01efdeddc68216 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 15:54:02 +0300 Subject: [PATCH 07/61] SKALE-3213-error-handling --- BLSCrypto.cpp | 11 ++- BLSPrivateKeyShareSGX.cpp | 190 +++++++++++++++++++------------------- DKGCrypto.cpp | 28 ++++-- ECDSACrypto.cpp | 24 +++-- SEKManager.cpp | 21 ++--- 5 files changed, 147 insertions(+), 127 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index b8adfe36..cb047d49 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -168,15 +168,11 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz string *xStr = FqToString(&(hash_with_hint.first.X)); - if (xStr == nullptr) { - cerr << "Null xStr" << endl; - BOOST_THROW_EXCEPTION(runtime_error("Null xStr")); - } + CHECK_STATE(xStr); string *yStr = FqToString(&(hash_with_hint.first.Y)); if (yStr == nullptr) { - cerr << "Null yStr" << endl; delete xStr; BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } @@ -222,10 +218,15 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz } bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) { + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); return sign_aes(_encryptedKeyHex, _hashHex, _t, _n, _sig); } string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) { + CHECK_STATE(errStatus); + CHECK_STATE(err_string); + CHECK_STATE(_key); auto keyArray = make_shared>(BUF_LEN, 0); auto encryptedKey = make_shared>(BUF_LEN, 0); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index 475d03c2..f6b72a84 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -37,152 +37,152 @@ #include "BLSPrivateKeyShareSGX.h" -std::string *stringFromFq(libff::alt_bn128_Fq*_fq) { - mpz_t t; - mpz_init(t); +string *stringFromFq(libff::alt_bn128_Fq *_fq) { - _fq->as_bigint().to_mpz(t); + CHECK_STATE(_fq); - SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2); + mpz_t t; + mpz_init(t); - char *tmp = mpz_get_str(arr, 10, t); + _fq->as_bigint().to_mpz(t); - mpz_clear(t); + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2); - return new std::string(tmp); + char *tmp = mpz_get_str(arr, 10, t); + + mpz_clear(t); + + return new string(tmp); } -std::string *stringFromG1(libff::alt_bn128_G1 *_g1) { - auto sX = stringFromFq(&_g1->X); - auto sY = stringFromFq(&_g1->Y); - auto sZ = stringFromFq(&_g1->Z); +string *stringFromG1(libff::alt_bn128_G1 *_g1) { + + CHECK_STATE(_g1); + + auto sX = stringFromFq(&_g1->X); + auto sY = stringFromFq(&_g1->Y); + auto sZ = stringFromFq(&_g1->Z); - auto sG1 = new std::string(*sX + ":" + *sY + ":" + *sZ); + auto sG1 = new string(*sX + ":" + *sY + ":" + *sZ); - delete(sX); - delete(sY); - delete(sZ); + delete (sX); + delete (sY); + delete (sZ); - return sG1; + return sG1; } BLSPrivateKeyShareSGX::BLSPrivateKeyShareSGX( - shared_ptr _encryptedKeyHex, size_t _requiredSigners, - size_t _totalSigners) { - requiredSigners = _requiredSigners; - totalSigners = _totalSigners; + shared_ptr _encryptedKeyHex, size_t _requiredSigners, + size_t _totalSigners) { + requiredSigners = _requiredSigners; + totalSigners = _totalSigners; - if (requiredSigners > totalSigners) { - throw std::invalid_argument("requiredSigners > totalSigners"); - } + if (requiredSigners > totalSigners) { + throw invalid_argument("requiredSigners > totalSigners"); + } - if (totalSigners == 0) { - throw std::invalid_argument("totalSigners == 0"); - } + if (totalSigners == 0) { + throw invalid_argument("totalSigners == 0"); + } - if (_encryptedKeyHex == nullptr) { - throw std::invalid_argument("Null key"); - } + if (_encryptedKeyHex == nullptr) { + throw invalid_argument("Null key"); + } - if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) { - throw std::invalid_argument("Encrypted key size too long"); - } + if (_encryptedKeyHex->size() > 2 * MAX_ENCRYPTED_KEY_LENGTH) { + throw invalid_argument("Encrypted key size too long"); + } - encryptedKeyHex = _encryptedKeyHex; + encryptedKeyHex = _encryptedKeyHex; } -std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr( - std::shared_ptr> hash_byte_arr, - size_t _signerIndex) { - shared_ptr obj; +string BLSPrivateKeyShareSGX::signWithHelperSGXstr( + shared_ptr > hash_byte_arr, + size_t _signerIndex) { + shared_ptr obj; - if (hash_byte_arr == nullptr) { - std::cerr << "Hash is null" << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("Hash is null")); - } + CHECK_STATE(hash_byte_arr) - obj = make_shared( - signatures::Bls(requiredSigners, totalSigners)); + obj = make_shared( + signatures::Bls(requiredSigners, totalSigners)); - std::pair hash_with_hint = - obj->HashtoG1withHint(hash_byte_arr); + pair hash_with_hint = + obj->HashtoG1withHint(hash_byte_arr); - int errStatus = 0; + int errStatus = 0; - string* xStr = stringFromFq(&(hash_with_hint.first.X)); + string *xStr = stringFromFq(&(hash_with_hint.first.X)); - if (xStr == nullptr) { - std::cerr << "Null xStr" << std::endl; - BOOST_THROW_EXCEPTION(runtime_error("Null xStr")); - } + CHECK_STATE(xStr); - string* yStr = stringFromFq(&(hash_with_hint.first.Y)); + string *yStr = stringFromFq(&(hash_with_hint.first.Y)); - if (yStr == nullptr) { - std::cerr << "Null yStr" << std::endl; - delete xStr; - BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); - } + if (yStr == nullptr) { + delete xStr; + BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); + } - vector errMsg(BUF_LEN, 0); + vector errMsg(BUF_LEN, 0); - SAFE_CHAR_BUF(xStrArg,BUF_LEN) - SAFE_CHAR_BUF(yStrArg,BUF_LEN) - SAFE_CHAR_BUF(signature,BUF_LEN); + SAFE_CHAR_BUF(xStrArg, BUF_LEN)SAFE_CHAR_BUF(yStrArg, BUF_LEN)SAFE_CHAR_BUF(signature, BUF_LEN); - strncpy(xStrArg, xStr->c_str(), BUF_LEN); - strncpy(yStrArg, yStr->c_str(), BUF_LEN); + strncpy(xStrArg, xStr->c_str(), BUF_LEN); + strncpy(yStrArg, yStr->c_str(), BUF_LEN); - delete xStr; - delete yStr; + delete xStr; + delete yStr; - size_t sz = 0; + size_t sz = 0; - SAFE_UINT8_BUF(encryptedKey,BUF_LEN); + SAFE_UINT8_BUF(encryptedKey, BUF_LEN); - bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); + bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); - if (!result) { - spdlog::error("Invalid hex encrypted key"); - BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); - } + if (!result) { + spdlog::error("Invalid hex encrypted key"); + BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); + } - sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, - encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); + sgx_status_t status = + trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); - HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data() ); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - int sigLen; + int sigLen; - if ((sigLen = strnlen(signature, 10)) < 10) { - BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen))); - } + if ((sigLen = strnlen(signature, 10)) < 10) { + BOOST_THROW_EXCEPTION(runtime_error("Signature is too short:" + to_string(sigLen))); + } - std::string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + - hash_with_hint.second; + string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + + hash_with_hint.second; - std::string sig = signature; + string sig = signature; - sig.append(":"); - sig.append(hint); + sig.append(":"); + sig.append(hint); - return sig; + return sig; } -std::shared_ptr BLSPrivateKeyShareSGX::signWithHelperSGX( - std::shared_ptr> hash_byte_arr, - size_t _signerIndex) { - std::string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex); +shared_ptr BLSPrivateKeyShareSGX::signWithHelperSGX( + shared_ptr > hash_byte_arr, + size_t _signerIndex) { + + CHECK_STATE(hash_byte_arr); + + string signature = signWithHelperSGXstr(hash_byte_arr, _signerIndex); - auto sig = make_shared(signature); + auto sig = make_shared(signature); - std::shared_ptr s = std::make_shared(sig, _signerIndex, requiredSigners, - totalSigners); + shared_ptr s = make_shared(sig, _signerIndex, requiredSigners, + totalSigners); - return s; + return s; } diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 8ace4ace..a84da285 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -44,6 +44,7 @@ vector splitString(const char *coeffs, const char symbol) { + CHECK_STATE(coeffs); string str(coeffs); string delim; delim.push_back(symbol); @@ -132,7 +133,7 @@ string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string } string gen_dkg_poly(int _t) { - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; uint32_t enc_len = 0; @@ -154,12 +155,13 @@ string gen_dkg_poly(int _t) { } vector > get_verif_vect(const char *encryptedPolyHex, int t, int n) { + + CHECK_STATE(encryptedPolyHex); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - spdlog::debug("got encr poly size {}", char_traits::length(encryptedPolyHex)); - vector pubShares(10000, 0); uint64_t encLen = 0; @@ -190,6 +192,9 @@ string getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, int _t, int _n) { + + CHECK_STATE(_encryptedPolyHex); + vector hexEncrKey(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); int errStatus = 0; @@ -250,6 +255,11 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve bool verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) { + + CHECK_STATE(publicShares); + CHECK_STATE(encr_sshare); + CHECK_STATE(encryptedKeyHex); + vector errMsg(BUF_LEN, 0); int errStatus = 0; uint64_t decKeyLen = 0; @@ -260,10 +270,6 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - - - spdlog::debug("publicShares length is {}", char_traits::length(publicShares)); - SAFE_CHAR_BUF(pshares,8193); strncpy(pshares, publicShares, strlen(publicShares)); @@ -280,6 +286,9 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) { + CHECK_STATE(s_shares); + CHECK_STATE(encryptedKeyHex); + vector errMsg(BUF_LEN,0); int errStatus = 0; @@ -308,6 +317,9 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * } vector getBLSPubKey(const char *encryptedKeyHex) { + + CHECK_STATE(encryptedKeyHex); + vector errMsg1(BUF_LEN, 0); int errStatus = 0; @@ -382,7 +394,7 @@ vector calculateAllBlsPublicKeys(const vector &public_shares) } string decryptDHKey(const string &polyName, int ind) { - vector errMsg1(1024, 0); + vector errMsg1(BUF_LEN, 0); int errStatus = 0; string DH_key_name = polyName + "_" + to_string(ind) + ":"; diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 6ea53c11..c37f9967 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -48,11 +48,11 @@ void fillRandomBuffer(vector &_buffer) { } vector genECDSAKey() { - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encr_pr_key(1024, 0); - vector pub_key_x(1024, 0); - vector pub_key_y(1024, 0); + vector encr_pr_key(BUF_LEN, 0); + vector pub_key_x(BUF_LEN, 0); + vector pub_key_y(BUF_LEN, 0); uint32_t enc_len = 0; @@ -114,6 +114,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, const char *signatureS, int base) { + + CHECK_STATE(hashHex) + CHECK_STATE(signatureR) + CHECK_STATE(signatureS) + auto x = pubKeyStr.substr(0, 64); auto y = pubKeyStr.substr(64, 128); @@ -157,13 +162,16 @@ bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur } vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *hashHex, int base) { + + CHECK_STATE(hashHex); + vector signatureVector(3); - vector errMsg(1024, 0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector signatureR(1024, 0); - vector signatureS(1024, 0); - vector encryptedKey(1024, 0); + vector signatureR(BUF_LEN, 0); + vector signatureS(BUF_LEN, 0); + vector encryptedKey(BUF_LEN, 0); uint8_t signatureV = 0; uint64_t decLen = 0; diff --git a/SEKManager.cpp b/SEKManager.cpp index 1ba455c3..82327f30 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -66,12 +66,6 @@ void create_test_key() { carray2Hex(encrypted_key, enc_len, hexEncrKey.data()); - uint64_t test_len; - vector test_encr_key(1024, 0); - if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) { - cerr << "wrong encrypted test key" << endl; - } - LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data()); } @@ -80,8 +74,9 @@ shared_ptr > check_and_set_SEK(const string &SEK) { shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); vector encr_test_key(BUF_LEN, 0); uint64_t len; + if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) { - spdlog::error("wrong test key"); + spdlog::error("Corrupt test key is LevelDB"); exit(-1); } @@ -97,14 +92,16 @@ shared_ptr > check_and_set_SEK(const string &SEK) { HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); - status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); string test_key = TEST_VALUE; + if (test_key.compare(decr_key.data()) != 0) { - spdlog::error("Invalid SEK"); + spdlog::error("Invalid storage key. You need to recover using backup key"); + spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt"); + spdlog::error("Then run sgxwallet using backup flag"); exit(-1); } @@ -119,7 +116,7 @@ void gen_SEK() { vector encrypted_SEK(1024, 0); uint32_t enc_len = 0; - SAFE_CHAR_BUF(SEK,65); + SAFE_CHAR_BUF(SEK, 65); spdlog::info("Generating backup key. Will be stored in backup_key.txt ... "); @@ -164,6 +161,9 @@ void gen_SEK() { } void setSEK(shared_ptr hex_encrypted_SEK) { + + CHECK_STATE(hex_encrypted_SEK); + vector errMsg(1024, 0); int err_status = 0; @@ -187,7 +187,6 @@ void setSEK(shared_ptr hex_encrypted_SEK) { void enter_SEK() { - shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); if (test_key_ptr == nullptr) { spdlog::error("Error: corrupt or empty LevelDB database"); From 133c1e80e6c39e62f7bbfe18e5ff894c1c49a502 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 3 Sep 2020 18:47:05 +0300 Subject: [PATCH 08/61] SKALE-3222-clean-memory-sanitizer-warnings --- BLSCrypto.cpp | 63 +++++++++++++++++++++++---------------- BLSCrypto.h | 9 ++---- BLSPrivateKeyShareSGX.cpp | 3 +- DKGCrypto.cpp | 27 +++++++++-------- ECDSACrypto.cpp | 13 ++++---- SEKManager.cpp | 13 ++++---- TestUtils.cpp | 5 ++-- common.h | 17 +++++++++++ testw.cpp | 2 +- 9 files changed, 94 insertions(+), 58 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index cb047d49..3da541bf 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -49,6 +49,9 @@ string *FqToString(libff::alt_bn128_Fq *_fq) { + + CHECK_STATE(_fq); + mpz_t t; mpz_init(t); @@ -72,10 +75,17 @@ int char2int(char _input) { return -1; } -void carray2Hex(const unsigned char *d, int _len, char *_hexArray) { +void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray, + uint64_t _hexArrayLen) { + + CHECK_STATE(d); + CHECK_STATE(_hexArray); + char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; + CHECK_STATE(_hexArrayLen > 2 * _len); + for (int j = 0; j < _len; j++) { _hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)]; _hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F]; @@ -84,31 +94,23 @@ void carray2Hex(const unsigned char *d, int _len, char *_hexArray) { _hexArray[_len * 2] = 0; } -bool hex2carray(const char *_hex, uint64_t *_bin_len, uint8_t *_bin) { - int len = strnlen(_hex, 2 * BUF_LEN); - if (len == 0 && len % 2 == 1) - return false; - *_bin_len = len / 2; +bool hex2carray(const char *_hex, uint64_t *_bin_len, + uint8_t *_bin, uint64_t _max_length) { - for (int i = 0; i < len / 2; i++) { - int high = char2int((char) _hex[i * 2]); - int low = char2int((char) _hex[i * 2 + 1]); - if (high < 0 || low < 0) { - return false; - } + CHECK_STATE(_hex); + CHECK_STATE(_bin); + CHECK_STATE(_bin_len) - _bin[i] = (unsigned char) (high * 16 + low); - } - return true; -} + int len = strnlen(_hex, 2 * _max_length + 1); + + CHECK_STATE(len != 2 * _max_length + 1); + + CHECK_STATE(len <= 2 * _max_length ); -bool hex2carray2(const char *_hex, uint64_t *_bin_len, - uint8_t *_bin, const int _max_length) { - int len = strnlen(_hex, _max_length); if (len == 0 && len % 2 == 1) return false; @@ -131,13 +133,19 @@ bool hex2carray2(const char *_hex, uint64_t *_bin_len, bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex, char *_sig) { + + + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); + CHECK_STATE(_sig); + auto keyStr = make_shared(_encryptedKeyHex); auto hash = make_shared>(); uint64_t binLen; - if (!hex2carray(_hashHex, &binLen, hash->data())) { + if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -153,11 +161,16 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t } bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) { + + CHECK_STATE(_encryptedKeyHex); + CHECK_STATE(_hashHex); + CHECK_STATE(_sig); + auto hash = make_shared>(); uint64_t binLen; - if (!hex2carray(_hashHex, &binLen, hash->data())) { + if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -193,7 +206,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz SAFE_UINT8_BUF(encryptedKey,BUF_LEN); - bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey); + bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN); if (!result) { BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); @@ -240,9 +253,9 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); - string result(2 * BUF_LEN, '\0'); + SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1); - carray2Hex(encryptedKey->data(), encryptedLen, &result.front()); + carray2Hex(encryptedKey->data(), encryptedLen, resultBuf, 2 * BUF_LEN + 1); - return result; + return string(resultBuf); } diff --git a/BLSCrypto.h b/BLSCrypto.h index 15bedec1..102fe992 100644 --- a/BLSCrypto.h +++ b/BLSCrypto.h @@ -38,13 +38,10 @@ EXTERNC bool bls_sign(const char* encryptedKeyHex, const char* hashHex, size_t t EXTERNC int char2int(char _input); -EXTERNC void carray2Hex(const unsigned char *d, int _len, char* _hexArray); +EXTERNC void carray2Hex(const unsigned char *d, uint64_t , char* _hexArray, + uint64_t _hexArrayLen); EXTERNC bool hex2carray(const char * _hex, uint64_t *_bin_len, - uint8_t* _bin ); -EXTERNC bool hex2carray2(const char * _hex, uint64_t *_bin_len, - uint8_t* _bin, const int _max_length ); - - + uint8_t* _bin, uint64_t _max_length ); std::string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index f6b72a84..be556b87 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -140,7 +140,8 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr( SAFE_UINT8_BUF(encryptedKey, BUF_LEN); - bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey); + bool result = hex2carray(encryptedKeyHex->c_str(), &sz, encryptedKey, + BUF_LEN); if (!result) { spdlog::error("Invalid hex encrypted key"); diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index a84da285..65315490 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -146,9 +146,9 @@ string gen_dkg_poly(int _t) { uint64_t length = enc_len;; - vector hexEncrPoly(2 * length + 1, 0); + vector hexEncrPoly(BUF_LEN, 0); CHECK_STATE(encrypted_dkg_secret.size() >= length); - carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data()); + carray2Hex(encrypted_dkg_secret.data(), length, hexEncrPoly.data(), BUF_LEN); string result(hexEncrPoly.data()); return result; @@ -168,7 +168,7 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int vector encrDKGPoly(2 * BUF_LEN, 0); - if (!hex2carray2(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { + if (!hex2carray(encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } @@ -197,12 +197,13 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve vector hexEncrKey(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); + vector encrDKGPoly(BUF_LEN, 0); int errStatus = 0; uint64_t encLen = 0; - vector encrDKGPoly(BUF_LEN, 0); - if (!hex2carray2(_encryptedPolyHex, &encLen, encrDKGPoly.data(), 6100)) { + + if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } @@ -234,7 +235,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve result += string(currentShare.data()); spdlog::debug("dec len is {}", decLen); - carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data()); + carray2Hex(encryptedSkey.data(), decLen, hexEncrKey.data(), BUF_LEN); string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":"; spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data()); @@ -266,7 +267,7 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr int result = 0; SAFE_UINT8_BUF(encr_key, BUF_LEN); - if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { + if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } @@ -295,7 +296,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * uint64_t decKeyLen; SAFE_UINT8_BUF(encr_bls_key,BUF_LEN); SAFE_UINT8_BUF(encr_key,BUF_LEN); - if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key)) { + if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } @@ -308,7 +309,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * SAFE_CHAR_BUF(hexBLSKey,2 * BUF_LEN) - carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey); + carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN); SGXWalletServer::writeDataToDB(blsKeyName, hexBLSKey); @@ -321,12 +322,12 @@ vector getBLSPubKey(const char *encryptedKeyHex) { CHECK_STATE(encryptedKeyHex); vector errMsg1(BUF_LEN, 0); - int errStatus = 0; - uint64_t decKeyLen; + int errStatus = 0; + uint64_t decKeyLen = 0; SAFE_UINT8_BUF(encrKey, BUF_LEN); - if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey)) { + if (!hex2carray(encryptedKeyHex, &decKeyLen, encrKey, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } @@ -406,7 +407,7 @@ string decryptDHKey(const string &polyName, int ind) { uint64_t dhEncLen = 0; SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN); - if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey)) { + if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid hexEncrKey"); } spdlog::debug("encr DH key length is {}", dhEncLen); diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index c37f9967..dc8229d1 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -66,16 +66,17 @@ vector genECDSAKey() { vector hexEncrKey(BUF_LEN * 2, 0); - carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); + carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data(), + BUF_LEN * 2); keys.at(0) = hexEncrKey.data(); keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); vector randBuffer(32, 0); fillRandomBuffer(randBuffer); - vector rand_str(64, 0); + vector rand_str(BUF_LEN, 0); - carray2Hex(randBuffer.data(), 32, rand_str.data()); + carray2Hex(randBuffer.data(), 