diff --git a/.gitignore b/.gitignore index dbd41820..790bcc8d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,49 +1,48 @@ -# Created by .ignore support plugin (hsz.mobi) -.idea/ -sgx-gmp/ -gmp-build -tgmp-build -install-sh -config.log -config.status -Makefile.in -Makefile -secure_enclave_u.h -secure_enclave_u.c -secure_enclave.edl -am--include-marker -*.o -aclocal.m4 -missing -compile -depcomp -ltmain.sh -secure_enclave.signed.so -sgxgmpmath -sgxgmppi -.deps -CMakeCache.txt -cmake_install.cmake -sgxd.cbp -sgx-gmp -sgx-sdk-build -secure_enclave/Makefile -secure_enclave/secure_enclave.signed.so -secure_enclave/secure_enclave.so -secure_enclave/secure_enclave_t.c -secure_enclave/secure_enclave_t.h -sgxd -cert/SGXServerCertificate* -autom4te.cache -sgxwallet -testw -configure -jsonrpc/zlib -jsonrpc/argtable2 -jsonrpc/jsoncpp -jsonrpc/libjson-rpc-cpp -jsonrpc/curl-from-git.tar.gz -jsonrpc/curl -jsonrpc/libmicrohttpd -secure_enclave/.deps -test-driver +/.idea/ +/cmake-build-debug/ +/build/ +/sgx_data/ +/jsonrpc/ +/gmp-build/ +/tgmp-build/ +/install-sh +/config.log +/config.status +/Makefile.in +/Makefile +/secure_enclave_u.h +/secure_enclave_u.c +/secure_enclave.edl +/am--include-marker +/*.o +/*.m4 +/missing +/compile +/depcomp +/ltmain.sh +/secure_enclave.signed.so +/sgxgmpmath +/sgxgmppi +/.deps +/CMakeCache.txt +/cmake_install.cmake +/sgxd.cbp +/sgx-gmp/ +/sgx-sdk-build/ +/secure_enclave/Makefile +/secure_enclave/secure_enclave.signed.so +/secure_enclave/secure_enclave.so +/secure_enclave/secure_enclave_t.c +/secure_enclave/secure_enclave_t.h +/sgxd +/cert/SGXServerCertificate* +/autom4te.cache +/sgxwallet +/testw +/configure +/secure_enclave/.deps +/test-driver +/intel-sgx-ssl/ +/m4 +/.testw.py.swp +/cert_util diff --git a/Dockerfile b/Dockerfile index bc6f0f9b..6e47a943 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,28 +1,8 @@ FROM skalenetwork/sgxwallet_base:latest + +COPY . /usr/src/sdk WORKDIR /usr/src/sdk -RUN ccache -sz -RUN touch /var/hwmode -COPY *.cpp ./ -COPY *.h ./ -COPY *.txt ./ -COPY *.c ./ -COPY *.am ./ -COPY *.hpp ./ -COPY *.gmp ./ -COPY *.ac ./ -COPY *.json ./ -COPY docker ./docker -COPY build-aux ./build-aux -COPY cert ./cert -COPY jsonrpc ./jsonrpc -COPY autoconf.bash ./ -COPY leveldb ./leveldb -COPY m4 ./m4 -COPY scripts ./scripts -COPY secure_enclave ./secure_enclave -COPY spdlog ./spdlog -COPY SGXWALLET_VERSION ./ RUN ./autoconf.bash RUN ./configure diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 982bf514..3cbcd608 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -32,13 +32,15 @@ #include - #include "spdlog/spdlog.h" #include "common.h" + +#include "secure_enclave/Verify.h" + #include "BLSCrypto.h" -#include "ECDSACrypto.h" +#include "ECDSACrypto.h" string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { @@ -49,46 +51,46 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { } -void fillRandomBuffer(vector& _buffer) { - ifstream devRandom("/dev/urandom", ios::in|ios::binary); - devRandom.exceptions(std::ifstream::failbit | std::ifstream::badbit); - devRandom.read((char*) _buffer.data(), _buffer.size()); +void fillRandomBuffer(vector &_buffer) { + ifstream devRandom("/dev/urandom", ios::in | ios::binary); + devRandom.exceptions(ifstream::failbit | ifstream::badbit); + devRandom.read((char *) _buffer.data(), _buffer.size()); devRandom.close(); } -std::vector genECDSAKey() { +vector genECDSAKey() { vector errMsg(1024, 0); int errStatus = 0; - vector encr_pr_key(1024, 0); - vectorpub_key_x(1024, 0); - vectorpub_key_y(1024, 0); + vector encr_pr_key(1024, 0); + vector pub_key_x(1024, 0); + vector pub_key_y(1024, 0); uint32_t enc_len = 0; if (!encryptKeys) status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(), - &enc_len, pub_key_x.data(), pub_key_y.data()); + &enc_len, pub_key_x.data(), pub_key_y.data()); else status = trustedGenerateEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encr_pr_key.data(), &enc_len, - pub_key_x.data(), pub_key_y.data()); + errMsg.data(), encr_pr_key.data(), &enc_len, + pub_key_x.data(), pub_key_y.data()); if (status != SGX_SUCCESS || errStatus != 0) { spdlog::error("RPCException thrown with status {}", status); throw SGXException(status, errMsg.data()); } - std::vector keys(3); + vector keys(3); vector hexEncrKey(BUF_LEN * 2, 0); carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); keys.at(0) = hexEncrKey.data(); - keys.at(1) = std::string(pub_key_x.data()) + std::string(pub_key_y.data()); + keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); - vector randBuffer(32,0); + vector randBuffer(32, 0); fillRandomBuffer(randBuffer); - vector rand_str(64,0); + vector rand_str(64, 0); carray2Hex(randBuffer.data(), 32, rand_str.data()); @@ -99,12 +101,12 @@ std::vector genECDSAKey() { return keys; } -std::string getECDSAPubKey(const char *_encryptedKeyHex) { +string getECDSAPubKey(const char *_encryptedKeyHex) { vector errMsg(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - vector encrPrKey(BUF_LEN, 0); + vector encrPrKey(BUF_LEN, 0); int errStatus = 0; uint64_t enc_len = 0; @@ -115,77 +117,135 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) { if (!encryptKeys) status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), - pubKeyY.data()); - else status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + pubKeyY.data()); + else + status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, + errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); if (errStatus != 0) { throw SGXException(-666, errMsg.data()); } string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);// - spdlog::debug("enc_len is {}", enc_len); - spdlog::debug("pubkey is {}", pubKey); - spdlog::debug("pubkey length is {}", pubKey.length()); - spdlog::debug("err str is {}", errMsg.data()); - spdlog::debug("err status is {}", errStatus); + if (pubKey.size() != 128) { + spdlog::error("Incorrect pub key size", status); + throw SGXException(666, "Incorrect pub key size"); + } return pubKey; } -vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { - vector signature_vect(3); +bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, + const char *signatureS) { - char *errMsg = (char *) calloc(1024, 1); - int errStatus = 0; - char *signature_r = (char *) calloc(1024, 1); - char *signature_s = (char *) calloc(1024, 1); - uint8_t signature_v = 0; - uint64_t dec_len = 0; - - //uint8_t encr_key[BUF_LEN]; - uint8_t *encr_key = (uint8_t *) calloc(1024, 1); - if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) { - throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); + bool result = false; + + signature sig = signature_init(); + + auto r = pubKeyStr.substr(0, 64); + auto s = pubKeyStr.substr(64, 128); + domain_parameters curve = domain_parameters_init(); + domain_parameters_load_curve(curve, secp256k1); + point publicKey = point_init(); + + + mpz_t msgMpz; + mpz_init(msgMpz); + + + if (mpz_set_str(msgMpz, hashHex, 16) == -1) { + spdlog::error("invalid message hash {}", hashHex); + goto clean; + } + + signature_set_str(sig, signatureR, signatureS, 16); + + point_set_hex(publicKey, r.c_str(), s.c_str()); + if (!signature_verify(msgMpz, sig, publicKey, curve)) { + spdlog::error("ECDSA sig not verified"); + goto clean; } + result = true; - spdlog::debug("encryptedKeyHex: {}", encryptedKeyHex); - spdlog::debug("HASH: {}", hashHex); - spdlog::debug("encrypted len: {}", dec_len); + clean: + mpz_clear(msgMpz); + domain_parameters_clear(curve); + point_clear(publicKey); + signature_free(sig); - if (!encryptKeys) - status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, - signature_s, &signature_v, base); - else - status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r, - signature_s, &signature_v, base); - if (errStatus != 0) { - throw SGXException(-666, errMsg); + return result; + +} + +vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { + vector signatureVector(3); + + vector errMsg(1024, 0); + int errStatus = 0; + vector signatureR(1024, 0); + vector signatureS(1024, 0); + vector