Merge pull request #124 from skalenetwork/SKALE-2895-FIX-SGX-BUILD

Skale 2895 fix sgx build
skalenetwork · Jul 12, 2020 · 3d59571 · 3d59571
2 parents bdb4be9 + 4ae010f
commit 3d59571
Show file tree

Hide file tree

Showing 10 changed files with 2,540 additions and 80 deletions.
diff --git a/DKGCrypto.cpp b/DKGCrypto.cpp
@@ -351,7 +351,6 @@ string decryptDHKey(const string &polyName, int ind) {
 
 vector<string> mult_G2(const string &x) {
     vector<string> result(4);
-    libff::init_alt_bn128_params();
     libff::alt_bn128_Fr el(x.c_str());
     libff::alt_bn128_G2 elG2 = el * libff::alt_bn128_G2::one();
     elG2.to_affine_coordinates();

diff --git a/DockerfileBase b/DockerfileBase
@@ -37,5 +37,5 @@ RUN    apt update && \
        cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
        cd /usr/src/sdk && \
        ./autoconf.bash && \
-       ./configure  && \
+        ./configure  && \
        bash -c "make -j$(nproc)"
diff --git a/README.md b/README.md
@@ -27,6 +27,14 @@ The sgxwallet server is still in active development and therefore should be rega
 
 ## Running sgxwallet
 
+### Clone this repo
+
+As you probably suspect, the first thing to do is to clone this repository and all it is sub-repositories. 
+
+```bash
+git clone https://github.com/skalenetwork/sgxwallet.git --recurse-submodules
+```
+
 ### Try in simulation mode
 
 The easiest way to try the sgxwallet server is to run a docker container in insecure simulation mode that emulates an SGX processor. Once you are familiar with the server, you can enable sgx on your machine and run it in secure production mode.
@@ -55,12 +63,12 @@ Never run a production sgxserver in simulation mode.
 If you are a SKALE validator and want to run sgxwallet for testnet or mainnet usage, you need
  a SGX-capable server.  
 Please refer to Admin guide for details on how to setup sgxwallet in a secure hardware mode 
- [docs/admin_guide.md](docs/admin_guide.md).
+ [docs/admin-guide.md](docs/admin-guide.md).
 
 ## Developer guide
 
 If you are a SKALE developer and want to build sgxwallet from source, please refer to Developer
-guide [docs/developer_guide.md](docs/developer_guide.md).
+guide [docs/developer-guide.md](docs/developer-guide.md).
 
 ## Contributing
 

diff --git a/ServerInit.cpp b/ServerInit.cpp
@@ -31,6 +31,7 @@
 #include <sys/stat.h>
 
 #include "libff/algebra/curves/alt_bn128/alt_bn128_init.hpp"
+#include <libff/common/profiling.hpp>
 #include "bls.h"
 #include "leveldb/db.h"
 #include <jsonrpccpp/server/connectors/httpserver.h>
@@ -56,7 +57,12 @@
 #include "SGXWalletServer.hpp"
 
 void initUserSpace() {
+
+    libff::inhibit_profiling_counters = true;
+    libff::inhibit_profiling_info = true;
+
     libff::init_alt_bn128_params();
+
     LevelDB::initDataFolderAndDBs();
 }
 

diff --git a/docs/developer-guide.md b/docs/developer-guide.md
@@ -3,12 +3,12 @@
 ## Build from source code
 
 -   [Install prerequisites](prerequisites.md)
--   [Enable SGX](enabling-sgx.md)
--   [Build SGX](building.md)
--   [Example Usage](examples.md)
+-   [Enable SGX mode on your machine](enabling-sgx.md)
+-   [Build sgxwallet ](building.md)
+-   [Sgxwallet example usage](examples.md)
 -   [Contributing source code](../.github/CONTRIBUTING.md)
--   [Security Bug Reporting](../SECURITY.md)
+-   [Security bug reporting](../SECURITY.md)
 