32, rand_str.data(), BUF_LEN); keys.at(2) = rand_str.data(); @@ -93,7 +94,8 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { int errStatus = 0; uint64_t enc_len = 0; - if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data())) { + if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data(), + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } @@ -177,7 +179,8 @@ vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha string pubKeyStr = ""; - if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data())) { + if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data(), + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } diff --git a/SEKManager.cpp b/SEKManager.cpp index 82327f30..d39fa15a 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -64,7 +64,7 @@ void create_test_key() { vector hexEncrKey(2 * enc_len + 1, 0); - carray2Hex(encrypted_key, enc_len, hexEncrKey.data()); + carray2Hex(encrypted_key, enc_len, hexEncrKey.data(), 2 * enc_len + 1); LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data()); } @@ -75,7 +75,8 @@ shared_ptr > check_and_set_SEK(const string &SEK) { vector encr_test_key(BUF_LEN, 0); uint64_t len; - if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) { + if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(), + BUF_LEN)) { spdlog::error("Corrupt test key is LevelDB"); exit(-1); } @@ -131,7 +132,7 @@ void gen_SEK() { vector hexEncrKey(2 * enc_len + 1, 0); - carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data()); + carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data(), 2 * enc_len + 1); ofstream sek_file(BACKUP_PATH); sek_file.clear(); @@ -171,7 +172,8 @@ void setSEK(shared_ptr hex_encrypted_SEK) { uint64_t len = 0; - if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) { + if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK, + BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex"); } @@ -219,7 +221,8 @@ void enter_SEK() { vector hexEncrKey(BUF_LEN, 0); - carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data()); + carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data(), + BUF_LEN); spdlog::info("Got sealed storage encryption key."); diff --git a/TestUtils.cpp b/TestUtils.cpp index f12479f7..12771b8a 100644 --- a/TestUtils.cpp +++ b/TestUtils.cpp @@ -32,6 +32,7 @@ #include "third_party/intel/create_enclave.h" #include "secure_enclave_u.h" #include "third_party/intel/sgx_detect.h" +#include "third_party/spdlog/spdlog.h" #include #include #include @@ -218,7 +219,7 @@ void TestUtils::sendRPCRequest() { auto hash_arr = make_shared < array < uint8_t, 32 >> (); uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -351,7 +352,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t, auto hash_arr = make_shared>(); uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } diff --git a/common.h b/common.h index aea7f6b7..4d5dc6f2 100644 --- a/common.h +++ b/common.h @@ -52,9 +52,26 @@ inline std::string className(const std::string &prettyFunction) { #define __CLASS_NAME__ className( __PRETTY_FUNCTION__ ) +#include + +inline void print_stack() { + void *array[10]; + size_t size; + + // get void*'s for all entries on the stack + size = backtrace(array, 10); + + // print out all the frames to stderr + fprintf(stderr, "Error: signal \n"); + backtrace_symbols_fd(array, size, STDERR_FILENO); + exit(1); +} + + #define CHECK_STATE(_EXPRESSION_) \ if (!(_EXPRESSION_)) { \ auto __msg__ = std::string("State check failed::") + #_EXPRESSION_ + " " + std::string(__FILE__) + ":" + std::to_string(__LINE__); \ + print_stack(); \ throw InvalidStateException(__msg__, __CLASS_NAME__);} diff --git a/testw.cpp b/testw.cpp index 372447f8..f3730b44 100644 --- a/testw.cpp +++ b/testw.cpp @@ -649,7 +649,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { uint64_t binLen; - if (!hex2carray(hash.c_str(), &binLen, hash_arr->data())) { + if (!hex2carray(hash.c_str(), &binLen, hash_arr->data(), 32)) { throw SGXException(INVALID_HEX, "Invalid hash"); } From b4a5fc328a2a423429e9fb60832fd5f2b5395ea0 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 4 Sep 2020 16:47:12 +0300 Subject: [PATCH 09/61] SKALE-3228 --- SGXWalletServer.cpp | 1 + testw.cpp | 97 +++++++++++++++++++++++++++++---------------- 2 files changed, 64 insertions(+), 34 deletions(-) diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index 0ea6134b..a1d93756 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -243,6 +243,7 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin } value = readFromDb(_keyShareName); + if (!bls_sign(value->c_str(), _messageHash.c_str(), t, n, signature.data())) { throw SGXException(-1, "Could not sign data "); } diff --git a/testw.cpp b/testw.cpp index f3730b44..48994d01 100644 --- a/testw.cpp +++ b/testw.cpp @@ -98,7 +98,7 @@ class TestFixtureHTTPS { class TestFixtureNoResetFromBackup { public: TestFixtureNoResetFromBackup() { - setFullOptions(L_INFO, false, true, true ); + setFullOptions(L_INFO, false, true, true); initAll(L_INFO, false, true); } @@ -123,7 +123,7 @@ class TestFixtureNoReset { TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes-key-sig-gen]") { vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encrPrivKey(BUF_LEN, 0); + vector encrPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); @@ -141,7 +141,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes uint8_t signatureV = 0; - for (int i=0; i < 50; i++) { + for (int i = 0; i < 50; i++) { PRINT_SRC_LINE status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, hex.data(), @@ -157,7 +157,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { vector errMsg(BUF_LEN, 0); int errStatus = 0; - vector encrPrivKey(BUF_LEN, 0); + vector encrPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); uint32_t encLen = 0; @@ -174,7 +174,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-key]") { int errStatus = 0; vector errMsg(BUF_LEN, 0); - vector encPrivKey(BUF_LEN, 0); + vector encPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); uint32_t encLen = 0; @@ -260,8 +260,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA key gen API", "[ecdsa-key-gen-api]") { auto keyName = genECDSAKeyAPI(c); -Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH); - + Json::Value sig = c.ecdsaSignMessageHash(10, keyName, SAMPLE_HASH); for (int i = 0; i <= 20; i++) { @@ -288,7 +287,7 @@ TEST_CASE_METHOD(TestFixture, "BLS key encrypt", "[bls-key-encrypt]") { TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); vector errMsg(BUF_LEN, 0); int errStatus = 0; @@ -310,9 +309,8 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { } - TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares]") { - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); vector errMsg(BUF_LEN, 0); int errStatus = 0; @@ -334,10 +332,10 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); - vector g2Strings = splitString(pubShares.data(), ','); - vector pubSharesG2; + vector g2Strings = splitString(pubShares.data(), ','); + vector pubSharesG2; for (u_int64_t i = 0; i < g2Strings.size(); i++) { - vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); + vector coeffStr = splitString(g2Strings.at(i).c_str(), ':'); pubSharesG2.push_back(TestUtils::vectStringToG2(coeffStr)); } @@ -351,8 +349,8 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares signatures::Dkg dkgObj(t, n); - vector poly = TestUtils::splitStringToFr(secret.data(), colon); - vector pubSharesDkg = dkgObj.VerificationVector(poly); + vector poly = TestUtils::splitStringToFr(secret.data(), colon); + vector pubSharesDkg = dkgObj.VerificationVector(poly); for (uint32_t i = 0; i < pubSharesDkg.size(); i++) { libff::alt_bn128_G2 el = pubSharesDkg.at(i); el.to_affine_coordinates(); @@ -367,7 +365,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- int errStatus = 0; uint32_t encLen = 0; - vector encryptedDKGSecret(BUF_LEN, 0); + vector encryptedDKGSecret(BUF_LEN, 0); PRINT_SRC_LINE auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2); REQUIRE(status == SGX_SUCCESS); @@ -380,7 +378,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); - vector encrPRDHKey(BUF_LEN, 0); + vector encrPRDHKey(BUF_LEN, 0); string pub_keyB = SAMPLE_PUBLIC_KEY_B; @@ -420,8 +418,8 @@ TEST_CASE_METHOD(TestFixture, "DKG_BLS test", "[dkg-bls]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); - vector ecdsaKeyNames; - vector blsKeyNames; + vector ecdsaKeyNames; + vector blsKeyNames; int schainID = TestUtils::randGen(); int dkgID = TestUtils::randGen(); @@ -441,7 +439,8 @@ TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); std::string name = "BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0"; - libff::alt_bn128_Fr key = libff::alt_bn128_Fr("6507625568967977077291849236396320012317305261598035438182864059942098934847"); + libff::alt_bn128_Fr key = libff::alt_bn128_Fr( + "6507625568967977077291849236396320012317305261598035438182864059942098934847"); std::string key_str = TestUtils::stringFromFr(key); PRINT_SRC_LINE c.importBLSKeyShare(key_str, name); @@ -474,7 +473,6 @@ TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") { } - TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") { PRINT_SRC_LINE @@ -588,8 +586,8 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { Json::Value secretShares[n]; Json::Value pubBLSKeys[n]; Json::Value blsSigShares[n]; - vector pubShares(n); - vector polyNames(n); + vector pubShares(n); + vector polyNames(n); int schainID = TestUtils::randGen(); int dkgID = TestUtils::randGen(); @@ -624,7 +622,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { } int k = 0; - vector secShares(n); + vector secShares(n); for (int i = 0; i < n; i++) for (int j = 0; j < n; j++) { @@ -645,7 +643,8 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { string hash = SAMPLE_HASH; - auto hash_arr = make_shared>(); + auto hash_arr = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; @@ -653,7 +652,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { throw SGXException(INVALID_HEX, "Invalid hash"); } - map> coeffs_pkeys_map; + map > coeffs_pkeys_map; for (int i = 0; i < t; i++) { string endName = polyNames[i].substr(4); @@ -670,24 +669,25 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { blsSigShares[i] = c.blsSignMessageHash(blsName, hash, t, n); REQUIRE(blsSigShares[i]["status"] == 0); - shared_ptr sig_share_ptr = make_shared(blsSigShares[i]["signatureShare"].asString()); + shared_ptr sig_share_ptr = make_shared(blsSigShares[i]["signatureShare"].asString()); BLSSigShare sig(sig_share_ptr, i + 1, t, n); sigShareSet.addSigShare(make_shared(sig)); - vector pubKey_vect; + vector pubKey_vect; for (uint8_t j = 0; j < 4; j++) { pubKey_vect.push_back(pubBLSKeys[i]["blsPublicKeyShare"][j].asString()); } - BLSPublicKeyShare pubKey(make_shared>(pubKey_vect), t, n); + BLSPublicKeyShare pubKey(make_shared < vector < string >> (pubKey_vect), t, n); PRINT_SRC_LINE REQUIRE(pubKey.VerifySigWithHelper(hash_arr, make_shared(sig), t, n)); coeffs_pkeys_map[i + 1] = make_shared(pubKey); } - shared_ptr commonSig = sigShareSet.merge(); - BLSPublicKey common_public(make_shared>>(coeffs_pkeys_map), t, - n); + shared_ptr commonSig = sigShareSet.merge(); + BLSPublicKey + common_public(make_shared < map < size_t, shared_ptr < BLSPublicKeyShare >>>(coeffs_pkeys_map), t, + n); REQUIRE(common_public.VerifySigWithHelper(hash_arr, commonSig, t, n)); } @@ -696,7 +696,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { vector errMsg(BUF_LEN, 0); uint32_t encLen; string key = SAMPLE_AES_KEY; - vector encrypted_key(BUF_LEN, 0); + vector encrypted_key(BUF_LEN, 0); PRINT_SRC_LINE auto status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); @@ -715,7 +715,7 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypto]") { - vector threads; + vector threads; int num_threads = 4; for (int i = 0; i < num_threads; i++) { threads.push_back(thread(TestUtils::sendRPCRequest)); @@ -727,10 +727,39 @@ TEST_CASE_METHOD(TestFixture, "Many threads ecdsa dkg bls", "[many-threads-crypt } TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") { + + HttpClient client(RPC_ENDPOINT); + StubClient c(client, JSONRPC_CLIENT_V2); + try { + PRINT_SRC_LINE + auto keyName = genECDSAKeyAPI(c); + PRINT_SRC_LINE + } catch (JsonRpcException & e) + { + cerr << e.what() << endl; + throw; + } + + } TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") { + + HttpClient client(RPC_ENDPOINT); + StubClient c(client, JSONRPC_CLIENT_V2); + try { + PRINT_SRC_LINE + string keyName = "haha"; + Json::Value sig = c.ecdsaSignMessageHash(16, keyName, SAMPLE_HASH); + REQUIRE(sig["status"].asInt() == 0); + Json::Value getPubKey = c.getPublicECDSAKey(keyName); + REQUIRE(getPubKey["status"].asInt() == 0); + } catch (JsonRpcException &e) { + cerr << e.what() << endl; + throw; + } } + TEST_CASE_METHOD(TestFixtureNoResetFromBackup, "Backup restore", "[backup-restore]") { } From 0ee1256d1fb7aa1c2ee3384c08589b7702050a05 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 4 Sep 2020 17:01:05 +0300 Subject: [PATCH 10/61] SKALE-3228 --- testw.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/testw.cpp b/testw.cpp index 48994d01..5b0c7cd6 100644 --- a/testw.cpp +++ b/testw.cpp @@ -733,6 +733,9 @@ TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") { try { PRINT_SRC_LINE auto keyName = genECDSAKeyAPI(c); + ofstream namefile("/tmp/keyname"); + namefile << keyName; + PRINT_SRC_LINE } catch (JsonRpcException & e) { @@ -749,7 +752,10 @@ TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") { StubClient c(client, JSONRPC_CLIENT_V2); try { PRINT_SRC_LINE - string keyName = "haha"; + string keyName; + ifstream namefile("/tmp/keyname"); + getline(namefile, keyName); + Json::Value sig = c.ecdsaSignMessageHash(16, keyName, SAMPLE_HASH); REQUIRE(sig["status"].asInt() == 0); Json::Value getPubKey = c.getPublicECDSAKey(keyName); From 8a524e3a463b41bd6a2ff267c422df24fa9d5207 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 4 Sep 2020 17:37:59 +0300 Subject: [PATCH 11/61] SKALE-3228 --- SEKManager.cpp | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/SEKManager.cpp b/SEKManager.cpp index d39fa15a..e17aed15 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -71,28 +71,34 @@ void create_test_key() { shared_ptr > check_and_set_SEK(const string &SEK) { - shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); - vector encr_test_key(BUF_LEN, 0); - uint64_t len; - if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(), - BUF_LEN)) { - spdlog::error("Corrupt test key is LevelDB"); - exit(-1); - } + vector decr_key(BUF_LEN, 0); + vector errMsg(BUF_LEN, 0); - vector decr_key(1024, 0); - vector errMsg(1024, 0); int err_status = 0; - auto encrypted_SEK = make_shared < vector < uint8_t >> (1024, 0); + auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0); - uint32_t l = len; + uint32_t l = 0; sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); + encrypted_SEK->resize(l); + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + + shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); + vector encr_test_key(BUF_LEN, 0); + + uint64_t len = 0; + + if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(), + BUF_LEN)) { + spdlog::error("Corrupt test key is LevelDB"); + exit(-1); + } + status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); @@ -106,8 +112,6 @@ shared_ptr > check_and_set_SEK(const string &SEK) { exit(-1); } - encrypted_SEK->resize(l); - return encrypted_SEK; } @@ -181,6 +185,7 @@ void setSEK(shared_ptr hex_encrypted_SEK) { HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + } #include "experimental/filesystem" From db1f7bd9b2a7eeccd907016d2ad8aff999edbf64 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 4 Sep 2020 19:12:12 +0300 Subject: [PATCH 12/61] SKALE-3228 --- SEKManager.cpp | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/SEKManager.cpp b/SEKManager.cpp index e17aed15..711b2915 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -70,36 +70,23 @@ void create_test_key() { } -shared_ptr > check_and_set_SEK(const string &SEK) { +void validate_SEK() { + shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); + vector encr_test_key(BUF_LEN, 0); vector decr_key(BUF_LEN, 0); + uint64_t len = 0; vector errMsg(BUF_LEN, 0); int err_status = 0; - auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0); - - uint32_t l = 0; - - sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); - - encrypted_SEK->resize(l); - - HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); - - - shared_ptr test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY"); - vector encr_test_key(BUF_LEN, 0); - - uint64_t len = 0; - if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(), BUF_LEN)) { spdlog::error("Corrupt test key is LevelDB"); exit(-1); } - status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); + sgx_status_t status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); @@ -111,6 +98,27 @@ shared_ptr > check_and_set_SEK(const string &SEK) { spdlog::error("Then run sgxwallet using backup flag"); exit(-1); } +} + + +shared_ptr > check_and_set_SEK(const string &SEK) { + + vector decr_key(BUF_LEN, 0); + vector errMsg(BUF_LEN, 0); + int err_status = 0; + + auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0); + + uint32_t l = 0; + + sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, + SEK.c_str()); + + encrypted_SEK->resize(l); + + HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + + validate_SEK(); return encrypted_SEK; } @@ -163,6 +171,8 @@ void gen_SEK() { LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data()); create_test_key(); + + validate_SEK(); } void setSEK(shared_ptr hex_encrypted_SEK) { @@ -185,6 +195,7 @@ void setSEK(shared_ptr hex_encrypted_SEK) { HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + validate_SEK(); } From 788f07de7e97a68512193a9530b63cb14b2ac927 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 4 Sep 2020 19:28:31 +0300 Subject: [PATCH 13/61] SKALE-3228 --- SEKManager.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/SEKManager.cpp b/SEKManager.cpp index 711b2915..f73b7c62 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -146,6 +146,8 @@ void gen_SEK() { carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data(), 2 * enc_len + 1); + spdlog::info(string("Encrypted storage encryption key:") + hexEncrKey.data()); + ofstream sek_file(BACKUP_PATH); sek_file.clear(); @@ -173,6 +175,13 @@ void gen_SEK() { create_test_key(); validate_SEK(); + + shared_ptr encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK"); + + setSEK(encrypted_SEK_ptr); + + validate_SEK(); + } void setSEK(shared_ptr hex_encrypted_SEK) { @@ -195,8 +204,10 @@ void setSEK(shared_ptr hex_encrypted_SEK) { HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + validate_SEK(); + } #include "experimental/filesystem" From 4fd8c4d245dc794c6f9e4a3ee2e8fe9fdf149f1b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 13:37:55 +0300 Subject: [PATCH 14/61] SKALE-3228 --- secure_enclave/AESUtils.c | 2 +- secure_enclave/AESUtils.h | 5 ++++- secure_enclave/secure_enclave.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index d7f0e28b..d081f429 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -41,7 +41,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { return -2; } - uint64_t len = strlen(message); + uint64_t len = strlen(message) + 1; if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { LOG_ERROR("Output buffer too small"); diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 037ca62a..19e64efa 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -27,7 +27,10 @@ sgx_aes_gcm_128bit_key_t AES_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen); - int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; +int AES_encrypt_dh(char *message, uint8_t *encr_message, uint64_t encrLen); +int AES_decrypt_dh(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; + + #endif //SGXD_AESUTILS_H diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 8ccc6bc4..214520ca 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -242,7 +242,7 @@ void sealHexSEK(int *errStatus, char *errString, CHECK_STATE(strnlen(sek_hex, 33) == 32) - uint64_t plaintextLen = strlen(sek_hex + 1); + uint64_t plaintextLen = strlen(sek_hex) + 1; uint64_t sealedLen = sgx_calc_sealed_data_size(0, plaintextLen); From 32ccd711017bed253ae94c430803e72c82191523 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 13:58:14 +0300 Subject: [PATCH 15/61] SKALE-3228 --- secure_enclave/AESUtils.c | 83 +++++++++++++++++++++++++++++++++ secure_enclave/AESUtils.h | 9 ++-- secure_enclave/secure_enclave.c | 7 ++- 3 files changed, 94 insertions(+), 5 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index d081f429..8cfff028 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -29,6 +29,9 @@ #include "AESUtils.h" +sgx_aes_gcm_128bit_key_t AES_key; +sgx_aes_gcm_128bit_key_t AES_DH_key; + int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { if (!message) { @@ -95,3 +98,83 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return status; } + + + + +int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) { + + if (!message) { + LOG_ERROR("Null message in AES_encrypt_DH"); + return -1; + } + + if (!encr_message) { + LOG_ERROR("Null encr message in AES_encrypt_DH"); + return -2; + } + + uint64_t len = strlen(message) + 1; + + if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { + LOG_ERROR("Output buffer too small"); + return -3; + } + + sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); + + sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message), + encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, + encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, + NULL, 0, + (sgx_aes_gcm_128bit_tag_t *) encr_message); + + return status; +} + +int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { + + if (!message) { + LOG_ERROR("Null message in AES_encrypt_DH"); + return -1; + } + + if (!encr_message) { + LOG_ERROR("Null encr message in AES_encrypt_DH"); + return -2; + } + + + if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { + LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"); + return -1; + } + + + + uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE; + + if (msgLen < len) { + LOG_ERROR("Output buffer not large enough"); + return -2; + } + + sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key, + encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, + (unsigned char*) message, + encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, + NULL, 0, + (sgx_aes_gcm_128bit_tag_t *)encr_message); + + return status; +} + + + + + + +void derive_DH_Key() { + memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE ); +} + diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 19e64efa..e72e036b 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,13 +24,16 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -sgx_aes_gcm_128bit_key_t AES_key; +extern sgx_aes_gcm_128bit_key_t AES_key; +extern sgx_aes_gcm_128bit_key_t AES_DH_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen); int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; -int AES_encrypt_dh(char *message, uint8_t *encr_message, uint64_t encrLen); -int AES_decrypt_dh(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; +int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen); +int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; + +void derive_DH_Key(); #endif //SGXD_AESUTILS_H diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 214520ca..92496b30 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -292,6 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); + derive_DH_Key(); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,6 +332,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); + derive_DH_Key(); SET_SUCCESS clean: @@ -349,6 +351,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, uint64_t len; hex2carray(sek_hex, &len, (uint8_t *) AES_key); + derive_DH_Key(); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); @@ -607,7 +610,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri *errStatus = -9; - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072); + int status = AES_decrypt_DH(encryptedPrivateKey, enc_len, key, 3072); if (status != 0) { *errStatus = status; @@ -644,7 +647,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, *errStatus = UNKNOWN_ERROR; - int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN); + int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN); CHECK_STATUS2("AES encrypt failed with status %d"); From 7906ecc1d2f05865d5305ba469419d1d2625d37f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 14:31:07 +0300 Subject: [PATCH 16/61] SKALE-3228 --- secure_enclave/AESUtils.c | 1 + secure_enclave/secure_enclave.