encryptedKey(1024, 0); + uint8_t signatureV = 0; + uint64_t decLen = 0; + + string pubKeyStr = ""; + + shared_ptr exception = NULL; + + if (!hex2carray(encryptedKeyHex, &decLen, encryptedKey.data())) { + exception = make_shared(INVALID_HEX, "Invalid encryptedKeyHex"); + goto clean; } + pubKeyStr = getECDSAPubKey(encryptedKeyHex); - spdlog::debug("signature r in ecdsa_sign_hash: {}", signature_r); - spdlog::debug("signature s in ecdsa_sign_hash: {}", signature_s); + + if (!encryptKeys) { + status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), + encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); + + + } else + status = trustedEcdsaSignAES(eid, &errStatus, + errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); + if (errStatus != 0) { + exception = make_shared(666, errMsg.data()); + goto clean; + } if (status != SGX_SUCCESS) { - spdlog::error(" failed to sign "); + spdlog::error("failed to sign {}", status); + exception = make_shared(666, "failed to sign"); + goto clean; } - signature_vect.at(0) = to_string(signature_v); + signatureVector.at(0) = to_string(signatureV); if (base == 16) { - signature_vect.at(1) = "0x" + string(signature_r); - signature_vect.at(2) = "0x" + string(signature_s); + signatureVector.at(1) = "0x" + string(signatureR.data()); + signatureVector.at(2) = "0x" + string(signatureS.data()); } else { - signature_vect.at(1) = string(signature_r); - signature_vect.at(2) = string(signature_s); + signatureVector.at(1) = string(signatureR.data()); + signatureVector.at(2) = string(signatureS.data()); } - free(errMsg); - free(signature_r); - free(signature_s); - free(encr_key); + /* Now verify signature */ + + if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) { + exception = make_shared(667, "ECDSA did not verify"); + goto clean; + } + + + clean: + + if (exception) + throw *exception; - return signature_vect; + return signatureVector; } \ No newline at end of file diff --git a/ECDSAImpl.c b/ECDSAImpl.c new file mode 100644 index 00000000..dc3d89b5 --- /dev/null +++ b/ECDSAImpl.c @@ -0,0 +1,5 @@ +#include "secure_enclave/Point.c" +#include "secure_enclave/DomainParameters.c" +#include "secure_enclave/NumberTheory.c" +#include "secure_enclave/Signature.c" +#include "secure_enclave/Curves.c" \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index 4c17ec9d..d3be6d86 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am ## ## And a pattern rule for building prexoxy functions from EDL files: ## -## %_u.h %_u.c: %.edl +## %_u.h %_u.c: %.edl34 ## ## And sets these Makefile variables: ## @@ -33,7 +33,7 @@ SUBDIRS=secure_enclave ## ## SGX_EDGER8R_FLAGS= - +WALLET_VERSION := $(shell cat VERSION) ## Needed to make our pattern rule work. @@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl #AM_CPPFLAGS += -g -Og -AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault +AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" +AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" -AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include +AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include ## Additional targets to remove with 'make clean'. You must list ## any edger8r generated files here. @@ -67,9 +67,11 @@ bin_PROGRAMS = sgxwallet testw cert_util ## have to be explicitly listed. COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ - SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp ECDSACrypto.cpp \ + SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \ + ECDSACrypto.cpp \ DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \ - sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c + sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \ + ECDSAImpl.c COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC) @@ -115,4 +117,4 @@ cert_util_SOURCES= InvalidStateException.cpp Exception.cpp InvalidArgumentExcep cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \ -LlibBLS/build/libff/libff \ -l:libbls.a -l:libleveldb.a \ - -l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl + -l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl \ No newline at end of file diff --git a/SGXWALLET_VERSION b/SGXWALLET_VERSION deleted file mode 100644 index be867a16..00000000 --- a/SGXWALLET_VERSION +++ /dev/null @@ -1 +0,0 @@ -#define SGXWALLET_VERSION "1.49.5" diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index 9f6e2658..0e6d4683 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin if (!checkName(_keyShareName, "BLS_KEY")) { throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name"); } - string cutHash = _messageHash; - if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { - cutHash.erase(cutHash.begin(), cutHash.begin() + 2); + string hashTmp = _messageHash; + if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2); } - while (cutHash[0] == '0') { - cutHash.erase(cutHash.begin(), cutHash.begin() + 1); + while (hashTmp[0] == '0') { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1); } - if (!checkHex(cutHash)) { + if (!checkHex(hashTmp)) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st throw SGXException(UNKNOWN_ERROR, "invalid key name"); } - shared_ptr key_ptr = readFromDb(_tempKeyName); + shared_ptr encryptedKey = readFromDb(_tempKeyName); - writeDataToDB(_keyName, *key_ptr); + writeDataToDB(_keyName, *encryptedKey); LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName); } HANDLE_SGX_EXCEPTION(result) @@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_ result["signature_r"] = ""; result["signature_s"] = ""; - vector sign_vect(3); + vector signatureVector(3); try { - string cutHash = _messageHash; - if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { - cutHash.erase(cutHash.begin(), cutHash.begin() + 2); + string hashTmp = _messageHash; + if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2); } - while (cutHash[0] == '0') { - cutHash.erase(cutHash.begin(), cutHash.begin() + 1); + while (hashTmp[0] == '0') { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1); } if (!checkECDSAKeyName(_keyName)) { throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name"); } - if (!checkHex(cutHash)) { + if (!checkHex(hashTmp)) { throw SGXException(INVALID_HEX, "Invalid hash"); } if (_base <= 0 || _base > 32) { throw SGXException(-22, "Invalid base"); } - shared_ptr key_ptr = readFromDb(_keyName, ""); + shared_ptr encryptedKey = readFromDb(_keyName, ""); - sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base); - if (sign_vect.size() != 3) { + signatureVector = ecdsaSignHash(encryptedKey->c_str(), hashTmp.c_str(), _base); + if (signatureVector.size() != 3) { throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature"); } - spdlog::debug("got signature_s {}", sign_vect.at(2)); + spdlog::debug("got signature_s {}", signatureVector.at(2)); - result["signature_v"] = sign_vect.at(0); - result["signature_r"] = sign_vect.at(1); - result["signature_s"] = sign_vect.at(2); + result["signature_v"] = signatureVector.at(0); + result["signature_r"] = signatureVector.at(1); + result["signature_s"] = signatureVector.at(2); } HANDLE_SGX_EXCEPTION(result) @@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t "); } - shared_ptr encr_poly_ptr = readFromDb(_polyName); + shared_ptr encrPoly = readFromDb(_polyName); - verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n); + verifVector = get_verif_vect(encrPoly->c_str(), _t, _n); for (int i = 0; i < _t; i++) { - vector cur_coef = verifVector.at(i); + vector currentCoef = verifVector.at(i); for (int j = 0; j < 4; j++) { - result["verificationVector"][i][j] = cur_coef.at(j); + result["verificationVector"][i][j] = currentCoef.at(j); } } @@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t "); } - shared_ptr encr_poly_ptr = readFromDb(_polyName); + shared_ptr encrPoly = readFromDb(_polyName); vector pubKeysStrs; for (int i = 0; i < _n; i++) { @@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J pubKeysStrs.push_back(_pubKeys[i].asString()); } - string s = trustedGetSecretShares(_polyName, encr_poly_ptr->c_str(), pubKeysStrs, _t, _n); + string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); //cerr << "result is " << s << endl; result["secretShare"] = s; @@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() { return result; } -Json::Value SGXWalletServer::getServerVersionImpl() { +Json::Value SGXWalletServer::getServerVersionImpl() { INIT_RESULT(result) - - result["version"] = SGXWALLET_VERSION; - + result["version"] = TOSTRING(SGXWALLET_VERSION); return result; } diff --git a/SGXWalletServer.hpp b/SGXWalletServer.hpp index a243945f..63079692 100644 --- a/SGXWalletServer.hpp +++ b/SGXWalletServer.hpp @@ -33,8 +33,13 @@ using namespace jsonrpc; using namespace std; +#define STRINGIFY(x) #x +#define TOSTRING(x) STRINGIFY(x) + class SGXWalletServer : public AbstractStubServer { + + recursive_mutex m; static shared_ptr server; @@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer { public: + + static const char* getVersion() { + return TOSTRING(SGXWALLET_VERSION); + } + SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type); virtual Json::Value diff --git a/ServerInit.cpp b/ServerInit.cpp index e5323a04..cd3c6a94 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { static int sgxServerInited; - cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl; + cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl; CHECK_STATE(sgxServerInited == 0) sgxServerInited = 1; diff --git a/ServerInit.h b/ServerInit.h index 19702c5b..73296b61 100644 --- a/ServerInit.h +++ b/ServerInit.h @@ -25,7 +25,6 @@ #define SGXWALLET_SERVERINIT_H #include "stdint.h" -#include "SGXWALLET_VERSION" #ifdef __cplusplus #define EXTERNC extern "C" diff --git a/VERSION b/VERSION index b632b1d0..bc603ea6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.49 \ No newline at end of file +1.50.2 \ No newline at end of file diff --git a/common.h b/common.h index fa43e91f..a2ab135e 100644 --- a/common.h +++ b/common.h @@ -16,7 +16,7 @@ You should have received a copy of the GNU Affero General Public License along with sgxwallet. If not, see . - @file BLSEnclave.cpp + @file common.h @author Stan Kladko @date 2020 */ @@ -34,10 +34,13 @@ using namespace std; - +#include +#include "secure_enclave/Verify.h" #include "InvalidStateException.h" +#define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}} + inline std::string className(const std::string &prettyFunction) { size_t colons = prettyFunction.find("::"); if (colons == std::string::npos) diff --git a/secure_enclave/Curves.c b/secure_enclave/Curves.c index 5357eea9..74c72bd5 100644 --- a/secure_enclave/Curves.c +++ b/secure_enclave/Curves.c @@ -24,7 +24,13 @@ #include #include #include + +#ifdef USER_SPACE +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "DomainParameters.h" #include "Curves.h" #include "Point.h" diff --git a/secure_enclave/Curves.h b/secure_enclave/Curves.h index b1688afb..8a4bcdff 100644 --- a/secure_enclave/Curves.h +++ b/secure_enclave/Curves.h @@ -25,6 +25,12 @@ #ifndef SGXWALLET_CURVES_H #define SGXWALLET_CURVES_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif + /*Curves that can be loaded using domain_parameters_load_curve()*/ typedef enum { secp112r1 = 0, @@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0, #define NUMBER_OF_CURVES (secp521r1+1) /*Load a curve depending on it's curve number, defined by the enum*/ -void domain_parameters_load_curve(domain_parameters out, curve_list curve); +EXTERNC void domain_parameters_load_curve(domain_parameters out, curve_list curve); /* REMARK: For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes! diff --git a/secure_enclave/DHDkg.c b/secure_enclave/DHDkg.c index 4d9b5786..437a475b 100644 --- a/secure_enclave/DHDkg.c +++ b/secure_enclave/DHDkg.c @@ -23,7 +23,11 @@ #include #include +#ifdef USER_SPACE +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif #include "DomainParameters.h" #include "Curves.h" diff --git a/secure_enclave/DKGUtils.cpp b/secure_enclave/DKGUtils.cpp index 1a99566f..dbf0a7e0 100644 --- a/secure_enclave/DKGUtils.cpp +++ b/secure_enclave/DKGUtils.cpp @@ -23,7 +23,12 @@ #include "DKGUtils.h" -#include +#ifdef USER_SPACE +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp> #include <../trusted_libff/libff/algebra/fields/fp.hpp> diff --git a/secure_enclave/DKGUtils.h b/secure_enclave/DKGUtils.h index 38ac7e8e..7c1f8fe0 100644 --- a/secure_enclave/DKGUtils.h +++ b/secure_enclave/DKGUtils.h @@ -30,7 +30,12 @@ #define EXTERNC #endif -#include +#ifdef USER_SPACE + +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif EXTERNC int gen_dkg_poly( char* secret, unsigned _t); diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.c index 495ed48c..3cb632a9 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.c @@ -21,7 +21,12 @@ @date 2019 */ +#ifdef USER_SPACE +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include #include #include diff --git a/secure_enclave/DomainParameters.h b/secure_enclave/DomainParameters.h index 7dfde87b..13b09f20 100644 --- a/secure_enclave/DomainParameters.h +++ b/secure_enclave/DomainParameters.h @@ -23,6 +23,11 @@ #ifndef SGXWALLET_DOMAINPARAMETERS_H #define SGXWALLET_DOMAINPARAMETERS_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif /*Type that represents a point*/ typedef struct point_s* point; @@ -48,13 +53,13 @@ struct domain_parameters_s }; /*Initialize a curve*/ -domain_parameters domain_parameters_init(); +EXTERNC domain_parameters domain_parameters_init(); /*Sets the name of a curve*/ -void domain_parameters_set_name(domain_parameters curve, char* name); +EXTERNC void domain_parameters_set_name(domain_parameters curve, char* name); /*Set domain parameters from decimal unsigned long ints*/ -void domain_parameters_set_ui(domain_parameters curve, +EXTERNC void domain_parameters_set_ui(domain_parameters curve, char* name, unsigned long int p, unsigned long int a, @@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve, unsigned long int h); /*Set domain parameters from hexadecimal string*/ -void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h); +EXTERNC void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h); /*Release memory*/ -void domain_parameters_clear(domain_parameters curve); +EXTERNC void domain_parameters_clear(domain_parameters curve); #endif \ No newline at end of file diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index beb67f6f..47b0bbc9 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) { EXTERNC void LOG_INFO(char* _msg) { logMsg(L_INFO, _msg); }; -EXTERNC void LOG_WARNING(char* _msg) { +EXTERNC void LOG_WARN(char* _msg) { logMsg(L_WARNING, _msg); }; diff --git a/secure_enclave/EnclaveCommon.h b/secure_enclave/EnclaveCommon.h index 90d60108..21d4ed1b 100644 --- a/secure_enclave/EnclaveCommon.h +++ b/secure_enclave/EnclaveCommon.h @@ -53,7 +53,7 @@ EXTERNC void enclave_init(); EXTERNC void LOG_INFO(char* msg); -EXTERNC void LOG_WARNING(char* _msg); +EXTERNC void LOG_WARN(char* _msg); EXTERNC void LOG_ERROR(char* _msg); EXTERNC void LOG_DEBUG(char* _msg); EXTERNC void LOG_TRACE(char* _msg); diff --git a/secure_enclave/NumberTheory.c b/secure_enclave/NumberTheory.c index da5bb1c3..0c8339b1 100644 --- a/secure_enclave/NumberTheory.c +++ b/secure_enclave/NumberTheory.c @@ -23,8 +23,14 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include + +#ifdef USER_SPACE +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "NumberTheory.h" /*Calculate R = a^k mod P, using repeated square-and-multiply algorithm diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index 4cfe60b1..db71fd52 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -23,11 +23,16 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include #include #include +#ifdef USER_SPACE +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "NumberTheory.h" #include "DomainParameters.h" @@ -77,14 +82,14 @@ void point_set(point R, point P) } /*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base) +void point_set_str(point p, const char *x, const char *y, int