 ## Community
 
--   [SKALE Discord](http://skale.chat)
+-   [SKALE discord](http://skale.chat)
diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp
@@ -101,7 +101,7 @@ void enclave_init() {
 
 bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
           char* sig) {
-    libff::init_alt_bn128_params();
+
 
     auto key = keyFromString(_keyString);
 
@@ -217,20 +217,20 @@ void logMsg(log_level _level, const char* _msg) {
 }
 
 
-EXTERNC void LOG_INFO(char* _msg) {
+EXTERNC void LOG_INFO(const char* _msg) {
     logMsg(L_INFO, _msg);
 };
-EXTERNC void LOG_WARN(char* _msg) {
+EXTERNC void LOG_WARN(const char* _msg) {
     logMsg(L_WARNING, _msg);
 };
 
-EXTERNC void LOG_ERROR(char* _msg) {
+EXTERNC void LOG_ERROR(const char* _msg) {
     logMsg(L_ERROR, _msg);
 };
-EXTERNC void LOG_DEBUG(char* _msg) {
+EXTERNC void LOG_DEBUG(const char* _msg) {
     logMsg(L_DEBUG, _msg);
 };
-EXTERNC void LOG_TRACE(char* _msg) {
+EXTERNC void LOG_TRACE(const char* _msg) {
     logMsg(L_TRACE, _msg);
 };
 
diff --git a/secure_enclave/EnclaveCommon.h b/secure_enclave/EnclaveCommon.h
@@ -43,12 +43,19 @@ EXTERNC bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
                          uint8_t* _bin, const int _max_length );
 EXTERNC void enclave_init();
 
-EXTERNC void LOG_INFO(char* msg);
-EXTERNC void LOG_WARN(char* _msg);
-EXTERNC void LOG_ERROR(char* _msg);
-EXTERNC void LOG_DEBUG(char* _msg);
-EXTERNC void LOG_TRACE(char* _msg);
+
+
+void get_global_random(unsigned char* _randBuff, uint64_t size);
+
+EXTERNC void LOG_INFO(const char* msg);
+EXTERNC void LOG_WARN(const char* _msg);
+EXTERNC void LOG_ERROR(const char* _msg);
+EXTERNC void LOG_DEBUG(const char* _msg);
+EXTERNC void LOG_TRACE(const char* _msg);
 
 extern uint32_t globalLogLevel_;
 
+extern unsigned char* globalRandom;
+
+
 #endif //SGXWALLET_ENCLAVECOMMON_H
diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c
@@ -92,86 +92,111 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa
 void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) {
     //message must not have a bit length longer than that of n
     //see: Guide to Elliptic Curve Cryptography, section 4.4.1.
-    assert(mpz_sizeinbase(message, 2) <= mpz_sizeinbase(curve->n, 2));
 
-    point Q = point_init();
+    for (int i = 0; i < 1; i++ ) {
 
-    //Initializing variables
-    mpz_t k, x, r, t1, t2, t3, t4, t5,  s, n_div_2, rem, neg, seed;
-    mpz_init(k); mpz_init(x); mpz_init(r); mpz_init(t1); mpz_init(t2); mpz_init(t3); mpz_init(s);
-    mpz_init(t4); mpz_init(t5); mpz_init(n_div_2); mpz_init(rem); mpz_init(neg); mpz_init(seed);
+        assert(mpz_sizeinbase(message, 2) <= mpz_sizeinbase(curve->n, 2));
 
-    unsigned char *rand_char = (unsigned char *) calloc(32,1);
+        point Q = point_init();
 
-    sgx_read_rand(rand_char, 32);
+        //Initializing variables
+        mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed;
+        mpz_init(k);
+        mpz_init(x);
+        mpz_init(r);
+        mpz_init(t1);
+        mpz_init(t2);
+        mpz_init(t3);
+        mpz_init(s);
+        mpz_init(t4);
+        mpz_init(t5);
+        mpz_init(n_div_2);
+        mpz_init(rem);
+        mpz_init(neg);
+        mpz_init(seed);
 