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 8cfff028..3f2b121c 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -176,5 +176,6 @@ int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64 void derive_DH_Key() { memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE ); + /*AES_DH_key[1] = 1;AES_DH_key[2] = 2;*/ } diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 92496b30..69b7c6d6 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -655,7 +655,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, SAFE_CHAR_BUF(decryptedKey, BUF_LEN); - status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); + status = AES_decrypt_DH(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); CHECK_STATUS2("trustedDecryptKey failed with status %d"); From 70097647827a8b6d523d4da05afe733e54c9f10a Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 14:58:17 +0300 Subject: [PATCH 17/61] SKALE-3228 --- secure_enclave/EnclaveCommon.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index 8d061d47..be165746 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -175,12 +175,17 @@ void enclave_init() { LOG_INFO("Initing libff"); try { + LOG_INFO("Initing params"); libff::init_alt_bn128_params(); + LOG_INFO("Initing curve"); curve = domain_parameters_init(); + LOG_INFO("Initing curve domain"); domain_parameters_load_curve(curve, secp256k1); } catch (exception& e) { LOG_ERROR("Exception in libff init"); LOG_ERROR(e.what()); + } catch (...) { + LOG_ERROR("Unknown exception in libff"); } LOG_INFO("Inited libff"); } From 6249af9a95051237d40e78fed1b881508f72a891 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:16:00 +0300 Subject: [PATCH 18/61] SKALE-3228 --- secure_enclave/EnclaveCommon.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index be165746..c5c9ccbc 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -184,8 +184,10 @@ void enclave_init() { } catch (exception& e) { LOG_ERROR("Exception in libff init"); LOG_ERROR(e.what()); + abort(); } catch (...) { LOG_ERROR("Unknown exception in libff"); + abort(); } LOG_INFO("Inited libff"); } From 7abdd562960661460409dabf3ededdfa3f87a2e7 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:20:58 +0300 Subject: [PATCH 19/61] SKALE-3228 --- LevelDB.cpp | 6 +++--- ServerDataChecker.cpp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/LevelDB.cpp b/LevelDB.cpp index cf590420..ce839a67 100644 --- a/LevelDB.cpp +++ b/LevelDB.cpp @@ -154,11 +154,11 @@ std::vector LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){ return keys; } -void LevelDB::writeDataUnique(const string & Name, const string &value) { - auto key = Name; +void LevelDB::writeDataUnique(const string & name, const string &value) { + auto key = n ame; if (readString(Name) != nullptr) { - spdlog::debug("name {}",Name, " already exists"); + spdlog::debug("Name {} already exists", name); throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists"); } diff --git a/ServerDataChecker.cpp b/ServerDataChecker.cpp index 92c844c7..575a7803 100644 --- a/ServerDataChecker.cpp +++ b/ServerDataChecker.cpp @@ -72,7 +72,7 @@ bool checkECDSAKeyName(const string& keyName) { bool checkHex(const string& hex, const uint32_t sizeInBytes){ if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){ - spdlog::error("key is too long or zero - ", hex.length()); + spdlog::error("key is too long or zero {} ", hex.length()); return false; } From 653689838b9a6b93b7d09f55e1a060801a70c436 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:23:35 +0300 Subject: [PATCH 20/61] SKALE-3228 --- ServerInit.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ServerInit.cpp b/ServerInit.cpp index a37e520d..8b33eaab 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -137,12 +137,15 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { sgxServerInited = true; } catch (SGXException &_e) { spdlog::error(_e.getMessage()); + exit(-1); } catch (exception &_e) { spdlog::error(_e.what()); + exit(-1); } catch (...) { exception_ptr p = current_exception(); printf("Exception %s \n", p.__cxa_exception_type()->name()); spdlog::error("Unknown exception"); + exit (-1); } }; From a4274711b932ecf66199edf3a6ad9e1e8182d848 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:33:28 +0300 Subject: [PATCH 21/61] SKALE-3228 --- LevelDB.cpp | 7 +++---- secure_enclave/DomainParameters.c | 13 +++++++++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/LevelDB.cpp b/LevelDB.cpp index ce839a67..5d61e772 100644 --- a/LevelDB.cpp +++ b/LevelDB.cpp @@ -155,16 +155,15 @@ std::vector LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){ } void LevelDB::writeDataUnique(const string & name, const string &value) { - auto key = n ame; + auto key = name; - if (readString(Name) != nullptr) { + if (readString(name)) { spdlog::debug("Name {} already exists", name); throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists"); } writeString(key, value); - - + } diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.c index 241c43e4..7b5a46a0 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.c @@ -46,16 +46,25 @@ /*Initialize a curve*/ domain_parameters domain_parameters_init() { + + + LOG_INFO("Allocating curver"); + domain_parameters curve; curve = calloc(sizeof(struct domain_parameters_s),1); + LOG_INFO("Initing members"); + //Initialize all members mpz_init(curve->p); mpz_init(curve->a); mpz_init(curve->b); + mpz_init(curve->n); + mpz_init(curve->h); + + LOG_INFO("Initing point"); + curve->G = point_init(); - mpz_init(curve->n); - mpz_init(curve->h); return curve; } From 052e94c2ea86009fe397fc75e8708e2c1f79f121 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:57:12 +0300 Subject: [PATCH 22/61] SKALE-3228 --- CMakeLists.txt | 2 +- ECDSAImpl.c | 2 +- LevelDB.cpp | 2 +- Makefile.am | 1 + .../{DomainParameters.c => DomainParameters.cpp} | 13 +++++++++---- secure_enclave/EnclaveCommon.cpp | 10 +++++----- secure_enclave/Makefile.am | 4 ++-- secure_enclave/Makefile.in | 10 +++++----- sgxwallet.c | 4 ++-- 9 files changed, 27 insertions(+), 21 deletions(-) rename secure_enclave/{DomainParameters.c => DomainParameters.cpp} (95%) diff --git a/CMakeLists.txt b/CMakeLists.txt index a1707ce9..24af87e3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ add_executable(sgxwallet secure_enclave/DHDkg.h secure_enclave/DKGUtils.cpp secure_enclave/DKGUtils.h - secure_enclave/DomainParameters.c + secure_enclave/DomainParameters.cpp secure_enclave/DomainParameters.h secure_enclave/EnclaveConstants.h secure_enclave/NumberTheory.c diff --git a/ECDSAImpl.c b/ECDSAImpl.c index 60d41ccf..2ac7668e 100644 --- a/ECDSAImpl.c +++ b/ECDSAImpl.c @@ -1,5 +1,5 @@ #include "secure_enclave/Point.c" -#include "secure_enclave/DomainParameters.c" +#include "secure_enclave/DomainParameters.cpp" #include "secure_enclave/NumberTheory.c" #include "secure_enclave/Signature.c" #include "secure_enclave/Curves.c" diff --git a/LevelDB.cpp b/LevelDB.cpp index 5d61e772..7e7fc240 100644 --- a/LevelDB.cpp +++ b/LevelDB.cpp @@ -163,7 +163,7 @@ void LevelDB::writeDataUnique(const string & name, const string &value) { } writeString(key, value); - + } diff --git a/Makefile.am b/Makefile.am index e482e618..04cf99ea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -64,6 +64,7 @@ bin_PROGRAMS = sgxwallet testw cert_util ## You can't use $(wildcard ...) with automake so all source files ## have to be explicitly listed. +## have to be explicitly listed COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp BLSCrypto.cpp \ diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.cpp similarity index 95% rename from secure_enclave/DomainParameters.c rename to secure_enclave/DomainParameters.cpp index 7b5a46a0..5d91561c 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.cpp @@ -31,10 +31,13 @@ #include <../tgmp-build/include/sgx_tgmp.h> #endif +#include #include #include #include +#include "EnclaveCommon.h" #include "Point.h" + #include "DomainParameters.h" #define CHECK_ARG_ABORT(_EXPRESSION_) \ @@ -48,12 +51,12 @@ domain_parameters domain_parameters_init() { - LOG_INFO("Allocating curver"); domain_parameters curve; - curve = calloc(sizeof(struct domain_parameters_s),1); + curve = (domain_parameters) calloc(sizeof(struct domain_parameters_s),1); + + CHECK_ARG_ABORT(curve); - LOG_INFO("Initing members"); //Initialize all members mpz_init(curve->p); @@ -62,10 +65,12 @@ domain_parameters domain_parameters_init() mpz_init(curve->n); mpz_init(curve->h); - LOG_INFO("Initing point"); curve->G = point_init(); + CHECK_ARG_ABORT(curve->G); + + return curve; } diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index c5c9ccbc..6ffdbb1d 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -352,19 +352,19 @@ void logMsg(log_level _level, const char *_msg) { } -EXTERNC void LOG_INFO(const char *_msg) { +void LOG_INFO(const char *_msg) { logMsg(L_INFO, _msg); }; -EXTERNC void LOG_WARN(const char *_msg) { +void LOG_WARN(const char *_msg) { logMsg(L_WARNING, _msg); }; -EXTERNC void LOG_ERROR(const char *_msg) { +void LOG_ERROR(const char *_msg) { logMsg(L_ERROR, _msg); }; -EXTERNC void LOG_DEBUG(const char *_msg) { +void LOG_DEBUG(const char *_msg) { logMsg(L_DEBUG, _msg); }; -EXTERNC void LOG_TRACE(const char *_msg) { +void LOG_TRACE(const char *_msg) { logMsg(L_TRACE, _msg); }; diff --git a/secure_enclave/Makefile.am b/secure_enclave/Makefile.am index 188d2f21..64ce66b8 100644 --- a/secure_enclave/Makefile.am +++ b/secure_enclave/Makefile.am @@ -83,8 +83,8 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \ secure_enclave.c \ - Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ - DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ + Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ + DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG) diff --git a/secure_enclave/Makefile.in b/secure_enclave/Makefile.in index a0dd8749..23c510ef 100644 --- a/secure_enclave/Makefile.in +++ b/secure_enclave/Makefile.in @@ -108,9 +108,9 @@ PROGRAMS = $(libexec_PROGRAMS) am__objects_1 = am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \ secure_enclave.$(OBJEXT) Curves.$(OBJEXT) \ - DomainParameters.$(OBJEXT) NumberTheory.$(OBJEXT) \ - Point.$(OBJEXT) Signature.$(OBJEXT) DHDkg.$(OBJEXT) \ - AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) EnclaveCommon.$(OBJEXT) \ + NumberTheory.$(OBJEXT) Point.$(OBJEXT) Signature.$(OBJEXT) \ + DHDkg.$(OBJEXT) AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) \ + EnclaveCommon.$(OBJEXT) DomainParameters.$(OBJEXT) \ alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \ alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1) secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS) @@ -337,8 +337,8 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml ENCLAVE_KEY = test_insecure_private_key.pem #$(ENCLAVE)_private.pem secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \ secure_enclave.c \ - Curves.c DomainParameters.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ - DKGUtils.cpp EnclaveCommon.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ + Curves.c NumberTheory.c Point.c Signature.c DHDkg.c AESUtils.c \ + DKGUtils.cpp EnclaveCommon.cpp DomainParameters.cpp ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \ ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG) diff --git a/sgxwallet.c b/sgxwallet.c index c1258c31..5c6d16eb 100644 --- a/sgxwallet.c +++ b/sgxwallet.c @@ -36,5 +36,5 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "sgxwallet.h" sgx_launch_token_t token = {0}; -sgx_enclave_id_t eid; -int updated; +sgx_enclave_id_t eid = 0; +int updated = 0; From 3b9553535e7dc12685dca4b515f321ed71b7f9c6 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 16:48:46 +0300 Subject: [PATCH 23/61] Fixed config --- secure_enclave/secure_enclave.config.xml.sim | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secure_enclave/secure_enclave.config.xml.sim b/secure_enclave/secure_enclave.config.xml.sim index 9e8aad20..2beeb377 100644 --- a/secure_enclave/secure_enclave.config.xml.sim +++ b/secure_enclave/secure_enclave.config.xml.sim @@ -3,9 +3,9 @@ 0 0x1000000 0x10000000 - 32 - 32 - 32 + 16 + 16 + 16 0 0 From 7deed4812b0906a2d09a1f67b8906c338acb7aa2 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 16:58:48 +0300 Subject: [PATCH 24/61] SKALE-3228 --- secure_enclave/EnclaveCommon.cpp | 4 ++++ secure_enclave/secure_enclave.c | 14 +++++++------- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index 6ffdbb1d..20eb15d3 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -173,10 +173,14 @@ void enclave_init() { return; inited = 1; + LOG_INFO("Initing libff"); try { + LOG_INFO("Initing params"); + libff::init_alt_bn128_params(); + LOG_INFO("Initing curve"); curve = domain_parameters_init(); LOG_INFO("Initing curve domain"); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 69b7c6d6..b5376230 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -136,9 +136,14 @@ void trustedEnclaveInit(uint32_t _logLevel) { mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func); mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func); - LOG_INFO("Reading random"); + LOG_INFO("Calling enclave init"); + enclave_init(); + + + LOG_INFO("Reading random"); + globalRandom = calloc(32,1); int ret = sgx_read_rand(globalRandom, 32); @@ -148,12 +153,7 @@ void trustedEnclaveInit(uint32_t _logLevel) { LOG_ERROR("sgx_read_rand failed. Aboring enclave."); abort(); } - - - LOG_INFO("Calling enclave init"); - - enclave_init(); - + LOG_INFO("Successfully inited enclave. Signed enclave version:" SIGNED_ENCLAVE_VERSION ); #ifndef SGX_DEBUG LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!"); From 7d36d45ce675cf0a6a202899db1071ad30c41529 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 17:00:29 +0300 Subject: [PATCH 25/61] SKALE-3228 --- secure_enclave/secure_enclave.c | 2 +- secure_enclave/secure_enclave.config.xml.sim | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index b5376230..af430888 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -153,7 +153,7 @@ void trustedEnclaveInit(uint32_t _logLevel) { LOG_ERROR("sgx_read_rand failed. Aboring enclave."); abort(); } - + LOG_INFO("Successfully inited enclave. Signed enclave version:" SIGNED_ENCLAVE_VERSION ); #ifndef SGX_DEBUG LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!"); diff --git a/secure_enclave/secure_enclave.config.xml.sim b/secure_enclave/secure_enclave.config.xml.sim index 2beeb377..4dc8ecdf 100644 --- a/secure_enclave/secure_enclave.config.xml.sim +++ b/secure_enclave/secure_enclave.config.xml.sim @@ -2,7 +2,7 @@ 0 0 0x1000000 - 0x10000000 + 0x1000000 16 16 16 From fa0b37ee556f0c74df7684f685b2be3373f7ad82 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 17:15:14 +0300 Subject: [PATCH 26/61] Fix sgx 1 --- secure_enclave/secure_enclave.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index af430888..37835658 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -111,7 +111,7 @@ void *reallocate_function(void *, size_t, size_t); void free_function(void *, size_t); -unsigned char *globalRandom; +unsigned char *globalRandom = NULL; #define CALL_ONCE \ From e21828658ab79f8a32549e9718503c8741bd1bea Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Mon, 7 Sep 2020 19:36:17 +0300 Subject: [PATCH 27/61] SKALE-3228 --- docker/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/start.sh b/docker/start.sh index 66a91bc5..cbcad381 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -43,6 +43,7 @@ fi if [[ "$1" == "-t" ]]; then echo "Test run requested" +sleep 5 ./testw.py else ./sgxwallet $1 $2 $3 $4 $5 From 77425c862ad20cd270d42c54f3d63e1eb4e02195 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 15:30:59 +0300 Subject: [PATCH 28/61] SKALE-3205-restart --- BLSCrypto.cpp | 9 +-- DKGCrypto.cpp | 10 +-- ECDSACrypto.cpp | 2 +- SEKManager.cpp | 6 +- SGXWalletServer.cpp | 2 +- secure_enclave/AESUtils.c | 98 +++++++++------------------- secure_enclave/AESUtils.h | 11 +++- secure_enclave/secure_enclave.c | 105 +++++++++++++++--------------- secure_enclave/secure_enclave.edl | 30 ++++----- testw.cpp | 15 +++-- 10 files changed, 131 insertions(+), 157 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 3da541bf..46a14bbf 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -86,7 +86,7 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray, CHECK_STATE(_hexArrayLen > 2 * _len); - for (int j = 0; j < _len; j++) { + for (uint64_t j = 0; j < _len; j++) { _hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)]; _hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F]; } @@ -105,7 +105,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len, CHECK_STATE(_bin_len) - int len = strnlen(_hex, 2 * _max_length + 1); + uint64_t len = strnlen(_hex, 2 * _max_length + 1); CHECK_STATE(len != 2 * _max_length + 1); @@ -117,7 +117,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len, *_bin_len = len / 2; - for (int i = 0; i < len / 2; i++) { + for (uint64_t i = 0; i < len / 2; i++) { int high = char2int((char) _hex[i * 2]); int low = char2int((char) _hex[i * 2 + 1]); @@ -247,7 +247,8 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key strncpy(keyArray->data(), _key, BUF_LEN); *errStatus = 0; - unsigned int encryptedLen = 0; + + uint64_t encryptedLen = 0; sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 65315490..baa6efae 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -135,13 +135,13 @@ string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string string gen_dkg_poly(int _t) { vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint32_t enc_len = 0; + uint64_t enc_len = 0; vector encrypted_dkg_secret(BUF_LEN, 0); + sgx_status_t status = trustedGenDkgSecretAES( + eid, &errStatus,errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); - - sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); uint64_t length = enc_len;; @@ -214,7 +214,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve for (int i = 0; i < _n; i++) { vector encryptedSkey(BUF_LEN, 0); - uint32_t decLen; + uint64_t decLen; vector currentShare(193, 0); vector sShareG2(320, 0); @@ -300,7 +300,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - uint32_t enc_bls_len = 0; + uint64_t enc_bls_len = 0; sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index dc8229d1..ad597743 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -54,7 +54,7 @@ vector genECDSAKey() { vector pub_key_x(BUF_LEN, 0); vector pub_key_y(BUF_LEN, 0); - uint32_t enc_len = 0; + uint64_t enc_len = 0; sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encr_pr_key.data(), &enc_len, diff --git a/SEKManager.cpp b/SEKManager.cpp index f73b7c62..7ac6692f 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -52,7 +52,7 @@ bool case_insensitive_match(string s1, string s2) { void create_test_key() { int errStatus = 0; vector errMsg(1024, 0); - uint32_t enc_len; + uint64_t enc_len; SAFE_UINT8_BUF(encrypted_key, BUF_LEN); @@ -109,7 +109,7 @@ shared_ptr > check_and_set_SEK(const string &SEK) { auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0); - uint32_t l = 0; + uint64_t l = 0; sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); @@ -127,7 +127,7 @@ void gen_SEK() { vector errMsg(1024, 0); int err_status = 0; vector encrypted_SEK(1024, 0); - uint32_t enc_len = 0; + uint64_t enc_len = 0; SAFE_CHAR_BUF(SEK, 65); diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index a1d93756..fd5bd936 