base) { mpz_set_str(p->x, x, base); mpz_set_str(p->y, y, base); } /*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y) +void point_set_hex(point p, const char *x, const char *y) { point_set_str(p,x,y,16); } diff --git a/secure_enclave/Point.h b/secure_enclave/Point.h index a35ef552..ef57b485 100644 --- a/secure_enclave/Point.h +++ b/secure_enclave/Point.h @@ -26,56 +26,58 @@ #define SGXWALLET_POINT_H + + #include "DomainParameters.h" /*Initialize a point*/ -point point_init(); +EXTERNC point point_init(); /*Release point*/ -void point_clear(point p); +EXTERNC void point_clear(point p); /*Set point to be a infinity*/ -void point_at_infinity(point p); +EXTERNC void point_at_infinity(point p); /*Set R to the additive inverse of P, in the curve curve*/ -void point_inverse(point R, point P, domain_parameters curve); +EXTERNC void point_inverse(point R, point P, domain_parameters curve); /*Print point to standart output stream*/ -void point_print(point p); +EXTERNC void point_print(point p); /*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y); +EXTERNC void point_set_hex(point p, const char *x, const char *y); /*Set point from decimal unsigned long ints*/ -void point_set_ui(point p, unsigned long int x, unsigned long int y); +EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y); /*Addition of point P + Q = result*/ -void point_addition(point result, point P, point Q, domain_parameters curve); +EXTERNC void point_addition(point result, point P, point Q, domain_parameters curve); /*Set point R = 2P*/ -void point_doubling(point R, point P, domain_parameters curve); +EXTERNC void point_doubling(point R, point P, domain_parameters curve); /*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ -void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); +EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); /*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base); +EXTERNC void point_set_str(point p, const char *x, const char *y, int base); /*Compare two points return 1 if not the same, returns 0 if they are the same*/ -bool point_cmp(point P, point Q); +EXTERNC bool point_cmp(point P, point Q); /*Decompress a point from hexadecimal representation *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ -void point_decompress(point P, char* zPoint, domain_parameters curve); +EXTERNC void point_decompress(point P, char* zPoint, domain_parameters curve); /*Compress a point to hexadecimal string *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ -char* point_compress(point P); +EXTERNC char* point_compress(point P); /*Make R a copy of P*/ -void point_copy(point R, point P); +EXTERNC void point_copy(point R, point P); /*Set a point from another point*/ -void point_set(point R, point P); +EXTERNC void point_set(point R, point P); #endif \ No newline at end of file diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 93f80c6e..e6a63391 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -23,9 +23,17 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include #include + +#ifdef USER_SPACE +#include + + +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "DomainParameters.h" #include "Point.h" #include "NumberTheory.h" @@ -51,13 +59,13 @@ void signature_print(signature sig) { } /*Set signature from strings of a base from 2-62*/ -void signature_set_str(signature sig, char *r, char *s, int base) { +void signature_set_str(signature sig, const char *r, const char *s, int base) { mpz_set_str(sig->r, r, base); mpz_set_str(sig->s, s, base); } /*Set signature from hexadecimal strings*/ -void signature_set_hex(signature sig, char *r, char *s) { +void signature_set_hex(signature sig, const char *r, const char *s) { signature_set_str(sig, r, s, 16); } @@ -84,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa point_multiplication(public_key, private_key, curve->G, curve); } +#ifndef USER_SPACE /*Generate signature for a message*/ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) { //message must not have a bit length longer than that of n @@ -171,13 +180,26 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para } +#endif + +/*Release signature*/ +void signature_free(signature sig) { + mpz_clear(sig->r); + mpz_clear(sig->s); + free(sig); +} + /*Verify the integrity of a message using it's signature*/ bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { //Initialize variables mpz_t one, w, u1, u2, t, tt2; - mpz_init(one); mpz_init(w); mpz_init(u1); - mpz_init(u2); mpz_init(t); mpz_init(tt2); + mpz_init(one); + mpz_init(w); + mpz_init(u1); + mpz_init(u2); + mpz_init(t); + mpz_init(tt2); mpz_set_ui(one, 1); @@ -224,15 +246,15 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par point_clear(t1); point_clear(t2); - mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t); + mpz_clear(one); + mpz_clear(w); + mpz_clear(u1); + mpz_clear(u2); + mpz_clear(t); mpz_clear(tt2); return result; -} -/*Release signature*/ -void signature_free(signature sig) { - mpz_clear(sig->r); - mpz_clear(sig->s); - free(sig); } + + diff --git a/secure_enclave/Signature.h b/secure_enclave/Signature.h index ce0b251e..cfe57014 100644 --- a/secure_enclave/Signature.h +++ b/secure_enclave/Signature.h @@ -24,6 +24,12 @@ #ifndef SGXWALLET_SIGNATURE_H #define SGXWALLET_SIGNATURE_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif + /*Type for representing a signature*/ struct signature_s { @@ -35,36 +41,36 @@ struct signature_s typedef struct signature_s* signature; /*Initialize a signature*/ -signature signature_init(); +EXTERNC signature signature_init(); /*Set signature from strings of a base from 2-62*/ -void signature_set_str(signature sig, char *r, char *s, int base); +EXTERNC void signature_set_str(signature sig, const char *r, const char *s, int base); /*Set signature from hexadecimal strings*/ -void signature_set_hex(signature sig, char *r, char *s); +EXTERNC void signature_set_hex(signature sig, const char *r, const char *s); /*Set signature from decimal unsigned long ints*/ -void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); +EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); /*Print signature to standart output stream*/ -void signature_print(signature sig); +EXTERNC void signature_print(signature sig); /*Make R a copy of P*/ -void signature_copy(signature R, signature sig); +EXTERNC void signature_copy(signature R, signature sig); /*Compare two signatures return 1 if not the same, returns 0 if they are the same*/ -bool signature_cmp(signature sig1, signature sig2); +EXTERNC bool signature_cmp(signature sig1, signature sig2); /*Release signature*/ -void signature_free(signature sig); +EXTERNC void signature_free(signature sig); /*Generates a public key for a private key*/ -void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve); +EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve); /*Generate signature for a message*/ -void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); +EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); /*Verify the integrity of a message using it's signature*/ -bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve); +EXTERNC bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve); #endif diff --git a/secure_enclave/Verify.h b/secure_enclave/Verify.h new file mode 100644 index 00000000..4a7365b2 --- /dev/null +++ b/secure_enclave/Verify.h @@ -0,0 +1,33 @@ +/* + Copyright (C) 2019-Present SKALE Labs + + This file is part of sgxwallet. + + sgxwallet is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + sgxwallet is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with sgxwallet. If not, see . + + @file Verify.h + @author Stan Kladko + @date 2020 +*/ +#ifndef SGXWALLET_VERIFY_H +#define SGXWALLET_VERIFY_H + +#define USER_SPACE 1 + +#include "secure_enclave/Point.h" +#include "secure_enclave/DomainParameters.h" +#include "secure_enclave/NumberTheory.h" +#include "secure_enclave/Signature.h" +#include "secure_enclave/Curves.h" +#endif //SGXWALLET_VERIFY_H diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 32f373a5..cf0ae301 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} -void