-    gmp_randstate_t r_state;
+        unsigned char *rand_char = (unsigned char *) calloc(32, 1);
 
-    signature_sign_start:
+        get_global_random(rand_char, 32);
 
-    //Set k
-    sgx_read_rand(rand_char, 32);
-;
-    mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
+        gmp_randstate_t r_state;
 
-    mpz_mod(k, seed, curve->p);
+        signature_sign_start:
 
-    //mpz_set_str(k, "49a0d7b786ec9cde0d0721d72804befd06571c974b191efb42ecf322ba9ddd9a", 16);
-    //  mpz_set_str(k, "DC87789C4C1A09C97FF4DE72C0D0351F261F10A2B9009C80AEE70DDEC77201A0", 16);
-    //mpz_set_str(k,"29932781130098090011281004827843485745127563886526054275935615017309884975795",10);
 
-    //Calculate x
-    point_multiplication(Q, k, curve->G, curve);
-    mpz_set(x, Q->x);
+        get_global_random(rand_char, 32);
 
-    //Calculate r
-    mpz_mod(r, x, curve->n);
-    if (!mpz_sgn(r))    //Start over if r=0, note haven't been tested memory might die :)
-        goto signature_sign_start;
+        mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
 
+        mpz_mod(k, seed, curve->p);
 
-    //Calculate s
-    //s = k¯¹(e+d*r) mod n = (k¯¹ mod n) * ((e+d*r) mod n) mod n
-    //number_theory_inverse(t1, k, curve->n);//t1 = k¯¹ mod n
-    mpz_invert(t1, k, curve->n);
-    mpz_mul(t2, private_key, r);    //t2 = d*r
-    mpz_add(t3, message, t2);    //t3 = e+t2
-    mpz_mod(t4, t3, curve->n);    //t2 = t3 mod n
-    mpz_mul(t5, t4, t1);        //t3 = t2 * t1
-    mpz_mod(s, t5, curve->n);    //s = t3 mod n
+        //mpz_set_str(k, "49a0d7b786ec9cde0d0721d72804befd06571c974b191efb42ecf322ba9ddd9a", 16);
+        //  mpz_set_str(k, "DC87789C4C1A09C97FF4DE72C0D0351F261F10A2B9009C80AEE70DDEC77201A0", 16);
+        //mpz_set_str(k,"29932781130098090011281004827843485745127563886526054275935615017309884975795",10);
 
-    //Calculate v
+        //Calculate x
+        point_multiplication(Q, k, curve->G, curve);
+        mpz_set(x, Q->x);
 
-    mpz_mod_ui(rem, Q->y, 2);
-    mpz_t s_mul_2;
-    mpz_init(s_mul_2);
-    mpz_mul_ui(s_mul_2, s, 2);
+        //Calculate r
+        mpz_mod(r, x, curve->n);
+        if (!mpz_sgn(r))    //Start over if r=0, note haven't been tested memory might die :)
+            goto signature_sign_start;
 
-    unsigned b = 0;
-    if (mpz_cmp(s_mul_2, curve->n) > 0) {
-        b = 1;
-    }
-    sig->v = mpz_get_ui(rem) ^ b;
 
-    mpz_cdiv_q_ui(n_div_2, curve->n, 2);
+        //Calculate s
+        //s = k¯¹(e+d*r) mod n = (k¯¹ mod n) * ((e+d*r) mod n) mod n
+        //number_theory_inverse(t1, k, curve->n);//t1 = k¯¹ mod n
+        mpz_invert(t1, k, curve->n);
+        mpz_mul(t2, private_key, r);    //t2 = d*r
+        mpz_add(t3, message, t2);    //t3 = e+t2
+        mpz_mod(t4, t3, curve->n);    //t2 = t3 mod n
+        mpz_mul(t5, t4, t1);        //t3 = t2 * t1
+        mpz_mod(s, t5, curve->n);    //s = t3 mod n
 