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -563,7 +563,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu vector public_keys = calculateAllBlsPublicKeys(public_shares); - if (public_keys.size() != n) { + if (public_keys.size() != (uint64_t)n) { throw SGXException(UNKNOWN_ERROR, ""); } diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 3f2b121c..ef70ab1d 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -27,12 +27,24 @@ #include "stdlib.h" #include + #include "AESUtils.h" sgx_aes_gcm_128bit_key_t AES_key; sgx_aes_gcm_128bit_key_t AES_DH_key; -int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { + +#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); + +int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type, + unsigned char decryptable, uint64_t* resultLen) { + + + + if (!type) { + LOG_ERROR("Null type in AES_encrypt"); + return -1; + } if (!message) { LOG_ERROR("Null message in AES_encrypt"); @@ -46,19 +58,31 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { uint64_t len = strlen(message) + 1; - if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { + if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) { LOG_ERROR("Output buffer too small"); return -3; } + SAFE_CHAR_BUF(fullMessage, len + 2); + + fullMessage[0] = type; + fullMessage[1] = decryptable; + + strncpy(fullMessage + 2, message, len ); + + len = len + 2; + message = fullMessage; + sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message), + sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *) encr_message); + *resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; + return status; } @@ -96,78 +120,18 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t NULL, 0, (sgx_aes_gcm_128bit_tag_t *)encr_message); - return status; -} - - - - -int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) { - - if (!message) { - LOG_ERROR("Null message in AES_encrypt_DH"); - return -1; - } - - if (!encr_message) { - LOG_ERROR("Null encr message in AES_encrypt_DH"); - return -2; - } - - uint64_t len = strlen(message) + 1; - - if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { - LOG_ERROR("Output buffer too small"); - return -3; - } - - sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - - sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message), - encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, - encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, - NULL, 0, - (sgx_aes_gcm_128bit_tag_t *) encr_message); + for (int i = 2; i < strlen(message) + 1; i++) { + message[i - 2 ] = message[i]; + } - return status; + return status; } -int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { - if (!message) { - LOG_ERROR("Null message in AES_encrypt_DH"); - return -1; - } - - if (!encr_message) { - LOG_ERROR("Null encr message in AES_encrypt_DH"); - return -2; - } - - - if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { - LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"); - return -1; - } - uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE; - if (msgLen < len) { - LOG_ERROR("Output buffer not large enough"); - return -2; - } - - sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key, - encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, - (unsigned char*) message, - encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, - NULL, 0, - (sgx_aes_gcm_128bit_tag_t *)encr_message); - - return status; -} diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index e72e036b..f897ba97 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -27,7 +27,8 @@ extern sgx_aes_gcm_128bit_key_t AES_key; extern sgx_aes_gcm_128bit_key_t AES_DH_key; -int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen); +int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, + unsigned char type, unsigned char decryptable, uint64_t* resultLen); int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen); @@ -35,5 +36,13 @@ int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64 void derive_DH_Key(); +#define ECDSA '1' +#define BLS '2' +#define DKG '3' + +#define DECRYPTABLE '1' +#define NON_DECRYPTABLE '2' + + #endif //SGXD_AESUTILS_H diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 37835658..fe2ec9c3 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -122,7 +122,7 @@ unsigned char *globalRandom = NULL; abort(); \ } else {called = true;}; -void trustedEnclaveInit(uint32_t _logLevel) { +void trustedEnclaveInit(uint64_t _logLevel) { CALL_ONCE LOG_INFO(__FUNCTION__); @@ -232,7 +232,7 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) { void sealHexSEK(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) { + uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -255,7 +255,7 @@ void sealHexSEK(int *errStatus, char *errString, (sgx_sealed_data_t *) encrypted_sek); CHECK_STATUS("seal SEK failed after SEK generation"); - uint32_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek); + uint64_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(encrypt_text_length = plaintextLen); @@ -263,7 +263,7 @@ void sealHexSEK(int *errStatus, char *errString, SAFE_CHAR_BUF(unsealedKey, BUF_LEN); uint32_t decLen = BUF_LEN; - uint32_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek); + uint64_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(add_text_length == 0); CHECK_STATE(sgx_is_within_enclave(encrypted_sek,sizeof(sgx_sealed_data_t))); status = sgx_unseal_data((const sgx_sealed_data_t *)encrypted_sek, NULL, NULL, @@ -279,7 +279,7 @@ void sealHexSEK(int *errStatus, char *errString, } void trustedGenerateSEK(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) { + uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -341,7 +341,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { } void trustedSetSEK_backup(int *errStatus, char *errString, - uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) { + uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -370,7 +370,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, - uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { + uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -410,22 +410,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); + SAFE_CHAR_BUF(skey_str, BUF_LEN); + SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey); n_zeroes = 64 - strlen(arr_skey_str); for (int i = 0; i < n_zeroes; i++) { skey_str[i] = '0'; } strncpy(skey_str + n_zeroes, arr_skey_str, 65 - n_zeroes); - skey_str[ECDSA_SKEY_LEN - 1] = 0; snprintf(errString, BUF_LEN, "skey len is %d\n", (int) strlen(skey_str)); - int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN); + int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN, + ECDSA, NON_DECRYPTABLE, enc_len); CHECK_STATUS("ecdsa private key encryption failed"); - *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - - status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN); + status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN); CHECK_STATUS2("ecdsa private key decr failed with status %d"); @@ -439,11 +438,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, } void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, - uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { + uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t privateKeyMpz; mpz_init(privateKeyMpz); @@ -455,7 +454,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); CHECK_STATUS2("AES_decrypt failed with status %d"); skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; @@ -515,7 +514,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, static uint64_t sigCounter = 0; -void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, +void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG(__FUNCTION__); @@ -526,7 +525,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv CHECK_STATE(sigR); CHECK_STATE(sigS); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t privateKeyMpz; mpz_init(privateKeyMpz); @@ -534,7 +533,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv mpz_init(msgMpz); signature sign = signature_init(); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); CHECK_STATUS2("aes decrypt failed with status %d"); @@ -600,7 +599,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, - uint32_t enc_len, char *key) { + uint64_t enc_len, char *key) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE @@ -610,7 +609,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri *errStatus = -9; - int status = AES_decrypt_DH(encryptedPrivateKey, enc_len, key, 3072); + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072); if (status != 0) { *errStatus = status; @@ -636,7 +635,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, - uint8_t *encryptedPrivateKey, uint32_t *enc_len) { + uint8_t *encryptedPrivateKey, uint64_t *enc_len) { LOG_INFO(__FUNCTION__); *errString = 0; @@ -647,15 +646,14 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, *errStatus = UNKNOWN_ERROR; - int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN); + int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN, + DKG, DECRYPTABLE, enc_len); CHECK_STATUS2("AES encrypt failed with status %d"); - *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - SAFE_CHAR_BUF(decryptedKey, BUF_LEN); - status = AES_decrypt_DH(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); + status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); CHECK_STATUS2("trustedDecryptKey failed with status %d"); @@ -671,6 +669,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); + LOG_ERROR(key); + LOG_ERROR(decryptedKey); LOG_ERROR(errString); goto clean; } @@ -684,7 +684,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, - uint32_t enc_len, char *_hashX, + uint64_t enc_len, char *_hashX, char *_hashY, char *signature) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE @@ -726,7 +726,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte } void -trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -738,11 +738,12 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s CHECK_STATUS("gen_dkg_poly failed") - status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN); + status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN, + DKG, DECRYPTABLE, enc_len); CHECK_STATUS("SGX AES encrypt DKG poly failed"); - *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; + SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH); @@ -768,7 +769,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s void trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, - uint32_t enc_len, + uint64_t enc_len, uint8_t *decrypted_dkg_secret) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -790,7 +791,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d } -void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) { +void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -810,14 +811,14 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc LOG_INFO("SGX call completed"); } -void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE - uint32_t enc_len; + uint64_t enc_len; int status; CHECK_STATE(encrypted_skey); @@ -827,7 +828,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t LOG_DEBUG(__FUNCTION__); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN); @@ -835,7 +836,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t CHECK_STATUS("trustedGenerateEcdsaKeyAES failed"); - status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN); + status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -843,13 +844,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *dec_len = enc_len; - SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(common_key, BUF_LEN); status = gen_session_key(skey, pub_keyB, common_key); CHECK_STATUS("gen_session_key failed") - SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(s_share, BUF_LEN); status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind); CHECK_STATUS("calc secret share failed") @@ -858,7 +859,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t status = calc_secret_shareG2(s_share, s_shareG2); CHECK_STATUS("invalid decr secret share"); - SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(cypher, BUF_LEN); status=xor_encrypt(common_key, s_share, cypher); CHECK_STATUS("xor_encrypt failed") @@ -875,7 +876,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t LOG_INFO("SGX call completed"); } -void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, char *public_shares, unsigned _t, unsigned _n) { LOG_INFO(__FUNCTION__); @@ -913,26 +914,26 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha CHECK_STATE(s_share); CHECK_STATE(encryptedPrivateKey); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey,BUF_LEN); mpz_t s; mpz_init(s); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d"); - SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(encr_sshare, BUF_LEN); strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1); - SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(common_key, BUF_LEN); status = session_key_recover(skey, s_share, common_key); CHECK_STATUS("session_key_recover failed"); - SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(decr_sshare, BUF_LEN); status=xor_decrypt(common_key, encr_sshare, decr_sshare); @@ -954,7 +955,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, - uint32_t *enc_bls_key_len) { + uint64_t *enc_bls_key_len) { LOG_INFO(__FUNCTION__); @@ -964,7 +965,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encr_bls_key); - SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey, BUF_LEN); mpz_t sum; mpz_init(sum); @@ -978,7 +979,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share mpz_init(bls_key); - int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN); CHECK_STATUS2("aes decrypt failed with status %d"); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1038,12 +1039,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); key_share[BLS_KEY_LENGTH - 1] = 0; - status = AES_encrypt(key_share, encr_bls_key, BUF_LEN); + status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_DECRYPTABLE, enc_bls_key_len); CHECK_STATUS2("aes encrypt bls private key failed with status %d "); - *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - SET_SUCCESS clean: @@ -1064,9 +1063,9 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat CHECK_STATE(bls_pub_key); CHECK_STATE(encryptedPrivateKey); - SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN); + SAFE_CHAR_BUF(skey_hex, BUF_LEN); - int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN); CHECK_STATUS2("AES decrypt failed %d"); diff --git a/secure_enclave/secure_enclave.edl b/secure_enclave/secure_enclave.edl index b5b57835..6ac8c7ac 100644 --- a/secure_enclave/secure_enclave.edl +++ b/secure_enclave/secure_enclave.edl @@ -11,14 +11,14 @@ enclave { trusted { include "sgx_tgmp.h" - public void trustedEnclaveInit(uint32_t _logLevel); + public void trustedEnclaveInit(uint64_t _logLevel); public void trustedGenerateSEK( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [out, count = 65] char* hex_SEK); public void trustedSetSEK( @@ -30,14 +30,14 @@ enclave { [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [in, string] const char* SEK_hex); public void trustedGenerateEcdsaKeyAES ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - [out] uint32_t *enc_len, + [out] uint64_t *enc_len, [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); @@ -45,7 +45,7 @@ enclave { [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t dec_len, + uint64_t dec_len, [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); @@ -53,7 +53,7 @@ enclave { [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [in, string] const char* hash, [out, count = SMALL_BUF_SIZE] char* sig_r, [out, count = SMALL_BUF_SIZE] char* sig_s, @@ -65,26 +65,26 @@ enclave { [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] const char* key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - [out] uint32_t *enc_len); + [out] uint64_t *enc_len); public void trustedDecryptKeyAES ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [out, count = SMALL_BUF_SIZE] char* key ); public void trustedGenDkgSecretAES ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = 3072] uint8_t* encrypted_dkg_secret, - [out] uint32_t * enc_len, size_t _t); + [out] uint64_t * enc_len, size_t _t); public void trustedDecryptDkgSecretAES ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, - uint32_t enc_len, + uint64_t enc_len, [out, count = 3072] uint8_t* decrypted_dkg_secret ); @@ -92,13 +92,13 @@ enclave { [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_poly, - uint32_t enc_len); + uint64_t enc_len); public void trustedGetEncryptedSecretShareAES( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey, - [out] uint32_t* dec_len, + [out] uint64_t* dec_len, [out, count = 193] char* result_str, [out, count = 320] char* s_shareG2, [in, string] char* pub_keyB, @@ -110,7 +110,7 @@ enclave { [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, - uint32_t enc_len, + uint64_t enc_len, [out, count = 10000] char* public_shares, unsigned _t, unsigned _n); @@ -133,13 +133,13 @@ enclave { [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, uint64_t key_len, [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key, - [out] uint32_t *enc_bls_key_len); + [out] uint64_t *enc_bls_key_len); public void trustedBlsSignMessageAES ( [out] int *errStatus, [out, count = TINY_BUF_SIZE] char* err_string, [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key, - uint32_t enc_len, + uint64_t enc_len, [in, string] char* hashX , [in, string] char* hashY, [out, count = SMALL_BUF_SIZE] char* signature); diff --git a/testw.cpp b/testw.cpp index 5b0c7cd6..588aa513 100644 --- a/testw.cpp +++ b/testw.cpp @@ -127,7 +127,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), @@ -160,7 +160,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { vector encrPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), @@ -177,7 +177,8 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke vector encPrivKey(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - uint32_t encLen = 0; + + uint64_t encLen = 0; PRINT_SRC_LINE auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(), @@ -291,7 +292,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; PRINT_SRC_LINE auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32); @@ -314,7 +315,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; unsigned t = 32, n = 32; PRINT_SRC_LINE @@ -363,7 +364,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- vector result(BUF_LEN, 0); int errStatus = 0; - uint32_t encLen = 0; + uint64_t encLen = 0; vector encryptedDKGSecret(BUF_LEN, 0); PRINT_SRC_LINE @@ -694,7 +695,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") { TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { int errStatus = 0; vector errMsg(BUF_LEN, 0); - uint32_t encLen; + uint64_t encLen; string key = SAMPLE_AES_KEY; vector encrypted_key(BUF_LEN, 0); From eaa8c60a87ab77262f83ff17bb127b96f4caabe0 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 16:47:17 +0300 Subject: [PATCH 29/61] SKALE-3205 --- secure_enclave/AESUtils.c | 15 +++++- secure_enclave/AESUtils.h | 5 +- secure_enclave/secure_enclave.c | 87 +++++++++++++++++++++++++++------ 3 files changed, 88 insertions(+), 19 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index ef70ab1d..a833f753 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -86,7 +86,8 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig return status; } -int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { +int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, + uint8_t *type, uint8_t* decryptable){ if (!message) { LOG_ERROR("Null message in AES_encrypt"); @@ -98,6 +99,16 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } + if (!type) { + LOG_ERROR("Null type in AES_encrypt"); + return -3; + } + + if (!encr_message) { + LOG_ERROR("Null decryptable in AES_encrypt"); + return -4; + } + if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"); @@ -120,6 +131,8 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t NULL, 0, (sgx_aes_gcm_128bit_tag_t *)encr_message); + *type = message[0]; + *decryptable = message[1]; for (int i = 2; i < strlen(message) + 1; i++) { message[i - 2 ] = message[i]; } diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index f897ba97..9f8b3b27 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -29,10 +29,9 @@ extern sgx_aes_gcm_128bit_key_t AES_DH_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char decryptable, uint64_t* resultLen); -int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; +int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, + uint8_t *type, uint8_t* decryptable) ; -int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen); -int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; void derive_DH_Key(); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index fe2ec9c3..2b36bf44 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -424,7 +424,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, ECDSA, NON_DECRYPTABLE, enc_len); CHECK_STATUS("ecdsa private key encryption failed"); - status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &decryptable); CHECK_STATUS2("ecdsa private key decr failed with status %d"); @@ -454,7 +457,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("AES_decrypt failed with status %d"); skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; @@ -533,7 +540,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv mpz_init(msgMpz); signature sign = signature_init(); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("aes decrypt failed with status %d"); @@ -609,7 +621,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri *errStatus = -9; - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072); + uint8_t type = 0; + uint8_t decryptable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072, + &type, &decryptable); + + if (decryptable != DECRYPTABLE) { + *errStatus = -11; + snprintf(errString, BUF_LEN, "Key is not exportable"); + } if (status != 0) { *errStatus = status; @@ -653,7 +674,11 