trustedGenerateEcdsaKey(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGenerateEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, uint8_t base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); - snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); + snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen, - (sgx_sealed_data_t *) encrypted_key); + (sgx_sealed_data_t *) encryptedPrivateKey); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal ecsdsa private key failed"); + snprintf(errString, BUF_LEN, "seal ecsdsa private key failed"); *errStatus = status; return; } @@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, } -void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { +void trustedGetPublicEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &dec_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); *errStatus = status; return; } - //strncpy(err_string, skey, 1024); + //strncpy(errString, skey, 1024); - mpz_t skey_mpz; - mpz_init(skey_mpz); - // mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { - snprintf(err_string, BUF_LEN, "wrong string to init private key"); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "wrong string to init private key"); *errStatus = -10; - mpz_clear(skey_mpz); + mpz_clear(privateKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, skey_mpz, curve->G, curve); + point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { - snprintf(err_string, BUF_LEN, "Points are not equal"); + snprintf(errString, BUF_LEN, "Points are not equal"); *errStatus = -11; return; } @@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, int base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -281,104 +281,130 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(skey_mpz); + mpz_clear(privateKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } -void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len, - unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { +void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len, + unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); - char* arr_m = NULL; - char* arr_r = NULL; - char* arr_s; + char* arrM = NULL; + char* arrR = NULL; + char* arrS = NULL; + + char* privateKey = calloc(ECDSA_SKEY_LEN,1); + + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + mpz_t msgMpz; + - mpz_t skey_mpz; - mpz_init(skey_mpz); - mpz_t msg_mpz; - mpz_init(msg_mpz); signature sign = signature_init(); domain_parameters curve = domain_parameters_init(); domain_parameters_load_curve(curve, secp256k1); - point publicKey = point_init(); - char* secretKey = calloc(ECDSA_SKEY_LEN,1); - sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len); + if (!hash) { + *errStatus = 1; + char* msg = "NULL message hash"; + LOG_ERROR(msg); + snprintf(errString, BUF_LEN, msg); + goto clean; + } - if (status != SGX_SUCCESS) { - *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_key with status %d", status); + if (strnlen(hash, 64 ) > 64) { + *errStatus = 2; + char* msg = "Hash too long"; + LOG_ERROR(msg); + snprintf(errString, BUF_LEN, msg); goto clean; } - //snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); + mpz_init(msgMpz); - if (mpz_set_str(skey_mpz, secretKey, ECDSA_SKEY_BASE) == -1) { - *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid secret key"); + if (mpz_set_str(msgMpz, hash, 16) == -1) { + *errStatus = 1; + snprintf(errString, BUF_LEN, "invalid message hash %s", hash); + LOG_WARN(errString); goto clean; } - if (mpz_set_str(msg_mpz, hash, 16) == -1) { - *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid message hash"); + if (!encryptedPrivateKey) { + *errStatus = 3; + snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key"); + LOG_ERROR(errString); goto clean; } - //mpz_set_str(msg_mpz,"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a", 16); + - signature_sign(sign, msg_mpz, skey_mpz, curve); + sgx_status_t status = sgx_unseal_data( + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len); - signature_extract_public_key(publicKey, skey_mpz, curve); + if (status != SGX_SUCCESS) { + *errStatus = status; + snprintf(errString, BUF_LEN, + "sgx_unseal_data failed for encryptedPrivateKey:status %d", status); + LOG_ERROR(errString); + goto clean; + } + - if (!signature_verify(msg_mpz, sign, publicKey, curve)) { - *errStatus = -2; - snprintf(err_string, BUF_LEN, "signature is not verified"); + if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) { + *errStatus = -1; + snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed"); + LOG_ERROR(errString); goto clean; } - //char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2]; - //char* px = mpz_get_str(arr_x, 16, Pkey->x); - //snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x); - arr_m = calloc(mpz_sizeinbase(msg_mpz, 16) + 2 ,1); - mpz_get_str(arr_m, 16, msg_mpz); - //snprintf(err_string, BUF_LEN, "message is %s ", arr_m); - arr_r = calloc(mpz_sizeinbase(sign->r, base) + 2,1); - mpz_get_str(arr_r, base, sign->r); - strncpy(sig_r, arr_r, 1024); + signature_sign(sign, msgMpz, privateKeyMpz, curve); + + signature_extract_public_key(publicKey, privateKeyMpz, curve); + - arr_s = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); - mpz_get_str(arr_s, base, sign->s); - strncpy(sig_s, arr_s, 1024); + + if (!signature_verify(msgMpz, sign, publicKey, curve)) { + *errStatus = 2; + snprintf(errString, BUF_LEN, "ECDSA sig not verified"); + LOG_WARN(errString); + goto clean; + } + + arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1); + mpz_get_str(arrR, base, sign->r); + strncpy(sigR, arrR, 1024); + arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); + mpz_get_str(arrS, base, sign->s); + strncpy(sigS, arrS, 1024); *sig_v = sign->v; clean: - mpz_clear(skey_mpz); - mpz_clear(msg_mpz); + mpz_clear(privateKeyMpz); + mpz_clear(msgMpz); domain_parameters_clear(curve); point_clear(publicKey); - free(secretKey); + signature_free(sign); - if (arr_m != NULL) { - free(arr_m); - } - if (arr_r != NULL) { - free(arr_r); + if (privateKey) + free(privateKey); + + + if (arrR) { + free(arrR); } - if (arr_s != NULL) { - free(arr_s); + if (arrS) { + free(arrS); } return; @@ -386,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, } -void trustedEncryptKey(int *errStatus, char *err_string, char *key, - uint8_t *encrypted_key, uint32_t *enc_len) { +void trustedEncryptKey(int *errStatus, char *errString, char *key, + uint8_t *encryptedPrivateKey, uint32_t *enc_len) { LOG_DEBUG (__FUNCTION__); *errStatus = UNKNOWN_ERROR; - memset(err_string, 0, BUF_LEN); + memset(errString, 0, BUF_LEN); - checkKey(errStatus, err_string, key); + checkKey(errStatus, errString, key); if (*errStatus != 0) { - snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed"); + snprintf(errString + strlen(errString), BUF_LEN, "check_key failed"); return; } @@ -407,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, if (sealedLen > BUF_LEN) { *errStatus = ENCRYPTED_KEY_TOO_LONG; - snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); return; } - memset(encrypted_key, 0, BUF_LEN); + memset(encryptedPrivateKey, 0, BUF_LEN); sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, - (sgx_sealed_data_t *) encrypted_key); + (sgx_sealed_data_t *) encryptedPrivateKey); if (status != SGX_SUCCESS) { *errStatus = SEAL_KEY_FAILED; - snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status); + snprintf(errString, BUF_LEN, "SGX seal data failed with status %d", status); return; } @@ -427,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, char decryptedKey[BUF_LEN]; memset(decryptedKey, 0, BUF_LEN); - trustedDecryptKey(errStatus, err_string, encrypted_key, sealedLen, decryptedKey); + trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey); if (*errStatus != 0) { - snprintf(err_string + strlen(err_string), BUF_LEN, ":trustedDecryptKey failed"); + snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed"); return; } uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); if (decryptedKeyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); + snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); return; } @@ -445,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, *errStatus = -8; if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { - snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); + snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); return; } *errStatus = 0; } -void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *key) { LOG_DEBUG (__FUNCTION__); @@ -462,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, *errStatus = -9; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); return; } - //snprintf(err_string, BUF_LEN, "decr key is %s", key); + //snprintf(errString, BUF_LEN, "decr key is %s", key); if (decLen > MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); return; } @@ -484,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, if (keyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Key is not null terminated"); + snprintf(errString, BUF_LEN, "Key is not null terminated"); return; } @@ -494,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, } -void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *_hashX, char *_hashY, char *signature) { @@ -507,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ - trustedDecryptKey(errStatus, err_string, encrypted_key, enc_len, key); + trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key); if (*errStatus != 0) { - strncpy(signature, err_string, BUF_LEN); + strncpy(signature, errString, BUF_LEN); return; } @@ -526,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ free(sig); } -void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { LOG_DEBUG (__FUNCTION__); @@ -537,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk return; } - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret); @@ -546,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk (sgx_sealed_data_t *) encrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "SGX seal data failed"); + snprintf(errString, BUF_LEN, "SGX seal data failed"); *errStatus = status; return; } @@ -555,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk //free(dkg_secret); } -void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, +void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, uint32_t *dec_len) { LOG_DEBUG (__FUNCTION__); @@ -566,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte (const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } @@ -574,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte *dec_len = decr_len; } -void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, +void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, char *secret_shares, unsigned _t, unsigned _n) { @@ -583,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted char decrypted_dkg_secret[DKG_BUFER_LENGTH]; uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); return; } *dec_len = decr_len; - // strncpy(err_string, decrypted_dkg_secret, 1024); + // strncpy(errString, decrypted_dkg_secret, 1024); calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n); //free(decrypted_dkg_secret); } -void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, char *public_shares, unsigned _t, unsigned _n) { @@ -605,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); return; } - //strncpy(err_string, decrypted_dkg_secret, 1024); - // strncpy(err_string, "before calc_public_shares ", 1024); + //strncpy(errString, decrypted_dkg_secret, 1024); + // strncpy(errString, "before calc_public_shares ", 1024); if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); + snprintf(errString, BUF_LEN, "t does not match polynomial in db"); return; } free(decrypted_dkg_secret); } -void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encrypted_poly) { +void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) { memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); uint32_t decr_len; sgx_status_t status = sgx_unseal_data( @@ -629,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); return; } } -void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { LOG_DEBUG (__FUNCTION__); @@ -648,7 +674,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e uint32_t enc_len; - trustedGenerateEcdsaKey(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); if (*errStatus != 0) { return; } @@ -659,11 +685,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e (const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); *errStatus = status; return; } - snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); + snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey); char *common_key[ECDSA_SKEY_LEN]; gen_session_key(skey, pub_keyB, common_key); @@ -672,14 +698,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "\nt does not match poly degree\n"); + snprintf(errString, BUF_LEN, "\nt does not match poly degree\n"); return; } - snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); + snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share); if (calc_secret_shareG2(s_share, s_shareG2) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid decr secret share\n"); + snprintf(errString, BUF_LEN, "invalid decr secret share\n"); return; } @@ -687,7 +713,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e xor_encrypt(common_key, s_share, cypher); if (cypher == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -698,7 +724,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e } -void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, +void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) { @@ -709,9 +735,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt char decrypted_dkg_secret[DKG_BUFER_LENGTH]; uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); return; } @@ -719,18 +745,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt } -void trustedDkgVerify(int *errStatus, char *err_string, const char *public_shares, const char *s_share, - uint8_t *encrypted_key, uint64_t key_len, unsigned _t, int _ind, int *result) { +void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, + uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); return; } @@ -744,14 +770,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share common_key[ECDSA_SKEY_LEN - 1] = 0; if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -763,28 +789,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share mpz_init(s); if (mpz_set_str(s, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); mpz_clear(s); return; } *result = Verification(public_shares, s, _t, _ind); - snprintf(err_string, BUF_LEN, "common_key in verification is %s", common_key); + snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key); } -void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, - uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { +void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, + uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); return; } @@ -810,7 +836,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -820,7 +846,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -829,7 +855,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, mpz_init(decr_secret_share); if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decrypted secret share"); + snprintf(errString, BUF_LEN, "invalid decrypted secret share"); mpz_clear(decr_secret_share); return; } @@ -849,7 +875,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char *key = mpz_get_str(key_share, 16, bls_key); - snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); + snprintf(errString, BUF_LEN, " bls private key is %s", key_share); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); @@ -857,7 +883,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, (sgx_sealed_data_t *) encr_bls_key); if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "seal bls private key failed with status %d ", status); + snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status); mpz_clear(bls_key); mpz_clear(sum); mpz_clear(q); @@ -871,7 +897,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, mpz_clear(q); } -void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { +void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG (__FUNCTION__); @@ -880,21 +906,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke uint32_t len = key_len; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey_hex, &len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey_hex, &len); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); return; } if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "could not calculate bls public key"); + snprintf(errString, BUF_LEN, "could not calculate bls public key"); return; } } -void trustedGenerateSEK(int *errStatus, char *err_string, +void trustedGenerateSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { LOG_DEBUG (__FUNCTION__); @@ -915,7 +941,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen, (sgx_sealed_data_t *) encrypted_SEK); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal SEK failed"); + snprintf(errString, BUF_LEN, "seal SEK failed"); *errStatus = status; return; } @@ -925,7 +951,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, } -void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len) { +void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { LOG_DEBUG (__FUNCTION__); @@ -936,7 +962,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx unseal SEK failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status); return; } @@ -945,7 +971,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin } -void trustedSetSEK_backup(int *errStatus, char *err_string, +void trustedSetSEK_backup(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { LOG_DEBUG (__FUNCTION__); @@ -958,7 +984,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen, (sgx_sealed_data_t *) encrypted_SEK); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status); + snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); *errStatus = status; return; } @@ -966,8 +992,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, *enc_len = sealedLen; } -void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -996,10 +1022,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, uint8_t base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -1016,21 +1042,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); - snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); + snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); - int stat = AES_encrypt(skey_str, encrypted_key); + int stat = AES_encrypt(skey_str, encryptedPrivateKey); if (stat != 0) { - snprintf(err_string, BUF_LEN, "ecdsa private key encryption failed"); + snprintf(errString, BUF_LEN, "ecdsa private key encryption failed"); *errStatus = stat; return; } *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - stat = AES_decrypt(encrypted_key, *enc_len, skey_str); + stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str); if (stat != 0) { - snprintf(err_string + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); + snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); //*errStatus = stat; return; } @@ -1040,8 +1066,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, point_clear(Pkey); } -void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -1050,38 +1076,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != 0) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status); *errStatus = status; return; } skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; - strncpy(err_string, skey, 1024); + strncpy(errString, skey, 1024); - mpz_t skey_mpz; - mpz_init(skey_mpz); - // mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { - snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey); *errStatus = -10; - mpz_clear(skey_mpz); + mpz_clear(privateKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, skey_mpz, curve->G, curve); + point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { - snprintf(err_string, BUF_LEN, "Points are not equal"); + snprintf(errString, BUF_LEN, "Points are not equal"); *errStatus = -11; return; } @@ -1108,13 +1134,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(skey_mpz); + mpz_clear(privateKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } -void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len, - unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { +void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, + unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); @@ -1123,88 +1149,88 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != 0) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0'; - snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); - mpz_t skey_mpz; - mpz_init(skey_mpz); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid secret key"); - mpz_clear(skey_mpz); + snprintf(errString, BUF_LEN, "invalid secret key"); + mpz_clear(privateKeyMpz); return; } - mpz_t msg_mpz; - mpz_init(msg_mpz); - if (mpz_set_str(msg_mpz, hash, 16) == -1) { + mpz_t msgMpz; + mpz_init(msgMpz); + if (mpz_set_str(msgMpz, hash, 16) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid message hash"); - mpz_clear(msg_mpz); + snprintf(errString, BUF_LEN, "invalid message hash"); + mpz_clear(msgMpz); return; } signature sign = signature_init(); - signature_sign(sign, msg_mpz, skey_mpz, curve); + signature_sign(sign, msgMpz, privateKeyMpz, curve); point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); - if (!signature_verify(msg_mpz, sign, Pkey, curve)) { + if (!signature_verify(msgMpz, sign, Pkey, curve)) { *errStatus = -2; - snprintf(err_string, BUF_LEN, "signature is not verified! "); + snprintf(errString, BUF_LEN, "signature is not verified! "); return; } - char arr_m[mpz_sizeinbase(msg_mpz, 16) + 2]; - char *msg = mpz_get_str(arr_m, 16, msg_mpz); - snprintf(err_string, BUF_LEN, "message is %s ", arr_m); + char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; + char *msg = mpz_get_str(arrM, 16, msgMpz); + snprintf(errString, BUF_LEN, "message is %s ", arrM); - char arr_r[mpz_sizeinbase(sign->r, base) + 2]; - char *r = mpz_get_str(arr_r, base, sign->r); - strncpy(sig_r, arr_r, 1024); + char arrR[mpz_sizeinbase(sign->r, base) + 2]; + char *r = mpz_get_str(arrR, base, sign->r); + strncpy(sigR, arrR, 1024); - char arr_s[mpz_sizeinbase(sign->s, base) + 2]; - char *s = mpz_get_str(arr_s, base, sign->s); - strncpy(sig_s, arr_s, 1024); + char arrS[mpz_sizeinbase(sign->s, base) + 2]; + char *s = mpz_get_str(arrS, base, sign->s); + strncpy(sigS, arrS, 1024); *sig_v = sign->v; - mpz_clear(skey_mpz); - mpz_clear(msg_mpz); + mpz_clear(privateKeyMpz); + mpz_clear(msgMpz); domain_parameters_clear(curve); signature_free(sign); point_clear(Pkey); } -void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, - uint8_t *encrypted_key, uint32_t *enc_len) { +void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, + uint8_t *encryptedPrivateKey, uint32_t *enc_len) { LOG_DEBUG (__FUNCTION__); *errStatus = UNKNOWN_ERROR; - memset(err_string, 0, BUF_LEN); + memset(errString, 0, BUF_LEN); - memset(encrypted_key, 0, BUF_LEN); + memset(encryptedPrivateKey, 0, BUF_LEN); - int stat = AES_encrypt(key, encrypted_key); + int stat = AES_encrypt(key, encryptedPrivateKey); if (stat != 0) { *errStatus = stat; - snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat); + snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat); return; } @@ -1213,18 +1239,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, char decryptedKey[BUF_LEN]; memset(decryptedKey, 0, BUF_LEN); - stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey); + stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey); if (stat != 0) { *errStatus = stat; - snprintf(err_string, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); + snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); return; } uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); if (decryptedKeyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); + snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); return; } @@ -1232,32 +1258,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, *errStatus = -8; if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { - snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); + snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); return; } *errStatus = 0; } -void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *key) { uint32_t decLen; *errStatus = -9; - int status = AES_decrypt(encrypted_key, enc_len, key); + int status = AES_decrypt(encryptedPrivateKey, enc_len, key); if (status != 0) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } if (decLen > MAX_KEY_LENGTH) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); return; } @@ -1268,16 +1294,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k if (keyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Key is not null terminated"); + snprintf(errString, BUF_LEN, "Key is not null terminated"); return; } *errStatus = 0; - memcpy(err_string, AES_key, 1024); + memcpy(errString, AES_key, 1024); } -void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *_hashX, char *_hashY, char *signature) { @@ -1288,11 +1314,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt char sig[BUF_LEN]; memset(sig, 0, BUF_LEN); - int stat = AES_decrypt(encrypted_key, enc_len, key); + int stat = AES_decrypt(encryptedPrivateKey, enc_len, key); if (stat != 0) { *errStatus = stat; - strncpy(signature, err_string, BUF_LEN); + strncpy(signature, errString, BUF_LEN); return; } @@ -1308,7 +1334,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt } void -trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { LOG_DEBUG (__FUNCTION__); @@ -1320,12 +1346,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ return; } - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); int status = AES_encrypt(dkg_secret, encrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "SGX AES encrypt DKG poly failed"); + snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed"); *errStatus = status; return; } @@ -1338,14 +1364,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt dkg poly failed"); + snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed"); *errStatus = status; return; } if (strcmp(dkg_secret, decr_dkg_secret) != 0) { - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); - snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, "encrypted poly is not equal to decrypted poly"); *errStatus = -333; } @@ -1354,7 +1380,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ } void -trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, +trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, uint32_t *dec_len) { LOG_DEBUG (__FUNCTION__); @@ -1362,14 +1388,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_ int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } } -void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *encrypted_poly, uint64_t *enc_len) { +void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) { LOG_DEBUG (__FUNCTION__); @@ -1378,12 +1404,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); return; } } -void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char skey[ECDSA_SKEY_LEN]; @@ -1395,7 +1421,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t uint32_t enc_len; - trustedGenerateEcdsaKeyAES(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); if (*errStatus != 0) { return; } @@ -1405,11 +1431,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t skey[ECDSA_SKEY_LEN - 1] = 0; if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); *errStatus = status; return; } - snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); + snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey); *dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; @@ -1422,14 +1448,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, decryptedDkgPoly); + snprintf(errString, BUF_LEN, decryptedDkgPoly); return; } - snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); + snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share); if (calc_secret_shareG2(s_share, s_shareG2) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); return; } @@ -1437,7 +1463,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t xor_encrypt(common_key, s_share, cypher); if (cypher == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1449,7 +1475,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t } -void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, char *public_shares, unsigned _t, unsigned _n) { @@ -1463,33 +1489,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); + snprintf(errString, BUF_LEN, "t does not match polynomial in db"); return; } } -void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_shares, const char *s_share, - uint8_t *encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int *result) { +void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, + uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; memset(skey, 0, ECDSA_SKEY_LEN); - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); *errStatus = status; return; } @@ -1506,7 +1532,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh if (common_key == NULL || strlen(common_key) == 0) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1515,7 +1541,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1523,27 +1549,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh mpz_init(s); if (mpz_set_str(s, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); mpz_clear(s); return; } *result = Verification(public_shares, s, _t, _ind); - snprintf(err_string, BUF_LEN, "secret share dec %s", public_shares); + snprintf(errString, BUF_LEN, "secret share dec %s", public_shares); } -void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shares, - uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { +void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, + uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, key_len, skey); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1571,7 +1597,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -1581,7 +1607,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -1591,8 +1617,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar mpz_init(decr_secret_share); if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { *errStatus = 111; - //snprintf(err_string, BUF_LEN ,"invalid decrypted secret share"); - snprintf(err_string, BUF_LEN, decr_sshare); + //snprintf(errString, BUF_LEN ,"invalid decrypted secret share"); + snprintf(errString, BUF_LEN, decr_sshare); mpz_clear(decr_secret_share); return; } @@ -1612,7 +1638,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char *key = mpz_get_str(key_share, 16, bls_key); - snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); + snprintf(errString, BUF_LEN, " bls private key is %s", key_share); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); @@ -1620,7 +1646,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); + snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); mpz_clear(bls_key); mpz_clear(sum); mpz_clear(q); @@ -1634,7 +1660,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar } void -trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { +trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG (__FUNCTION__); @@ -1642,10 +1668,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t len = key_len; - int status = AES_decrypt(encrypted_key, key_len, skey_hex); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "aes_decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status); return; } @@ -1653,7 +1679,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "could not calculate bls public key"); + snprintf(errString, BUF_LEN, "could not calculate bls public key"); return; } } diff --git a/testw.cpp b/testw.cpp index 4c253e81..15bd07e4 100644 --- a/testw.cpp +++ b/testw.cpp @@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") { TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); - REQUIRE(c.getServerVersion()["version"] == SGXWALLET_VERSION); + REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion()); }