-    if (mpz_cmp(s, n_div_2) > 0) {
-        mpz_sub(neg, curve->n, s);
-        mpz_set(s, neg);
-    }
+        //Calculate v
 
-    //Set signature
-    mpz_set(sig->r, r);
-    mpz_set(sig->s, s);
+        mpz_mod_ui(rem, Q->y, 2);
+        mpz_t s_mul_2;
+        mpz_init(s_mul_2);
+        mpz_mul_ui(s_mul_2, s, 2);
 
-    clean:
+        unsigned b = 0;
+        if (mpz_cmp(s_mul_2, curve->n) > 0) {
+            b = 1;
+        }
+        sig->v = mpz_get_ui(rem) ^ b;
+
+        mpz_cdiv_q_ui(n_div_2, curve->n, 2);
+
+        if (mpz_cmp(s, n_div_2) > 0) {
+            mpz_sub(neg, curve->n, s);
+            mpz_set(s, neg);
+        }
 
-    free(rand_char);
-    point_clear(Q);
+        //Set signature
+        mpz_set(sig->r, r);
+        mpz_set(sig->s, s);
 
-    mpz_clear(k); mpz_clear(r); mpz_clear(s); mpz_clear(x); mpz_clear(rem); mpz_clear(neg);
-    mpz_clear(t1); mpz_clear(t2); mpz_clear(t3); mpz_clear(seed); mpz_clear(n_div_2);
-    mpz_clear(s_mul_2);
+        clean:
+
+        free(rand_char);
+        point_clear(Q);
+
+        mpz_clear(k);
+        mpz_clear(r);
+        mpz_clear(s);
+        mpz_clear(x);
+        mpz_clear(rem);
+        mpz_clear(neg);
+        mpz_clear(t1);
+        mpz_clear(t2);
+        mpz_clear(t3);
+        mpz_clear(seed);
+        mpz_clear(n_div_2);
+        mpz_clear(s_mul_2);
+
+    }
 
 }
 

diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c
@@ -37,6 +37,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <string.h>
 #include <stdio.h>
 #include <stdbool.h>
+#include <assert.h>
 
 #include "secure_enclave_t.h"
 #include "sgx_tcrypto.h"
@@ -69,6 +70,8 @@ void *reallocate_function(void *, size_t, size_t);
 
 void free_function(void *, size_t);
 
+unsigned char* globalRandom;
+
 void trustedEnclaveInit(uint32_t _logLevel) {
     LOG_DEBUG (__FUNCTION__);
 
@@ -80,6 +83,11 @@ void trustedEnclaveInit(uint32_t _logLevel) {
     mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func);
     mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
 
+
+    globalRandom = (unsigned char *) calloc(32,1);
+
+    sgx_read_rand(globalRandom, 32);
+
     enclave_init();
 
     LOG_DEBUG("SUCCESS");
@@ -121,6 +129,18 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
     return (void *) nptr;
 }
 
+void get_global_random(unsigned char* _randBuff, uint64_t _size) {
+    assert(_size <= 32);
+    sgx_sha_state_handle_t shaStateHandle;
+    assert(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
+    assert(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
+    assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
+    assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
+    assert(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);
+    memcpy(_randBuff, globalRandom, _size);
+}
+
+
 void trustedEMpzAdd(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
 
 void trustedEMpzMul(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
@@ -137,7 +157,7 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
     domain_parameters_load_curve(curve, secp256k1);
 
     unsigned char *rand_char = (unsigned char *) calloc(32, 1);
-    sgx_read_rand(rand_char, 32);
+    get_global_random(rand_char, 32);
 
     mpz_t seed;
     mpz_init(seed);
@@ -917,7 +937,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
     domain_parameters_load_curve(curve, secp256k1);
 
     unsigned char *rand_char = (unsigned char *) calloc(32, 1);
-    sgx_read_rand(rand_char, 32);
+    get_global_random(rand_char, 32);
 
     mpz_t seed;
     mpz_init(seed);