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, SAFE_CHAR_BUF(decryptedKey, BUF_LEN); - status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("trustedDecryptKey failed with status %d"); @@ -696,7 +721,10 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN); - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &decryptable); CHECK_STATUS("AES decrypt failed") @@ -747,8 +775,11 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH); + uint8_t type = 0; + uint8_t decryptable = 0; + status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret, - DKG_BUFER_LENGTH); + DKG_BUFER_LENGTH, &type, &decryptable); CHECK_STATUS("aes decrypt dkg poly failed"); @@ -777,8 +808,11 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(decrypted_dkg_secret); + uint8_t type; + uint8_t decryptable; + int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret, - 3072); + 3072, &type, &decryptable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d") @@ -799,8 +833,11 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH); + uint8_t type = 0; + uint8_t decryptable = 0; + int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(), - DKG_BUFER_LENGTH); + DKG_BUFER_LENGTH, &type, &decryptable); CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d") @@ -836,7 +873,10 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t CHECK_STATUS("trustedGenerateEcdsaKeyAES failed"); - status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &decryptable); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -889,8 +929,11 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret, - DKG_MAX_SEALED_LEN); + DKG_MAX_SEALED_LEN, &type, &decryptable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d"); @@ -919,7 +962,11 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha mpz_t s; mpz_init(s); - int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d"); @@ -978,8 +1025,12 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share mpz_t bls_key; mpz_init(bls_key); + uint8_t type = 0; + uint8_t decryptable = 0; + - int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("aes decrypt failed with status %d"); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1039,7 +1090,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); key_share[BLS_KEY_LENGTH - 1] = 0; - status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_DECRYPTABLE, enc_bls_key_len); + status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, DECRYPTABLE, enc_bls_key_len); CHECK_STATUS2("aes encrypt bls private key failed with status %d "); @@ -1065,7 +1116,13 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat SAFE_CHAR_BUF(skey_hex, BUF_LEN); - int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN); + uint8_t type = 0; + uint8_t decryptable = 0; + + + + int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN, + &type, &decryptable); CHECK_STATUS2("AES decrypt failed %d"); From 8b9dcb3b4d619e86f0d1d7ec6b29c87aaa1fa49b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 16:55:46 +0300 Subject: [PATCH 30/61] SKALE-3205 --- secure_enclave/AESUtils.c | 27 +++----------- secure_enclave/AESUtils.h | 10 ++--- secure_enclave/secure_enclave.c | 66 ++++++++++++++++----------------- 3 files changed, 42 insertions(+), 61 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index a833f753..152dbc70 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -37,7 +37,7 @@ sgx_aes_gcm_128bit_key_t AES_DH_key; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type, - unsigned char decryptable, uint64_t* resultLen) { + unsigned char exportable, uint64_t* resultLen) { @@ -66,7 +66,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig SAFE_CHAR_BUF(fullMessage, len + 2); fullMessage[0] = type; - fullMessage[1] = decryptable; + fullMessage[1] = exportable; strncpy(fullMessage + 2, message, len ); @@ -87,7 +87,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig } int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, - uint8_t *type, uint8_t* decryptable){ + uint8_t *type, uint8_t* exportable){ if (!message) { LOG_ERROR("Null message in AES_encrypt"); @@ -105,7 +105,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t } if (!encr_message) { - LOG_ERROR("Null decryptable in AES_encrypt"); + LOG_ERROR("Null exportable in AES_encrypt"); return -4; } @@ -132,27 +132,10 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t (sgx_aes_gcm_128bit_tag_t *)encr_message); *type = message[0]; - *decryptable = message[1]; + *exportable = message[1]; for (int i = 2; i < strlen(message) + 1; i++) { message[i - 2 ] = message[i]; } return status; } - - - - - - - - - - - - -void derive_DH_Key() { - memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE ); - /*AES_DH_key[1] = 1;AES_DH_key[2] = 2;*/ -} - diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 9f8b3b27..24671587 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -25,22 +25,20 @@ #define SGXD_AESUTILS_H extern sgx_aes_gcm_128bit_key_t AES_key; -extern sgx_aes_gcm_128bit_key_t AES_DH_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, - unsigned char type, unsigned char decryptable, uint64_t* resultLen); + unsigned char type, unsigned char exportable, uint64_t* resultLen); int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen, - uint8_t *type, uint8_t* decryptable) ; + uint8_t *type, uint8_t* exportable) ; -void derive_DH_Key(); #define ECDSA '1' #define BLS '2' #define DKG '3' -#define DECRYPTABLE '1' -#define NON_DECRYPTABLE '2' +#define EXPORTABLE '1' +#define NON_EXPORTABLE '2' diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 2b36bf44..d94b056b 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -421,13 +421,13 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, snprintf(errString, BUF_LEN, "skey len is %d\n", (int) strlen(skey_str)); int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN, - ECDSA, NON_DECRYPTABLE, enc_len); + ECDSA, NON_EXPORTABLE, enc_len); CHECK_STATUS("ecdsa private key encryption failed"); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; - status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &decryptable); + status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &exportable); CHECK_STATUS2("ecdsa private key decr failed with status %d"); @@ -458,10 +458,10 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, CHECK_STATE(pub_key_y); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("AES_decrypt failed with status %d"); skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; @@ -541,11 +541,11 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv signature sign = signature_init(); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("aes decrypt failed with status %d"); @@ -622,12 +622,12 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri *errStatus = -9; uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072, - &type, &decryptable); + &type, &exportable); - if (decryptable != DECRYPTABLE) { + if (exportable != EXPORTABLE) { *errStatus = -11; snprintf(errString, BUF_LEN, "Key is not exportable"); } @@ -668,17 +668,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, *errStatus = UNKNOWN_ERROR; int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN, - DKG, DECRYPTABLE, enc_len); + DKG, EXPORTABLE, enc_len); CHECK_STATUS2("AES encrypt failed with status %d"); SAFE_CHAR_BUF(decryptedKey, BUF_LEN); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("trustedDecryptKey failed with status %d"); @@ -722,9 +722,9 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; - int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &decryptable); + int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &exportable); CHECK_STATUS("AES decrypt failed") @@ -767,7 +767,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s CHECK_STATUS("gen_dkg_poly failed") status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN, - DKG, DECRYPTABLE, enc_len); + DKG, EXPORTABLE, enc_len); CHECK_STATUS("SGX AES encrypt DKG poly failed"); @@ -776,10 +776,10 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret, - DKG_BUFER_LENGTH, &type, &decryptable); + DKG_BUFER_LENGTH, &type, &exportable); CHECK_STATUS("aes decrypt dkg poly failed"); @@ -809,10 +809,10 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d CHECK_STATE(decrypted_dkg_secret); uint8_t type; - uint8_t decryptable; + uint8_t exportable; int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret, - 3072, &type, &decryptable); + 3072, &type, &exportable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d") @@ -834,10 +834,10 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(), - DKG_BUFER_LENGTH, &type, &decryptable); + DKG_BUFER_LENGTH, &type, &exportable); CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d") @@ -874,9 +874,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t CHECK_STATUS("trustedGenerateEcdsaKeyAES failed"); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; - status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &decryptable); + status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -930,10 +930,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret, - DKG_MAX_SEALED_LEN, &type, &decryptable); + DKG_MAX_SEALED_LEN, &type, &exportable); CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d"); @@ -963,10 +963,10 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha mpz_init(s); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d"); @@ -1026,11 +1026,11 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share mpz_init(bls_key); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("aes decrypt failed with status %d"); skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1090,7 +1090,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); key_share[BLS_KEY_LENGTH - 1] = 0; - status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, DECRYPTABLE, enc_bls_key_len); + status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_EXPORTABLE, enc_bls_key_len); CHECK_STATUS2("aes encrypt bls private key failed with status %d "); @@ -1117,12 +1117,12 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat SAFE_CHAR_BUF(skey_hex, BUF_LEN); uint8_t type = 0; - uint8_t decryptable = 0; + uint8_t exportable = 0; int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN, - &type, &decryptable); + &type, &exportable); CHECK_STATUS2("AES decrypt failed %d"); From 49b640cace73ca9000e652773ac415616cd7c170 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 16:58:45 +0300 Subject: [PATCH 31/61] SKALE-3205 --- SGXWalletServer.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index fd5bd936..cae48db1 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -54,6 +54,9 @@ using namespace std; +std::shared_timed_mutex initMutex; +uint64_t initTime; + void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) { spdlog::info("Entering {}", __FUNCTION__); From ba552bc22ac510140a412a4ebbd9d5f8b8e1b050 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 17:00:13 +0300 Subject: [PATCH 32/61] SKALE-3205 --- common.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/common.h b/common.h index 4d5dc6f2..e9f4ba37 100644 --- a/common.h +++ b/common.h @@ -96,5 +96,19 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \ #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); #define SAFE_UINT8_BUF(__X__, __Y__) ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__); +#include + +extern std::shared_timed_mutex initMutex; +extern uint64_t initTime; + +#if SGX_MODE == SIM +#define ENCLAVE_RESTART_PERIOD_S 5 +#else +#define ENCLAVE_RESTART_PERIOD_S 60 * 10 +#endif + +#define READ_LOCK(__X__) std::shared_lock __LOCK__(__X__); +#define WRITE_LOCK(__X__) std::unique_lock __LOCK__(__X__); + #endif //SGXWALLET_COMMON_H From f0203c2509cf6841a7064a4f4717f0a98d7251ae Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 17:19:58 +0300 Subject: [PATCH 33/61] SKALE-3205 --- BLSCrypto.cpp | 50 ++++++++++-------- BLSPrivateKeyShareSGX.cpp | 13 +++-- DKGCrypto.cpp | 91 +++++++++++++++++++++------------ ECDSACrypto.cpp | 33 ++++++++---- SEKManager.cpp | 39 +++++++++++--- ServerInit.cpp | 38 ++++++++------ secure_enclave/secure_enclave.c | 5 +- 7 files changed, 176 insertions(+), 93 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 46a14bbf..d1184fee 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -29,14 +29,12 @@ #include "third_party/intel/create_enclave.h" - #include "bls.h" #include #include "BLSPrivateKeyShareSGX.h" - #include "sgxwallet_common.h" #include "sgxwallet.h" #include "SGXException.h" @@ -57,7 +55,7 @@ string *FqToString(libff::alt_bn128_Fq *_fq) { _fq->as_bigint().to_mpz(t); - SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2); + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2); mpz_get_str(arr, 10, t); mpz_clear(t); @@ -95,9 +93,8 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray, } - bool hex2carray(const char *_hex, uint64_t *_bin_len, - uint8_t *_bin, uint64_t _max_length) { + uint8_t *_bin, uint64_t _max_length) { CHECK_STATE(_hex); @@ -109,7 +106,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len, CHECK_STATE(len != 2 * _max_length + 1); - CHECK_STATE(len <= 2 * _max_length ); + CHECK_STATE(len <= 2 * _max_length); if (len == 0 && len % 2 == 1) @@ -141,7 +138,8 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t auto keyStr = make_shared(_encryptedKeyHex); - auto hash = make_shared>(); + auto hash = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; @@ -166,7 +164,8 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz CHECK_STATE(_hashHex); CHECK_STATE(_sig); - auto hash = make_shared>(); + auto hash = make_shared < array < uint8_t, + 32 >> (); uint64_t binLen; @@ -174,10 +173,10 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz throw SGXException(INVALID_HEX, "Invalid hash"); } - shared_ptr obj; + shared_ptr obj; obj = make_shared(signatures::Bls(_t, _n)); - pair hash_with_hint = obj->HashtoG1withHint(hash); + pair hash_with_hint = obj->HashtoG1withHint(hash); string *xStr = FqToString(&(hash_with_hint.first.X)); @@ -190,11 +189,9 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz BOOST_THROW_EXCEPTION(runtime_error("Null yStr")); } - vector errMsg(BUF_LEN,0); + vector errMsg(BUF_LEN, 0); - SAFE_CHAR_BUF(xStrArg,BUF_LEN); - SAFE_CHAR_BUF(yStrArg,BUF_LEN); - SAFE_CHAR_BUF(signature,BUF_LEN); + SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN); strncpy(xStrArg, xStr->c_str(), BUF_LEN); strncpy(yStrArg, yStr->c_str(), BUF_LEN); @@ -204,7 +201,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz size_t sz = 0; - SAFE_UINT8_BUF(encryptedKey,BUF_LEN); + SAFE_UINT8_BUF(encryptedKey, BUF_LEN); bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN); @@ -213,9 +210,15 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz } int errStatus = 0; - sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, - sz, xStrArg, yStrArg, signature); + + + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + sz, xStrArg, yStrArg, signature); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; @@ -240,8 +243,8 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key CHECK_STATE(errStatus); CHECK_STATE(err_string); CHECK_STATE(_key); - auto keyArray = make_shared>(BUF_LEN, 0); - auto encryptedKey = make_shared>(BUF_LEN, 0); + auto keyArray = make_shared < vector < char >> (BUF_LEN, 0); + auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0); vector errMsg(BUF_LEN, 0); @@ -250,8 +253,13 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key uint64_t encryptedLen = 0; - sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), + &encryptedLen); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1); diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index be556b87..18801729 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -148,9 +148,12 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr( BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key")); } - sgx_status_t status = - trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, - encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -162,7 +165,7 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr( } string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + - hash_with_hint.second; + hash_with_hint.second; string sig = signature; @@ -183,7 +186,7 @@ shared_ptr BLSPrivateKeyShareSGX::signWithHelperSGX( auto sig = make_shared(signature); shared_ptr s = make_shared(sig, _signerIndex, requiredSigners, - totalSigners); + totalSigners); return s; } diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index baa6efae..e091e7a8 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -26,7 +26,6 @@ #include - #include "third_party/spdlog/spdlog.h" #include "sgxwallet.h" #include "SGXException.h" @@ -38,11 +37,6 @@ #include "BLSCrypto.h" - - - - - vector splitString(const char *coeffs, const char symbol) { CHECK_STATE(coeffs); string str(coeffs); @@ -71,7 +65,7 @@ string ConvertToString(T field_elem, int base = 10) { field_elem.as_bigint().to_mpz(t); - SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, base) + 2); + SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, base) + 2); mpz_get_str(arr, base, t); mpz_clear(t); @@ -93,7 +87,7 @@ string convertHexToDec(const string &hex_str) { return ret; } - SAFE_CHAR_BUF(arr,mpz_sizeinbase(dec, 10) + 2); + SAFE_CHAR_BUF(arr, mpz_sizeinbase(dec, 10) + 2); mpz_get_str(arr, 10, dec); ret = arr; } catch (exception &e) { @@ -139,8 +133,12 @@ string gen_dkg_poly(int _t) { vector encrypted_dkg_secret(BUF_LEN, 0); - sgx_status_t status = trustedGenDkgSecretAES( - eid, &errStatus,errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedGenDkgSecretAES( + eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -173,9 +171,13 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int } + sgx_status_t status = SGX_SUCCESS; - sgx_status_t status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, - pubShares.data(), t, n); + { + READ_LOCK(initMutex); + status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, + pubShares.data(), t, n); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); vector g2Strings = splitString(pubShares.data(), ','); @@ -190,8 +192,8 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int string getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector &_publicKeys, - int _t, - int _n) { + int _t, + int _n) { CHECK_STATE(_encryptedPolyHex); @@ -202,12 +204,15 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve uint64_t encLen = 0; - if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - sgx_status_t status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); string result; @@ -226,8 +231,13 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve spdlog::debug("pubKeyB is {}", pub_keyB); - sgx_status_t status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, - currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, + currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, + i + 1); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); spdlog::debug("cur_share is {}", currentShare.data()); @@ -271,11 +281,15 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex"); } - SAFE_CHAR_BUF(pshares,8193); + SAFE_CHAR_BUF(pshares, 8193); strncpy(pshares, publicShares, strlen(publicShares)); - sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, - ind, &result); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, + ind, &result); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); if (result == 2) { @@ -290,24 +304,27 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * CHECK_STATE(s_shares); CHECK_STATE(encryptedKeyHex); - vector errMsg(BUF_LEN,0); + vector errMsg(BUF_LEN, 0); int errStatus = 0; - uint64_t decKeyLen; - SAFE_UINT8_BUF(encr_bls_key,BUF_LEN); - SAFE_UINT8_BUF(encr_key,BUF_LEN); + uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN); if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } uint64_t enc_bls_len = 0; - sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, - &enc_bls_len); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, + &enc_bls_len); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); - SAFE_CHAR_BUF(hexBLSKey,2 * BUF_LEN) + SAFE_CHAR_BUF(hexBLSKey, 2 * BUF_LEN) carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN); @@ -331,9 +348,14 @@ vector getBLSPubKey(const char *encryptedKeyHex) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - SAFE_CHAR_BUF(pubKey,320) + SAFE_CHAR_BUF(pubKey, 320) + - sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); vector pubKeyVect = splitString(pubKey, ':'); @@ -405,8 +427,7 @@ string decryptDHKey(const string &polyName, int ind) { vector hexEncrKey(2 * BUF_LEN, 0); - uint64_t dhEncLen = 0; - SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN); + uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN); if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) { throw SGXException(INVALID_HEX, "Invalid hexEncrKey"); } @@ -415,7 +436,11 @@ string decryptDHKey(const string &polyName, int ind) { SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN); - sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); return DHKey; diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index ad597743..a393d4ff 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -56,9 +56,14 @@ vector genECDSAKey() { uint64_t enc_len = 0; - sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encr_pr_key.data(), &enc_len, - pub_key_x.data(), pub_key_y.data()); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedGenerateEcdsaKeyAES(eid, &errStatus, + errMsg.data(), encr_pr_key.data(), &enc_len, + pub_key_x.data(), pub_key_y.data()); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data()); @@ -99,8 +104,13 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, + errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()) @@ -184,10 +194,15 @@ vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } - sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus, - errMsg.data(), encryptedKey.data(), decLen, hashHex, - signatureR.data(), - signatureS.data(), &signatureV, base); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedEcdsaSignAES(eid, &errStatus, + errMsg.data(), encryptedKey.data(), decLen, hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); diff --git a/SEKManager.cpp b/SEKManager.cpp index 7ac6692f..29f24c72 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -58,7 +58,12 @@ void create_test_key() { string key = TEST_VALUE; - sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -86,7 +91,12 @@ void validate_SEK() { exit(-1); } - sgx_status_t status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); @@ -111,13 +121,19 @@ shared_ptr > check_and_set_SEK(const string &SEK) { uint64_t l = 0; - sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, - SEK.c_str()); + sgx_status_t status = SGX_SUCCESS; + + { + READ_LOCK(initMutex); + status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, + SEK.c_str()); + } - encrypted_SEK->resize(l); HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); + encrypted_SEK->resize(l); + validate_SEK(); return encrypted_SEK; @@ -133,7 +149,12 @@ void gen_SEK() { spdlog::info("Generating backup key. Will be stored in backup_key.txt ... "); - sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); + + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); @@ -200,7 +221,11 @@ void setSEK(shared_ptr hex_encrypted_SEK) { throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex"); } - sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); + sgx_status_t status = SGX_SUCCESS; + { + READ_LOCK(initMutex); + status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); + } HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); diff --git a/ServerInit.cpp b/ServerInit.cpp index 8b33eaab..394ab56f 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -67,8 +67,6 @@ void initUserSpace() { } void initEnclave(uint32_t _logLevel) { - eid = 0; - updated = 0; #ifndef SGX_HW_SIM unsigned long support; @@ -81,22 +79,32 @@ void initEnclave(uint32_t _logLevel) { spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG); - sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, - &updated, &eid, 0); + sgx_status_t status = SGX_SUCCESS; - if (status != SGX_SUCCESS) { - if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) { - spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME); - spdlog::error("Did you forget to set LD_LIBRARY_PATH?"); - } else { - spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status); + { + READ_LOCK(initMutex); + + eid = 0; + updated = 0; + + status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, + &updated, &eid, 0); + + if (status != SGX_SUCCESS) { + if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) { + spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME); + spdlog::error("Did you forget to set LD_LIBRARY_PATH?"); + } else { + spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status); + } + exit(1); } - exit(1); - } - spdlog::info("Enclave created and started successfully"); + spdlog::info("Enclave created and started successfully"); - status = trustedEnclaveInit(eid, _logLevel); + + status = trustedEnclaveInit(eid, _logLevel); + } if (status != SGX_SUCCESS) { spdlog::error("trustedEnclaveInit failed: {}", status); @@ -146,6 +154,6 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { exception_ptr p = current_exception(); printf("Exception %s \n", p.__cxa_exception_type()->name()); spdlog::error("Unknown exception"); - exit (-1); + exit(-1); } }; diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index d94b056b..e8f87a88 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -292,7 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); - derive_DH_Key(); + sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -332,7 +332,6 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); - derive_DH_Key(); SET_SUCCESS clean: @@ -351,7 +350,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, uint64_t len; hex2carray(sek_hex, &len, (uint8_t *) AES_key); - derive_DH_Key(); + sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); From 5dbec9eb6d7be22750565625beb6634981cd09d3 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 17:25:49 +0300 Subject: [PATCH 34/61] SKALE-3205 --- ServerInit.cpp | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ServerInit.cpp b/ServerInit.cpp index 394ab56f..d3670f5f 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -66,7 +66,8 @@ void initUserSpace() { LevelDB::initDataFolderAndDBs(); } -void initEnclave(uint32_t _logLevel) { +void initEnclave() { + #ifndef SGX_HW_SIM unsigned long support; @@ -82,7 +83,14 @@ void initEnclave(uint32_t _logLevel) { sgx_status_t status = SGX_SUCCESS; { - READ_LOCK(initMutex); + WRITE_LOCK(initMutex); + + if (eid != 0) { + if (sgx_destroy_enclave(eid) != SGX_SUCCESS) { + spdlog::error("Could not destroy enclave"); + return; + } + } eid = 0; updated = 0; @@ -101,9 +109,8 @@ void initEnclave(uint32_t _logLevel) { } spdlog::info("Enclave created and started successfully"); - - - status = trustedEnclaveInit(eid, _logLevel); + + status = trustedEnclaveInit(eid, logLevel); } if (status != SGX_SUCCESS) { From 8d44891046ec1ec1851dc196f88fe55edf0b6e5c Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 17:38:47 +0300 Subject: [PATCH 35/61] SKALE-3205 --- ServerInit.cpp | 10 ++++++++-- ServerInit.h | 2 +- common.h | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ServerInit.cpp b/ServerInit.cpp index d3670f5f..654ac5c3 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -57,6 +57,8 @@ #include "SGXException.h" #include "SGXWalletServer.hpp" +uint32_t enclaveLogLevel = 0; + void initUserSpace() { libff::inhibit_profiling_counters = true; @@ -110,7 +112,7 @@ void initEnclave() { spdlog::info("Enclave created and started successfully"); - status = trustedEnclaveInit(eid, logLevel); + status = trustedEnclaveInit(eid, enclaveLogLevel); } if (status != SGX_SUCCESS) { @@ -122,10 +124,13 @@ void initEnclave() { } + + void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { static atomic sgxServerInited(false); static mutex initMutex; + enclaveLogLevel = _logLevel; lock_guard lock(initMutex); @@ -138,7 +143,8 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { CHECK_STATE(sgxServerInited != 1) sgxServerInited = 1; - initEnclave(_logLevel); + + initEnclave(); initUserSpace(); initSEK(); diff --git a/ServerInit.h b/ServerInit.h index 73296b61..df361052 100644 --- a/ServerInit.h +++ b/ServerInit.h @@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign); EXTERNC void initUserSpace(); -EXTERNC void initEnclave(uint32_t _logLevel); +EXTERNC void initEnclave(); diff --git a/common.h b/common.h index e9f4ba37..4b35f715 100644 --- a/common.h +++ b/common.h @@ -111,4 +111,5 @@ extern uint64_t initTime; #define WRITE_LOCK(__X__) std::unique_lock __LOCK__(__X__); + #endif //SGXWALLET_COMMON_H From 92dc85a48c081c406cd1d8d8bdf3efd8c2d06fba Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 18:00:52 +0300 Subject: [PATCH 36/61] SKALE-3205 --- BLSCrypto.cpp | 28 ++++++++++++++++++++++------ DKGCrypto.cpp | 19 +++++++++---------- SEKManager.cpp | 24 +++++++++++++++++------- SEKManager.h | 7 +++++++ VERSION | 2 +- 5 files changed, 56 insertions(+), 24 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index d1184fee..17c55e13 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -42,8 +42,10 @@ #include "common.h" #include "SGXWalletServer.h" -#include "BLSCrypto.h" +#include "SEKManager.h" +#include "LevelDB.h" #include "ServerInit.h" +#include "BLSCrypto.h" string *FqToString(libff::alt_bn128_Fq *_fq) { @@ -213,12 +215,26 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz sgx_status_t status = SGX_SUCCESS; + int attempts = 0; + do { + attempts++; + { + READ_LOCK(initMutex); + + status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + sz, xStrArg, yStrArg, signature); + + } + if (status != SGX_SUCCESS) { + spdlog::error(__FUNCTION__); + spdlog::error("Restarting sgx ..."); + reinitEnclave(); + } + } while (attempts < 2); + + + - { - READ_LOCK(initMutex); - status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, - sz, xStrArg, yStrArg, signature); - } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second; diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index e091e7a8..88c165c9 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -209,10 +209,11 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve } sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); - } + + READ_LOCK(initMutex); + + status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); string result; @@ -232,12 +233,10 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve spdlog::debug("pubKeyB is {}", pub_keyB); sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); - status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, - currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, - i + 1); - } + status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, + currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, + i + 1); + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); spdlog::debug("cur_share is {}", currentShare.data()); diff --git a/SEKManager.cpp b/SEKManager.cpp index 29f24c72..70dd42fa 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -21,21 +21,25 @@ @date 2020 */ -#include "SEKManager.h" -#include "SGXException.h" -#include "BLSCrypto.h" -#include "LevelDB.h" #include #include #include +#include "third_party/spdlog/spdlog.h" + + #include "sgxwallet_common.h" #include "common.h" #include "sgxwallet.h" +#include "SGXException.h" +#include "BLSCrypto.h" +#include "LevelDB.h" + #include "ServerDataChecker.h" -#include "third_party/spdlog/spdlog.h" +#include "ServerInit.h" +#include "SEKManager.h" using namespace std; @@ -152,7 +156,7 @@ void gen_SEK() { sgx_status_t status = SGX_SUCCESS; { - READ_LOCK(initMutex); + status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK); } @@ -205,6 +209,13 @@ void gen_SEK() { } +void reinitEnclave() { + WRITE_LOCK(initMutex); + initEnclave(); + shared_ptr encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK"); + setSEK(encrypted_SEK_ptr); +} + void setSEK(shared_ptr hex_encrypted_SEK) { CHECK_STATE(hex_encrypted_SEK); @@ -223,7 +234,6 @@ void setSEK(shared_ptr hex_encrypted_SEK) { sgx_status_t status = SGX_SUCCESS; { - READ_LOCK(initMutex); status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK); } diff --git a/SEKManager.h b/SEKManager.h index d2c86a4f..df533044 100644 --- a/SEKManager.h +++ b/SEKManager.h @@ -45,4 +45,11 @@ EXTERNC void enter_SEK(); EXTERNC void initSEK(); +EXTERNC void setSEK(); + +EXTERNC void reinitEnclave(); + + + + #endif //SGXD_SEKMANAGER_H diff --git a/VERSION b/VERSION index 0472a57d..f3a8f96f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.1 \ No newline at end of file +1.58.2 \ No newline at end of file From 395a86cfb2b5009391f6d0e887711822600bf1c1 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 18:08:04 +0300 Subject: [PATCH 37/61] SKALE-3205 --- BLSCrypto.cpp | 23 +++++------------------ sgxwallet_common.h | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 17c55e13..4f04beff 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -215,24 +215,11 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz sgx_status_t status = SGX_SUCCESS; - int attempts = 0; - do { - attempts++; - { - READ_LOCK(initMutex); + RESTART_BEGIN status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, sz, xStrArg, yStrArg, signature); - - } - if (status != SGX_SUCCESS) { - spdlog::error(__FUNCTION__); - spdlog::error("Restarting sgx ..."); - reinitEnclave(); - } - } while (attempts < 2); - - + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -270,12 +257,12 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key uint64_t encryptedLen = 0; sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); + RESTART_END - } HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1); diff --git a/sgxwallet_common.h b/sgxwallet_common.h index 8dcb846d..5648605a 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -109,4 +109,23 @@ extern bool autoconfirm; #define TEST_VALUE "1234567890" + +#define RESTART_BEGIN \ +int __ATTEMPTS__ = 0; \ +do {\ +__ATTEMPTS__++; \ +{\ +READ_LOCK(initMutex); + +#define RESTART_END \ +} \ +if (status != SGX_SUCCESS) { \ +spdlog::error(__FUNCTION__); \ +spdlog::error("Restarting sgx ..."); \ +reinitEnclave(); \ +} \ +} while (__ATTEMPTS__ < 2); + + + #endif //SGXWALLET_SGXWALLET_COMMON_H From 3ca5236e9bd041facec62f698242b9ca8407170f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 18:08:53 +0300 Subject: [PATCH 38/61] quit@ :qui --- BLSPrivateKeyShareSGX.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index 18801729..798d648b 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -149,11 +149,11 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr( } sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); From 178b5ed573525afc99ca84757f16a6976e644963 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 18:13:31 +0300 Subject: [PATCH 39/61] SKALE-3205 --- BLSPrivateKeyShareSGX.cpp | 5 ++-- DKGCrypto.cpp | 48 ++++++++++++++++++++------------------- 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index 798d648b..6d32b836 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -26,15 +26,14 @@ #include "BLSutils.h" #include "third_party/spdlog/spdlog.h" - +#include "common.h" #include "secure_enclave_u.h" #include "sgxwallet_common.h" #include "sgxwallet.h" #include "BLSCrypto.h" #include "ServerInit.h" -#include "common.h" - +#include "SEKManager.h" #include "BLSPrivateKeyShareSGX.h" string *stringFromFq(libff::alt_bn128_Fq *_fq) { diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 88c165c9..6e592230 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -27,15 +27,14 @@ #include "third_party/spdlog/spdlog.h" +#include "common.h" #include "sgxwallet.h" #include "SGXException.h" -#include "common.h" -#include "SGXWalletServer.hpp" - -#include "DKGCrypto.h" +#include "SGXWalletServer.hpp" #include "BLSCrypto.h" - +#include "SEKManager.h" +#include "DKGCrypto.h" vector splitString(const char *coeffs, const char symbol) { CHECK_STATE(coeffs); @@ -134,11 +133,12 @@ string gen_dkg_poly(int _t) { vector encrypted_dkg_secret(BUF_LEN, 0); sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + + RESTART_BEGIN status = trustedGenDkgSecretAES( eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -173,11 +173,12 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, pubShares.data(), t, n); - } + RESTART_END + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); vector g2Strings = splitString(pubShares.data(), ','); @@ -284,11 +285,12 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr strncpy(pshares, publicShares, strlen(publicShares)); sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result); - } + RESTART_END + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); if (result == 2) { @@ -315,11 +317,10 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + RESTART_BEGIN status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -351,10 +352,11 @@ vector getBLSPubKey(const char *encryptedKeyHex) { sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); - } + RESTART_END + HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); vector pubKeyVect = splitString(pubKey, ':'); @@ -436,10 +438,10 @@ string decryptDHKey(const string &polyName, int ind) { SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN); sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + + RESTART_BEGIN status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); return DHKey; From 24667d66f96de917af1ebf93ac174ed22f45a31e Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 8 Sep 2020 18:26:59 +0300 Subject: [PATCH 40/61] SKALE-3205 --- ECDSACrypto.cpp | 16 +++++++--------- sgxwallet_common.h | 2 +- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index a393d4ff..cfd1a3f8 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -38,6 +38,7 @@ #include "BLSCrypto.h" +#include "SEKManager.h" #include "ECDSACrypto.h" void fillRandomBuffer(vector &_buffer) { @@ -58,12 +59,11 @@ vector genECDSAKey() { sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + RESTART_BEGIN status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encr_pr_key.data(), &enc_len, pub_key_x.data(), pub_key_y.data()); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data()); @@ -106,11 +106,10 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + RESTART_BEGIN status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()) @@ -196,13 +195,12 @@ vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha sgx_status_t status = SGX_SUCCESS; - { - READ_LOCK(initMutex); + RESTART_BEGIN status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encryptedKey.data(), decLen, hashHex, signatureR.data(), signatureS.data(), &signatureV, base); - } + RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); diff --git a/sgxwallet_common.h b/sgxwallet_common.h index 5648605a..33edf31b 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -124,7 +124,7 @@ spdlog::error(__FUNCTION__); \ spdlog::error("Restarting sgx ..."); \ reinitEnclave(); \ } \ -} while (__ATTEMPTS__ < 2); +} while (status != SGX_SUCCESS && __ATTEMPTS__ < 2); From 28616a451ab545f152e57180831a113e36831e6f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 16:51:16 +0300 Subject: [PATCH 41/61] SKALE-2741 --- ServerInit.cpp | 21 +++++++++++++++++---- ServerInit.h | 2 +- docker/start.sh | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/ServerInit.cpp b/ServerInit.cpp index 654ac5c3..c69388b8 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -68,7 +68,7 @@ void initUserSpace() { LevelDB::initDataFolderAndDBs(); } -void initEnclave() { +uint64_t initEnclave() { #ifndef SGX_HW_SIM @@ -85,12 +85,12 @@ void initEnclave() { sgx_status_t status = SGX_SUCCESS; { + WRITE_LOCK(initMutex); if (eid != 0) { if (sgx_destroy_enclave(eid) != SGX_SUCCESS) { spdlog::error("Could not destroy enclave"); - return; } } @@ -117,10 +117,12 @@ void initEnclave() { if (status != SGX_SUCCESS) { spdlog::error("trustedEnclaveInit failed: {}", status); - exit(1); + return status; } spdlog::info("Enclave libtgmp library and logging initialized successfully"); + + return SGX_SUCCESS; } @@ -144,7 +146,18 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { CHECK_STATE(sgxServerInited != 1) sgxServerInited = 1; - initEnclave(); + uint64_t counter = 0; + + uint64_t initResult = 0; + while ((initResult = initEnclave()) != 0 && counter < 10){ + sleep(1); + counter ++; + } + + if (initResult != 0) { + spdlog::error("Coult not init enclave"); + } + initUserSpace(); initSEK(); diff --git a/ServerInit.h b/ServerInit.h index df361052..69fdc801 100644 --- a/ServerInit.h +++ b/ServerInit.h @@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign); EXTERNC void initUserSpace(); -EXTERNC void initEnclave(); +EXTERNC uint64_t initEnclave(); diff --git a/docker/start.sh b/docker/start.sh index cbcad381..fb2a3cab 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -43,7 +43,7 @@ fi if [[ "$1" == "-t" ]]; then echo "Test run requested" -sleep 5 +##sleep 0 ./testw.py else ./sgxwallet $1 $2 $3 $4 $5 From 85590b1ee4afde624c75b923df34038f9090a762 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 17:04:38 +0300 Subject: [PATCH 42/61] SKALE-3039 --- secure_enclave/AESUtils.c | 7 +++---- secure_enclave/AESUtils.h | 3 ++- secure_enclave/secure_enclave.c | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 152dbc70..1d49c25b 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -30,8 +30,7 @@ #include "AESUtils.h" -sgx_aes_gcm_128bit_key_t AES_key; -sgx_aes_gcm_128bit_key_t AES_DH_key; +uint8_t AES_key[2* BUF_LEN]; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); @@ -75,7 +74,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len, + sgx_status_t status = sgx_rijndael128GCM_encrypt(AES_key + BUF_LEN, (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, @@ -124,7 +123,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, + sgx_status_t status = sgx_rijndael128GCM_decrypt(AES_key + BUF_LEN, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 24671587..9f339b95 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,7 +24,8 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -extern sgx_aes_gcm_128bit_key_t AES_key; +#define BUF_LEN 1024 +extern uint8_t AES_key[2* BUF_LEN] ; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char exportable, uint64_t* resultLen); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index e8f87a88..106fa0ec 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key + BUF_LEN, SEK_raw, SGX_AESGCM_KEY_SIZE); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); + hex2carray(aes_key_hex, &len, (uint8_t *) AES_key + BUF_LEN); SET_SUCCESS clean: @@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) AES_key); + hex2carray(sek_hex, &len, (uint8_t *) AES_key + BUF_LEN); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); From 4b8f7281b22b342e05d647bb9f3f4fea60597d75 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 19:25:51 +0300 Subject: [PATCH 43/61] Revert "SKALE-3039" This reverts commit 85590b1ee4afde624c75b923df34038f9090a762. --- secure_enclave/AESUtils.c | 7 ++++--- secure_enclave/AESUtils.h | 3 +-- secure_enclave/secure_enclave.c | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 1d49c25b..152dbc70 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -30,7 +30,8 @@ #include "AESUtils.h" -uint8_t AES_key[2* BUF_LEN]; +sgx_aes_gcm_128bit_key_t AES_key; +sgx_aes_gcm_128bit_key_t AES_DH_key; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); @@ -74,7 +75,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(AES_key + BUF_LEN, (uint8_t*)message, len, + sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, @@ -123,7 +124,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(AES_key + BUF_LEN, + sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 9f339b95..24671587 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,8 +24,7 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -#define BUF_LEN 1024 -extern uint8_t AES_key[2* BUF_LEN] ; +extern sgx_aes_gcm_128bit_key_t AES_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char exportable, uint64_t* resultLen); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 106fa0ec..e8f87a88 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key + BUF_LEN, SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) AES_key + BUF_LEN); + hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); SET_SUCCESS clean: @@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) AES_key + BUF_LEN); + hex2carray(sek_hex, &len, (uint8_t *) AES_key); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); From e442d9aec5c49ba10880946aedf5854e7a2defe9 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 20:18:58 +0300 Subject: [PATCH 44/61] SKALE-3039 --- VERSION | 2 +- secure_enclave/AESUtils.c | 7 +++---- secure_enclave/AESUtils.h | 2 +- secure_enclave/secure_enclave.c | 6 +++--- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/VERSION b/VERSION index f3a8f96f..10e8161b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.2 \ No newline at end of file +1.58.3 \ No newline at end of file diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 152dbc70..d5f2ffd3 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -30,8 +30,7 @@ #include "AESUtils.h" -sgx_aes_gcm_128bit_key_t AES_key; -sgx_aes_gcm_128bit_key_t AES_DH_key; +sgx_aes_gcm_128bit_key_t AES_key[32]; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); @@ -75,7 +74,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len, + sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[16]), (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, @@ -124,7 +123,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, + sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[16]), encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 24671587..24fa201f 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,7 +24,7 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -extern sgx_aes_gcm_128bit_key_t AES_key; +extern sgx_aes_gcm_128bit_key_t AES_key[32]; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char exportable, uint64_t* resultLen); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index e8f87a88..6693f43f 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key[16], SEK_raw, SGX_AESGCM_KEY_SIZE); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); + hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[16])); SET_SUCCESS clean: @@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) AES_key); + hex2carray(sek_hex, &len, (uint8_t *) (AES_key[16])); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); From cf20898e6175699aec260cd1b367bc0ffd9f5d61 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 20:22:27 +0300 Subject: [PATCH 45/61] SKALE-3039 --- secure_enclave/AESUtils.c | 6 +++--- secure_enclave/AESUtils.h | 2 +- secure_enclave/secure_enclave.c | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index d5f2ffd3..9380b605 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -30,7 +30,7 @@ #include "AESUtils.h" -sgx_aes_gcm_128bit_key_t AES_key[32]; +sgx_aes_gcm_128bit_key_t AES_key[1024]; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); @@ -74,7 +74,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[16]), (uint8_t*)message, len, + sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[512]), (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, @@ -123,7 +123,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[16]), + sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]), encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 24fa201f..d57e5a95 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,7 +24,7 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -extern sgx_aes_gcm_128bit_key_t AES_key[32]; +extern sgx_aes_gcm_128bit_key_t AES_key[1024]; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char exportable, uint64_t* resultLen); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 6693f43f..a3abcefc 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key[16], SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key[512], SEK_raw, SGX_AESGCM_KEY_SIZE); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[16])); + hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[512])); SET_SUCCESS clean: @@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) (AES_key[16])); + hex2carray(sek_hex, &len, (uint8_t *) (AES_key[512])); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); From 70ab5718db237d1be4058156f727d2bf1db85291 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 20:47:08 +0300 Subject: [PATCH 46/61] SKALE-3039 --- BLSCrypto.cpp | 2 +- sgxwallet_common.h | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 4f04beff..8d1f0bd7 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -261,7 +261,7 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key RESTART_BEGIN status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); - RESTART_END + RESTART_END_POINTER HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data()); diff --git a/sgxwallet_common.h b/sgxwallet_common.h index 33edf31b..57b0b1f7 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -119,12 +119,23 @@ READ_LOCK(initMutex); #define RESTART_END \ } \ -if (status != SGX_SUCCESS) { \ -spdlog::error(__FUNCTION__); \ -spdlog::error("Restarting sgx ..."); \ +if (status != SGX_SUCCESS || errStatus != 0) { \ +spdlog::error(__FUNCTION__); \ +spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \ reinitEnclave(); \ } \ -} while (status != SGX_SUCCESS && __ATTEMPTS__ < 2); +} while ((status != SGX_SUCCESS || errStatus != 0) && __ATTEMPTS__ < 2); + + + +#define RESTART_END_POINTER \ +} \ +if (status != SGX_SUCCESS || *errStatus != 0) { \ +spdlog::error(__FUNCTION__);\ +spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus); \ +reinitEnclave(); \ +} \ +} while ((status != SGX_SUCCESS || *errStatus != 0) && __ATTEMPTS__ < 2); From ff5b7048fb9753db30a61cf68268160d2f0dff2b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 21:10:11 +0300 Subject: [PATCH 47/61] SKALE-3039 --- secure_enclave/Signature.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index b19b3e66..0f100b85 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -104,10 +104,9 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para return; } - point Q = point_init(); - //Initializing variables - mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed; + point Q = point_init(); + mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed, s_mul_2; mpz_init(k); mpz_init(x); mpz_init(r); @@ -121,7 +120,6 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para mpz_init(rem); mpz_init(neg); mpz_init(seed); - mpz_t s_mul_2; mpz_init(s_mul_2); SAFE_CHAR_BUF(rand_char, 32); @@ -182,20 +180,22 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para point_clear(Q); - mpz_clear(k); - mpz_clear(r); mpz_clear(s); + mpz_clear(r); mpz_clear(x); mpz_clear(rem); mpz_clear(neg); mpz_clear(t1); mpz_clear(t2); mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); mpz_clear(seed); mpz_clear(n_div_2); mpz_clear(s_mul_2); + } #endif From 3e81244deab61d8b9e81d6512a60934a78d76bb3 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 21:12:06 +0300 Subject: [PATCH 48/61] SKALE-3039 --- secure_enclave/Signature.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 0f100b85..91e1eab7 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -57,6 +57,15 @@ signature signature_init() { return sig; } +/*Release signature*/ +void signature_free(signature sig) { + if (!sig) + return; + mpz_clear(sig->r); + mpz_clear(sig->s); + free(sig); +} + /*Set signature from strings of a base from 2-62*/ int signature_set_str(signature sig, const char *r, const char *s, int base) { @@ -200,14 +209,7 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para #endif -/*Release signature*/ -void signature_free(signature sig) { - if (!sig) - return; - mpz_clear(sig->r); - mpz_clear(sig->s); - free(sig); -} + /*Verify the integrity of a message using it's signature*/ bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { From 83b5c23e3b458f389c00ba115bf499d0a256fe78 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 10 Sep 2020 21:28:43 +0300 Subject: [PATCH 49/61] SKALE-3039 --- BLSCrypto.cpp | 4 ++-- BLSPrivateKeyShareSGX.cpp | 2 +- DKGCrypto.cpp | 16 +++++++-------- DKGCrypto.h | 2 +- ECDSACrypto.cpp | 6 +++--- SEKManager.cpp | 6 +++--- docker/start.sh | 3 ++- secure_enclave/secure_enclave.c | 34 +++++++++++++++---------------- secure_enclave/secure_enclave.edl | 30 +++++++++++++-------------- testw.cpp | 30 +++++++++++++-------------- 10 files changed, 67 insertions(+), 66 deletions(-) diff --git a/BLSCrypto.cpp b/BLSCrypto.cpp index 8d1f0bd7..964f77d1 100644 --- a/BLSCrypto.cpp +++ b/BLSCrypto.cpp @@ -217,7 +217,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey, sz, xStrArg, yStrArg, signature); RESTART_END @@ -259,7 +259,7 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), + status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen); RESTART_END_POINTER diff --git a/BLSPrivateKeyShareSGX.cpp b/BLSPrivateKeyShareSGX.cpp index 6d32b836..9a899cc9 100644 --- a/BLSPrivateKeyShareSGX.cpp +++ b/BLSPrivateKeyShareSGX.cpp @@ -150,7 +150,7 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr( sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey, + status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey, encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature); RESTART_END diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 6e592230..82daca93 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -136,7 +136,7 @@ string gen_dkg_poly(int _t) { RESTART_BEGIN - status = trustedGenDkgSecretAES( + status = trustedGenDkgSecret( eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t); RESTART_END @@ -175,7 +175,7 @@ vector > get_verif_vect(const char *encryptedPolyHex, int t, int RESTART_BEGIN - status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, + status = trustedGetPublicShares(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen, pubShares.data(), t, n); RESTART_END @@ -213,7 +213,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve READ_LOCK(initMutex); - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); + status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen); HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); @@ -234,7 +234,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve spdlog::debug("pubKeyB is {}", pub_keyB); sgx_status_t status = SGX_SUCCESS; - status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, + status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen, currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1); @@ -287,7 +287,7 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, + status = trustedDkgVerify(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t, ind, &result); RESTART_END @@ -318,7 +318,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char * sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, + status = trustedCreateBlsKey(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key, &enc_bls_len); RESTART_END @@ -354,7 +354,7 @@ vector getBLSPubKey(const char *encryptedKeyHex) { sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); + status = trustedGetBlsPubKey(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey); RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); @@ -440,7 +440,7 @@ string decryptDHKey(const string &polyName, int ind) { sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); + status = trustedDecryptKey(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey); RESTART_END HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data()); diff --git a/DKGCrypto.h b/DKGCrypto.h index c3227d62..5ec9eb61 100644 --- a/DKGCrypto.h +++ b/DKGCrypto.h @@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s vector calculateAllBlsPublicKeys(const vector& public_shares); -bool TestcreateBLSShare( const char * s_shares); +bool testCreateBLSShare( const char * s_shares); #endif //SGXD_DKGCRYPTO_H diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index cfd1a3f8..cbba5b1d 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -60,7 +60,7 @@ vector genECDSAKey() { sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedGenerateEcdsaKeyAES(eid, &errStatus, + status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(), &enc_len, pub_key_x.data(), pub_key_y.data()); RESTART_END @@ -107,7 +107,7 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) { sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, + status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); RESTART_END @@ -196,7 +196,7 @@ vector ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha sgx_status_t status = SGX_SUCCESS; RESTART_BEGIN - status = trustedEcdsaSignAES(eid, &errStatus, + status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encryptedKey.data(), decLen, hashHex, signatureR.data(), signatureS.data(), &signatureV, base); diff --git a/SEKManager.cpp b/SEKManager.cpp index 70dd42fa..a0828aae 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -66,7 +66,7 @@ void create_test_key() { { READ_LOCK(initMutex); - status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); + status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len); } HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data()); @@ -99,7 +99,7 @@ void validate_SEK() { { READ_LOCK(initMutex); - status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); + status = trustedDecryptKey(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data()); } HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data()); @@ -129,7 +129,7 @@ shared_ptr > check_and_set_SEK(const string &SEK) { { READ_LOCK(initMutex); - status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, + status = trustedSetSEKBackup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str()); } diff --git a/docker/start.sh b/docker/start.sh index fb2a3cab..96cb3de8 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -43,9 +43,10 @@ fi if [[ "$1" == "-t" ]]; then echo "Test run requested" -##sleep 0 +sleep 5 ./testw.py else + sleep 3 ./sgxwallet $1 $2 $3 $4 $5 fi diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index a3abcefc..ea30fca5 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -339,7 +339,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { LOG_INFO("SGX call completed"); } -void trustedSetSEK_backup(int *errStatus, char *errString, +void trustedSetSEKBackup(int *errStatus, char *errString, uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); @@ -368,7 +368,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, -void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, +void trustedGenerateEcdsaKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -439,7 +439,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, LOG_INFO("SGX call completed"); } -void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, +void trustedGetPublicEcdsaKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE @@ -520,7 +520,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, static uint64_t sigCounter = 0; -void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, +void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG(__FUNCTION__); @@ -609,7 +609,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv } -void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, +void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, char *key) { LOG_DEBUG(__FUNCTION__); @@ -654,7 +654,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri } -void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, +void trustedEncryptKey(int *errStatus, char *errString, const char *key, uint8_t *encryptedPrivateKey, uint64_t *enc_len) { LOG_INFO(__FUNCTION__); @@ -707,7 +707,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, } -void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, +void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len, char *_hashX, char *_hashY, char *signature) { LOG_DEBUG(__FUNCTION__); @@ -753,7 +753,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte } void -trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) { +trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -798,7 +798,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s } void -trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, +trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, uint8_t *decrypted_dkg_secret) { LOG_INFO(__FUNCTION__); @@ -824,7 +824,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d } -void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) { +void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE @@ -847,7 +847,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc LOG_INFO("SGX call completed"); } -void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len, +void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { @@ -868,9 +868,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN); - trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); - CHECK_STATUS("trustedGenerateEcdsaKeyAES failed"); + CHECK_STATUS("trustedGenerateEcdsaKey failed"); uint8_t type = 0; uint8_t exportable = 0; @@ -915,7 +915,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t LOG_INFO("SGX call completed"); } -void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, +void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len, char *public_shares, unsigned _t, unsigned _n) { LOG_INFO(__FUNCTION__); @@ -946,7 +946,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt LOG_INFO("SGX call completed"); } -void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, +void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { LOG_INFO(__FUNCTION__); @@ -999,7 +999,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha LOG_INFO("SGX call completed"); } -void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, +void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint64_t *enc_bls_key_len) { @@ -1104,7 +1104,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share } void -trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, +trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG(__FUNCTION__); diff --git a/secure_enclave/secure_enclave.edl b/secure_enclave/secure_enclave.edl index 6ac8c7ac..9d476ee8 100644 --- a/secure_enclave/secure_enclave.edl +++ b/secure_enclave/secure_enclave.edl @@ -26,14 +26,14 @@ enclave { [out, count = SMALL_BUF_SIZE] char *err_string, [in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK); - public void trustedSetSEK_backup( + public void trustedSetSEKBackup( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK, [out] uint64_t *enc_len, [in, string] const char* SEK_hex); - public void trustedGenerateEcdsaKeyAES ( + public void trustedGenerateEcdsaKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, @@ -41,7 +41,7 @@ enclave { [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); - public void trustedGetPublicEcdsaKeyAES( + public void trustedGetPublicEcdsaKey( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, @@ -49,7 +49,7 @@ enclave { [out, count = SMALL_BUF_SIZE] char * pub_key_x, [out, count = SMALL_BUF_SIZE] char * pub_key_y); - public void trustedEcdsaSignAES( + public void trustedEcdsaSign( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, @@ -60,27 +60,27 @@ enclave { [out] uint8_t* sig_v, int base); - public void trustedEncryptKeyAES ( + public void trustedEncryptKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] const char* key, [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, [out] uint64_t *enc_len); - public void trustedDecryptKeyAES ( + public void trustedDecryptKey ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, uint64_t enc_len, [out, count = SMALL_BUF_SIZE] char* key ); - public void trustedGenDkgSecretAES ( + public void trustedGenDkgSecret ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [out, count = 3072] uint8_t* encrypted_dkg_secret, [out] uint64_t * enc_len, size_t _t); - public void trustedDecryptDkgSecretAES ( + public void trustedDecryptDkgSecret ( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, @@ -88,13 +88,13 @@ enclave { [out, count = 3072] uint8_t* decrypted_dkg_secret ); - public void trustedSetEncryptedDkgPolyAES( + public void trustedSetEncryptedDkgPoly( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_poly, uint64_t enc_len); - public void trustedGetEncryptedSecretShareAES( + public void trustedGetEncryptedSecretShare( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char *err_string, [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey, @@ -106,7 +106,7 @@ enclave { uint8_t _n, uint8_t ind); - public void trustedGetPublicSharesAES( + public void trustedGetPublicShares( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 3050] uint8_t* encrypted_dkg_secret, @@ -115,7 +115,7 @@ enclave { unsigned _t, unsigned _n); - public void trustedDkgVerifyAES( + public void trustedDkgVerify( [out] int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, string] const char* public_shares, @@ -126,7 +126,7 @@ enclave { int _ind, [out] int* result); - public void trustedCreateBlsKeyAES( + public void trustedCreateBlsKey( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = 6145] const char* s_shares, @@ -135,7 +135,7 @@ enclave { [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key, [out] uint64_t *enc_bls_key_len); - public void trustedBlsSignMessageAES ( + public void trustedBlsSignMessage ( [out] int *errStatus, [out, count = TINY_BUF_SIZE] char* err_string, [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key, @@ -144,7 +144,7 @@ enclave { [in, string] char* hashY, [out, count = SMALL_BUF_SIZE] char* signature); - public void trustedGetBlsPubKeyAES( + public void trustedGetBlsPubKey( [out]int *errStatus, [out, count = SMALL_BUF_SIZE] char* err_string, [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key, diff --git a/testw.cpp b/testw.cpp index 588aa513..dfe7c181 100644 --- a/testw.cpp +++ b/testw.cpp @@ -129,7 +129,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -143,7 +143,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes for (int i = 0; i < 50; i++) { PRINT_SRC_LINE - status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, + status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen, hex.data(), signatureR.data(), signatureS.data(), &signatureV, 16); @@ -162,7 +162,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") { vector pubKeyY(BUF_LEN, 0); uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); @@ -181,7 +181,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(), + auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(), pubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -191,7 +191,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke vector receivedPubKeyY(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, + status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen, receivedPubKeyX.data(), receivedPubKeyY.data()); REQUIRE(status == SGX_SUCCESS); @@ -295,14 +295,14 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") { uint64_t encLen = 0; PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); vector secret(BUF_LEN, 0); vector errMsg1(BUF_LEN, 0); - status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), + status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, (uint8_t *) secret.data()); REQUIRE(status == SGX_SUCCESS); @@ -319,7 +319,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares unsigned t = 32, n = 32; PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); @@ -328,7 +328,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares char colon = ':'; vector pubShares(10000, 0); PRINT_SRC_LINE - status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(), + status = trustedGetPublicShares(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, pubShares.data(), t, n); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); @@ -343,7 +343,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares vector secret(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, + status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen, (uint8_t *) secret.data()); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); @@ -368,14 +368,14 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- vector encryptedDKGSecret(BUF_LEN, 0); PRINT_SRC_LINE - auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2); + auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); uint64_t enc_len = encLen; PRINT_SRC_LINE - status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len); + status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len); REQUIRE(status == SGX_SUCCESS); REQUIRE(errStatus == SGX_SUCCESS); @@ -385,7 +385,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes- vector s_shareG2(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen, + status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen, result.data(), s_shareG2.data(), (char *) pub_keyB.data(), 2, 2, 1); @@ -700,14 +700,14 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") { vector encrypted_key(BUF_LEN, 0); PRINT_SRC_LINE - auto status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); + auto status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen); REQUIRE(status == 0); REQUIRE(errStatus == 0); vector decr_key(BUF_LEN, 0); PRINT_SRC_LINE - status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data()); + status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data()); REQUIRE(status == 0); REQUIRE(errStatus == 0); From 40cc0bba785417d990d833743a37ea9272a09654 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Mon, 14 Sep 2020 10:56:16 +0300 Subject: [PATCH 50/61] update backup procedure docs --- docs/backup-procedure.md | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/docs/backup-procedure.md b/docs/backup-procedure.md index 39c0911f..4f02ae60 100644 --- a/docs/backup-procedure.md +++ b/docs/backup-procedure.md @@ -2,12 +2,12 @@ # SGXWallet Backup Procedure -When SGXWallet is initialized, the server will print the backup key. +When SGXWallet is initialized, the server will write the backup key into `sgx_data/sgxwallet_backup_key.txt`. **This key must be securely recorded and stored.** Be sure to store this key in a safe place, then go into a docker container and securely remove it with the following command: ```bash -docker exec -it bash && apt-get install secure-delete && srm -vz backup_key.txt +docker exec -it bash && srm -vz ./sgx_data/sgxwallet_backup_key.txt ``` Master-Slave replication is recommended to support the SGXWallet backup strategy. Below are general instructions for a basic backup and recovery process. @@ -30,24 +30,12 @@ docker-compose down command: -s -y -d -b ``` -2. Edit the `docker-compose.yml` and add `stdin_open: true` option. For example: - -```yaml -version: "3" -services: - sgxwallet: - image: skalenetwork/sgxwallet:latest - stdin_open: true -``` - -3. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory. +2. Copy the backed up `sgx_data` directory to the recovery `sgx_data` directory. +3. Create file `sgx_data/sgxwallet_backup_key.txt` in the recovery directory and write the backup key into it. 4. Execute: ```bash docker-compose up -d ``` -5. Open another terminal window and run `docker attach container_name` there. - -6. Enter the backup key when prompted. -7. Edit the `docker-compose.yml` file, remove the `-b` flag and `stdin_open: true` option. +5. Edit the `docker-compose.yml` file, remove the `-b` flag. From 41190243ea7f5b0fee3e2970f9beb95236a0fbca Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 12:51:12 +0300 Subject: [PATCH 51/61] SKALE-3274-restart-enclave --- SEKManager.cpp | 7 ++++--- run_sgx/docker-compose.yml | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/SEKManager.cpp b/SEKManager.cpp index a0828aae..c9b5630d 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -211,9 +211,10 @@ void gen_SEK() { void reinitEnclave() { WRITE_LOCK(initMutex); - initEnclave(); - shared_ptr encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK"); - setSEK(encrypted_SEK_ptr); + // unfortunately process needs to be restarted to reinit enclave + // exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the + // wallet + exit(3); } void setSEK(shared_ptr hex_encrypted_SEK) { diff --git a/run_sgx/docker-compose.yml b/run_sgx/docker-compose.yml index 2605b53f..4068bca3 100644 --- a/run_sgx/docker-compose.yml +++ b/run_sgx/docker-compose.yml @@ -2,6 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet:latest + restart: on-failure ports: - "1026:1026" - "1027:1027" From b676e9f82c3a7f128cb9a422b01a7db4d8481064 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 12:51:59 +0300 Subject: [PATCH 52/61] SKALE-3274-restart-enclave --- run_sgx_sim/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/run_sgx_sim/docker-compose.yml b/run_sgx_sim/docker-compose.yml index 8826ab0b..4d2b913b 100644 --- a/run_sgx_sim/docker-compose.yml +++ b/run_sgx_sim/docker-compose.yml @@ -2,6 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet_sim:develop-latest + restart: on-failure ports: - "1026:1026" - "1027:1027" From f23440af8b298c8dfc60e372b15e0b248be5f71b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 13:38:23 +0300 Subject: [PATCH 53/61] SKALE-3274-restart-enclave --- sgxwallet_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sgxwallet_common.h b/sgxwallet_common.h index 57b0b1f7..eec8d61f 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -119,7 +119,7 @@ READ_LOCK(initMutex); #define RESTART_END \ } \ -if (status != SGX_SUCCESS || errStatus != 0) { \ +if (status != SGX_SUCCESS || errStatus == 3) { \ spdlog::error(__FUNCTION__); \ spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \ reinitEnclave(); \ From 216690cf845839fca09a1b62ebfae9968b4aa9f7 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 13:39:29 +0300 Subject: [PATCH 54/61] SKALE-3274-restart-enclave --- sgxwallet_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sgxwallet_common.h b/sgxwallet_common.h index eec8d61f..ca1c48ab 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -124,7 +124,7 @@ spdlog::error(__FUNCTION__); \ spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus); \ reinitEnclave(); \ } \ -} while ((status != SGX_SUCCESS || errStatus != 0) && __ATTEMPTS__ < 2); +} while ((status != SGX_SUCCESS || errStatus == 3) && __ATTEMPTS__ < 2); From abc9d7d595b3aea08321721171b8881ea22bece2 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 13:40:00 +0300 Subject: [PATCH 55/61] SKALE-3274-restart-enclave --- sgxwallet_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sgxwallet_common.h b/sgxwallet_common.h index ca1c48ab..5f5aba59 100644 --- a/sgxwallet_common.h +++ b/sgxwallet_common.h @@ -130,12 +130,12 @@ reinitEnclave(); \ #define RESTART_END_POINTER \ } \ -if (status != SGX_SUCCESS || *errStatus != 0) { \ +if (status != SGX_SUCCESS || *errStatus == 3) { \ spdlog::error(__FUNCTION__);\ spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus); \ reinitEnclave(); \ } \ -} while ((status != SGX_SUCCESS || *errStatus != 0) && __ATTEMPTS__ < 2); +} while ((status != SGX_SUCCESS || *errStatus == 3) && __ATTEMPTS__ < 2); From 8733da4cd63e78475cff83942bc05e4057caadc9 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 13:42:07 +0300 Subject: [PATCH 56/61] SKALE-3274-restart-enclave --- SEKManager.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/SEKManager.cpp b/SEKManager.cpp index c9b5630d..eeb0e89c 100644 --- a/SEKManager.cpp +++ b/SEKManager.cpp @@ -210,7 +210,6 @@ void gen_SEK() { } void reinitEnclave() { - WRITE_LOCK(initMutex); // unfortunately process needs to be restarted to reinit enclave // exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the // wallet From 6f7845bb84b3d907466b65d5047a5b130b80d5eb Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 15 Sep 2020 16:00:01 +0300 Subject: [PATCH 57/61] SKALE-3274-restart-enclave --- run_sgx/docker-compose.yml | 2 +- run_sgx_sim/docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/run_sgx/docker-compose.yml b/run_sgx/docker-compose.yml index 4068bca3..5e171b85 100644 --- a/run_sgx/docker-compose.yml +++ b/run_sgx/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet:latest - restart: on-failure + restart: always ports: - "1026:1026" - "1027:1027" diff --git a/run_sgx_sim/docker-compose.yml b/run_sgx_sim/docker-compose.yml index 4d2b913b..b5db9187 100644 --- a/run_sgx_sim/docker-compose.yml +++ b/run_sgx_sim/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: sgxwallet: image: skalenetwork/sgxwallet_sim:develop-latest - restart: on-failure + restart: always ports: - "1026:1026" - "1027:1027" From 0311119c2d02ca0176498c4df816b9f9cdb4c35b Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Tue, 15 Sep 2020 17:29:13 +0300 Subject: [PATCH 58/61] SKALE-3276 catch error if name already exists --- DKGCrypto.cpp | 8 ++++---- TestUtils.cpp | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index 82daca93..f2ad8312 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -250,15 +250,15 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data()); spdlog::debug("name to write to db is {}", dhKeyName); - SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":"; spdlog::debug("name to write to db is {}", shareG2_name); spdlog::debug("s_shareG2: {}", sShareG2.data()); - SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); - - + try { + SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); + SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); + } catch (const SGXException&) {} } return result; diff --git a/TestUtils.cpp b/TestUtils.cpp index 12771b8a..2082e1d1 100644 --- a/TestUtils.cpp +++ b/TestUtils.cpp @@ -306,6 +306,8 @@ void TestUtils::doDKG(StubClient &c, int n, int t, verifVects[i] = c.getVerificationVector(polyName, t, n); CHECK_STATE(verifVects[i]["status"] == 0); pubEthKeys.append(ethKeys[i]["publicKey"]); + + REQUIRE_NOTHROW(c.getVerificationVector(polyName, t, n)); } for (uint8_t i = 0; i < n; i++) { @@ -318,6 +320,7 @@ void TestUtils::doDKG(StubClient &c, int n, int t, pubShares[i] += TestUtils::convertDecToHex(pubShare); } } + REQUIRE_NOTHROW(c.getSecretShare(polyNames[i], pubEthKeys, t, n)); } int k = 0; From 1efaa0391ee32e1100cf68fb4ae03da4808e920d Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Tue, 15 Sep 2020 17:57:09 +0300 Subject: [PATCH 59/61] SKALE-3276 fix build --- Makefile.am | 2 +- TestUtils.cpp | 3 --- VERSION | 2 +- testw.cpp | 2 ++ 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 04cf99ea..7a3dca0f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -103,7 +103,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in -l:libbls.a -l:libleveldb.a \ -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \ -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \ - -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs + -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs testw_SOURCES=testw.cpp $(COMMON_SRC) diff --git a/TestUtils.cpp b/TestUtils.cpp index 2082e1d1..12771b8a 100644 --- a/TestUtils.cpp +++ b/TestUtils.cpp @@ -306,8 +306,6 @@ void TestUtils::doDKG(StubClient &c, int n, int t, verifVects[i] = c.getVerificationVector(polyName, t, n); CHECK_STATE(verifVects[i]["status"] == 0); pubEthKeys.append(ethKeys[i]["publicKey"]); - - REQUIRE_NOTHROW(c.getVerificationVector(polyName, t, n)); } for (uint8_t i = 0; i < n; i++) { @@ -320,7 +318,6 @@ void TestUtils::doDKG(StubClient &c, int n, int t, pubShares[i] += TestUtils::convertDecToHex(pubShare); } } - REQUIRE_NOTHROW(c.getSecretShare(polyNames[i], pubEthKeys, t, n)); } int k = 0; diff --git a/VERSION b/VERSION index 10e8161b..a4d0152a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.3 \ No newline at end of file +1.58.4 diff --git a/testw.cpp b/testw.cpp index dfe7c181..a833307f 100644 --- a/testw.cpp +++ b/testw.cpp @@ -523,9 +523,11 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") { Json::Value verifVectWrongName = c.getVerificationVector("poly", 2, 2); REQUIRE(verifVectWrongName["status"].asInt() != 0); + REQUIRE_NOTHROW(c.getVerificationVector("poly", 2, 2)); Json::Value secretSharesWrongName = c.getSecretShare("poly", publicKeys, 2, 2); REQUIRE(secretSharesWrongName["status"].asInt() != 0); + REQUIRE_NOTHROW(c.getSecretShare("poly", publicKeys, 2, 2)); // wrong_t Json::Value genPolyWrong_t = c.generateDKGPoly(polyName, 33); From c21cb30d32c1b3812afed653ab0a239694f636a8 Mon Sep 17 00:00:00 2001 From: Oleh Nikolaiev Date: Wed, 16 Sep 2020 11:23:35 +0300 Subject: [PATCH 60/61] SKALE-3276 extend tests --- DKGCrypto.cpp | 9 +++++---- SGXWalletServer.cpp | 36 +++++++++++++++++++++++++++++++----- SGXWalletServer.hpp | 2 ++ testw.cpp | 8 ++++++-- 4 files changed, 44 insertions(+), 11 deletions(-) diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp index f2ad8312..c92ddc53 100644 --- a/DKGCrypto.cpp +++ b/DKGCrypto.cpp @@ -255,12 +255,13 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve spdlog::debug("name to write to db is {}", shareG2_name); spdlog::debug("s_shareG2: {}", sShareG2.data()); - try { - SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); - SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); - } catch (const SGXException&) {} + SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data()); + SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data()); } + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + SGXWalletServer::writeDataToDB(encryptedSecretShareName, result); + return result; } diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index cae48db1..8c87ae7c 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -406,7 +406,6 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J spdlog::info("Entering {}", __FUNCTION__); INIT_RESULT(result); result["secretShare"] = ""; - result["SecretShare"] = ""; try { if (_pubKeys.size() != (uint64_t) _n) { @@ -429,9 +428,15 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J pubKeysStrs.push_back(_pubKeys[i].asString()); } - string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); - result["secretShare"] = s; - result["SecretShare"] = s; + string secret_share_name = "encryptedSecretShare:" + _polyName; + shared_ptr encryptedSecretShare = checkDataFromDb(secret_share_name); + + if (encryptedSecretShare != nullptr) { + result["secretShare"] = *encryptedSecretShare.get(); + } else { + string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); + result["secretShare"] = s; + } } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result) @@ -508,6 +513,9 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string } LevelDB::getLevelDb()->deleteKey(_polyName); + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName); + } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result); @@ -594,6 +602,18 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int result["share*G2"] = *shareG2_ptr; result["dhKey"] = DHKey; + +// TODO: delete dh keys +// for (int i = 0; i < _n; i++) { +// string name = _polyName + "_" + to_string(i) + ":"; +// LevelDB::getLevelDb()->deleteDHDKGKey(name); +// string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":"; +// LevelDB::getLevelDb()->deleteKey(shareG2_name); +// } + LevelDB::getLevelDb()->deleteKey(_polyName); + + string encryptedSecretShareName = "encryptedSecretShare:" + _polyName; + LevelDB::getLevelDb()->deleteKey(encryptedSecretShareName); } HANDLE_SGX_EXCEPTION(result) RETURN_SUCCESS(result); @@ -742,7 +762,7 @@ Json::Value SGXWalletServer::deleteBlsKey(const string &name) { } shared_ptr SGXWalletServer::readFromDb(const string &name, const string &prefix) { - auto dataStr = LevelDB::getLevelDb()->readString(prefix + name); + auto dataStr = checkDataFromDb(prefix + name); if (dataStr == nullptr) { throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist"); @@ -751,6 +771,12 @@ shared_ptr SGXWalletServer::readFromDb(const string &name, const string return dataStr; } +shared_ptr SGXWalletServer::checkDataFromDb(const string &name, const string &prefix) { + auto dataStr = LevelDB::getLevelDb()->readString(prefix + name); + + return dataStr; +} + void SGXWalletServer::writeKeyShare(const string &_keyShareName, const string &_value) { if (LevelDB::getLevelDb()->readString(_keyShareName) != nullptr) { throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Key share with this name already exists"); diff --git a/SGXWalletServer.hpp b/SGXWalletServer.hpp index 59ab91f7..816cfab0 100644 --- a/SGXWalletServer.hpp +++ b/SGXWalletServer.hpp @@ -90,6 +90,8 @@ class SGXWalletServer : public AbstractStubServer { static shared_ptr readFromDb(const string &name, const string &prefix = ""); + static shared_ptr checkDataFromDb(const string &name, const string &prefix = ""); + static void writeDataToDB(const string &Name, const string &value); static void writeKeyShare(const string &_keyShareName, const string &_value); diff --git a/testw.cpp b/testw.cpp index a833307f..f4175aa8 100644 --- a/testw.cpp +++ b/testw.cpp @@ -523,11 +523,9 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") { Json::Value verifVectWrongName = c.getVerificationVector("poly", 2, 2); REQUIRE(verifVectWrongName["status"].asInt() != 0); - REQUIRE_NOTHROW(c.getVerificationVector("poly", 2, 2)); Json::Value secretSharesWrongName = c.getSecretShare("poly", publicKeys, 2, 2); REQUIRE(secretSharesWrongName["status"].asInt() != 0); - REQUIRE_NOTHROW(c.getSecretShare("poly", publicKeys, 2, 2)); // wrong_t Json::Value genPolyWrong_t = c.generateDKGPoly(polyName, 33); @@ -554,7 +552,13 @@ TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") { //wrong verif Json::Value Skeys = c.getSecretShare(polyName, publicKeys, 2, 2); + REQUIRE_NOTHROW(c.getSecretShare(polyName, publicKeys, 2, 2)); + REQUIRE(Skeys == c.getSecretShare(polyName, publicKeys, 2, 2)); + Json::Value verifVect = c.getVerificationVector(polyName, 2, 2); + REQUIRE_NOTHROW(c.getVerificationVector(polyName, 2, 2)); + REQUIRE(verifVect == c.getVerificationVector(polyName, 2, 2)); + Json::Value verificationWrongSkeys = c.dkgVerification("", "", "", 2, 2, 1); REQUIRE(verificationWrongSkeys["status"].asInt() != 0); } From 29d45313a7e8a3d5afdad8f4b6c59dcb38f04683 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 16 Sep 2020 11:28:45 +0300 Subject: [PATCH 61/61] SKALE-3283-resubmit --- VERSION | 2 +- secure_enclave/SIGNED_ENCLAVE_VERSION | 2 +- secure_enclave/secure_enclave.config.xml | 2 +- secure_enclave/secure_enclave.config.xml.release | 2 +- secure_enclave/secure_enclave.config.xml.sim | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/VERSION b/VERSION index 10e8161b..63177ae6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.58.3 \ No newline at end of file +1.58.4 \ No newline at end of file diff --git a/secure_enclave/SIGNED_ENCLAVE_VERSION b/secure_enclave/SIGNED_ENCLAVE_VERSION index 38a849b1..84e8fe49 100644 --- a/secure_enclave/SIGNED_ENCLAVE_VERSION +++ b/secure_enclave/SIGNED_ENCLAVE_VERSION @@ -1 +1 @@ -#define SIGNED_ENCLAVE_VERSION "0" \ No newline at end of file +#define SIGNED_ENCLAVE_VERSION "1" \ No newline at end of file diff --git a/secure_enclave/secure_enclave.config.xml b/secure_enclave/secure_enclave.config.xml index 23617c17..45283f17 100644 --- a/secure_enclave/secure_enclave.config.xml +++ b/secure_enclave/secure_enclave.config.xml @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1000000 0x100000000 128 diff --git a/secure_enclave/secure_enclave.config.xml.release b/secure_enclave/secure_enclave.config.xml.release index d4685ca9..d8d5aad1 100644 --- a/secure_enclave/secure_enclave.config.xml.release +++ b/secure_enclave/secure_enclave.config.xml.release @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1000000 0x100000000 128 diff --git a/secure_enclave/secure_enclave.config.xml.sim b/secure_enclave/secure_enclave.config.xml.sim index 4dc8ecdf..7e77b69c 100644 --- a/secure_enclave/secure_enclave.config.xml.sim +++ b/secure_enclave/secure_enclave.config.xml.sim @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1000000 0x1000000 16