From 8c109b8b68f4bb69e517c37b339ff01e133f0cd9 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 16:21:25 +0300 Subject: [PATCH 01/25] Fixed docs --- secure_enclave/Signature.c | 57 ------------------------------------ secure_enclave/Signature.h | 59 +++++++++++++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 93f80c6e..ad86c48e 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -171,64 +171,7 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para } -/*Verify the integrity of a message using it's signature*/ -bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { - //Initialize variables - mpz_t one, w, u1, u2, t, tt2; - mpz_init(one); mpz_init(w); mpz_init(u1); - mpz_init(u2); mpz_init(t); mpz_init(tt2); - - mpz_set_ui(one, 1); - - point x = point_init(); - point t1 = point_init(); - point t2 = point_init(); - - bool result = false; - - - if (mpz_cmp(sig->r, one) < 0 && - mpz_cmp(curve->n, sig->r) <= 0 && - mpz_cmp(sig->s, one) < 0 && - mpz_cmp(curve->n, sig->s) <= 0) { - goto clean; - } - - //w = s¯¹ mod n - number_theory_inverse(w, sig->s, curve->n); - - //u1 = message * w mod n - mpz_mod(tt2, message, curve->n); - mpz_mul(t, tt2, w); - mpz_mod(u1, t, curve->n); - - //u2 = r*w mod n - mpz_mul(t, sig->r, w); - mpz_mod(u2, t, curve->n); - - //x = u1*G+u2*Q - point_multiplication(t1, u1, curve->G, curve); - point_multiplication(t2, u2, public_key, curve); - point_addition(x, t1, t2, curve); - - //Get the result, by comparing x value with r and verifying that x is NOT at infinity - - result = mpz_cmp(sig->r, x->x) == 0 && !x->infinity; - - - clean: - - - point_clear(x); - point_clear(t1); - point_clear(t2); - - mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t); - mpz_clear(tt2); - - return result; -} /*Release signature*/ void signature_free(signature sig) { diff --git a/secure_enclave/Signature.h b/secure_enclave/Signature.h index ce0b251e..1c9f679c 100644 --- a/secure_enclave/Signature.h +++ b/secure_enclave/Signature.h @@ -65,6 +65,63 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); /*Verify the integrity of a message using it's signature*/ -bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve); +static inline bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { + + //Initialize variables + mpz_t one, w, u1, u2, t, tt2; + mpz_init(one); mpz_init(w); mpz_init(u1); + mpz_init(u2); mpz_init(t); mpz_init(tt2); + + mpz_set_ui(one, 1); + + point x = point_init(); + point t1 = point_init(); + point t2 = point_init(); + + bool result = false; + + + if (mpz_cmp(sig->r, one) < 0 && + mpz_cmp(curve->n, sig->r) <= 0 && + mpz_cmp(sig->s, one) < 0 && + mpz_cmp(curve->n, sig->s) <= 0) { + goto clean; + } + + //w = s¯¹ mod n + number_theory_inverse(w, sig->s, curve->n); + + //u1 = message * w mod n + mpz_mod(tt2, message, curve->n); + mpz_mul(t, tt2, w); + mpz_mod(u1, t, curve->n); + + //u2 = r*w mod n + mpz_mul(t, sig->r, w); + mpz_mod(u2, t, curve->n); + + //x = u1*G+u2*Q + point_multiplication(t1, u1, curve->G, curve); + point_multiplication(t2, u2, public_key, curve); + point_addition(x, t1, t2, curve); + + //Get the result, by comparing x value with r and verifying that x is NOT at infinity + + result = mpz_cmp(sig->r, x->x) == 0 && !x->infinity; + + + clean: + + + point_clear(x); + point_clear(t1); + point_clear(t2); + + mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t); + mpz_clear(tt2); + + return result; +} + #endif From 50860b33fbb34b4b12e5016a5ef08bd1c4d87571 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 16:29:39 +0300 Subject: [PATCH 02/25] Fixed docs --- secure_enclave/secure_enclave.c | 157 ++++++++++++++++---------------- 1 file changed, 79 insertions(+), 78 deletions(-) diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 7be4bd69..cdc43d28 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -235,23 +235,23 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, //strncpy(err_string, skey, 1024); - mpz_t skey_mpz; - mpz_init(skey_mpz); - // mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { + mpz_t secretKeyMpz; + mpz_init(secretKeyMpz); + // mpz_import(secretKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { snprintf(err_string, BUF_LEN, "wrong string to init private key"); *errStatus = -10; - mpz_clear(skey_mpz); + mpz_clear(secretKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, secretKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, skey_mpz, curve->G, curve); + point_multiplication(Pkey_test, secretKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { snprintf(err_string, BUF_LEN, "Points are not equal"); @@ -281,24 +281,26 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(skey_mpz); + mpz_clear(secretKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len, - unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { + unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); - char* arr_m = NULL; - char* arr_r = NULL; - char* arr_s; + char* arrM = NULL; + char* arrR = NULL; + char* arrS = NULL; - mpz_t skey_mpz; - mpz_init(skey_mpz); - mpz_t msg_mpz; - mpz_init(msg_mpz); + char* secretKey = calloc(ECDSA_SKEY_LEN,1); + + mpz_t secretKeyMpz; + mpz_init(secretKeyMpz); + mpz_t msgMpz; + mpz_init(msgMpz); signature sign = signature_init(); @@ -307,7 +309,7 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, point publicKey = point_init(); - char* secretKey = calloc(ECDSA_SKEY_LEN,1); + sgx_status_t status = sgx_unseal_data( (const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len); @@ -320,65 +322,64 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, //snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); - if (mpz_set_str(skey_mpz, secretKey, ECDSA_SKEY_BASE) == -1) { + if (mpz_set_str(secretKeyMpz, secretKey, ECDSA_SKEY_BASE) == -1) { *errStatus = -1; snprintf(err_string, BUF_LEN, "invalid secret key"); goto clean; } - if (mpz_set_str(msg_mpz, hash, 16) == -1) { + if (mpz_set_str(msgMpz, hash, 16) == -1) { *errStatus = -1; snprintf(err_string, BUF_LEN, "invalid message hash"); goto clean; } - //mpz_set_str(msg_mpz,"4b688df40bcedbe641ddb16ff0a1842d9c67ea1c3bf63f3e0471baa664531d1a", 16); - signature_sign(sign, msg_mpz, skey_mpz, curve); + signature_sign(sign, msgMpz, secretKeyMpz, curve); - signature_extract_public_key(publicKey, skey_mpz, curve); + signature_extract_public_key(publicKey, secretKeyMpz, curve); - if (!signature_verify(msg_mpz, sign, publicKey, curve)) { + if (!signature_verify(msgMpz, sign, publicKey, curve)) { *errStatus = -2; snprintf(err_string, BUF_LEN, "signature is not verified"); goto clean; } + + arrM = calloc(mpz_sizeinbase(msgMpz, 16) + 2 ,1); + mpz_get_str(arrM, 16, msgMpz); + - //char arr_x[mpz_sizeinbase (Pkey->x, 16) + 2]; - //char* px = mpz_get_str(arr_x, 16, Pkey->x); - //snprintf(err_string, BUF_LEN,"pub key x %s ", arr_x); - - arr_m = calloc(mpz_sizeinbase(msg_mpz, 16) + 2 ,1); - mpz_get_str(arr_m, 16, msg_mpz); + arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1); + mpz_get_str(arrR, base, sign->r); + strncpy(sigR, arrR, 1024); - //snprintf(err_string, BUF_LEN, "message is %s ", arr_m); - - arr_r = calloc(mpz_sizeinbase(sign->r, base) + 2,1); - mpz_get_str(arr_r, base, sign->r); - strncpy(sig_r, arr_r, 1024); - - arr_s = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); - mpz_get_str(arr_s, base, sign->s); - strncpy(sig_s, arr_s, 1024); + arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); + mpz_get_str(arrS, base, sign->s); + strncpy(sigS, arrS, 1024); *sig_v = sign->v; clean: - mpz_clear(skey_mpz); - mpz_clear(msg_mpz); + mpz_clear(secretKeyMpz); + mpz_clear(msgMpz); domain_parameters_clear(curve); point_clear(publicKey); - free(secretKey); + + + signature_free(sign); - if (arr_m != NULL) { - free(arr_m); + if (secretKey) + free(secretKey); + + if (arrM) { + free(arrM); } - if (arr_r != NULL) { - free(arr_r); + if (arrR) { + free(arrR); } - if (arr_s != NULL) { - free(arr_s); + if (arrS) { + free(arrS); } return; @@ -1064,23 +1065,23 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, strncpy(err_string, skey, 1024); - mpz_t skey_mpz; - mpz_init(skey_mpz); - // mpz_import(skey_mpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { + mpz_t secretKeyMpz; + mpz_init(secretKeyMpz); + // mpz_import(secretKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey); *errStatus = -10; - mpz_clear(skey_mpz); + mpz_clear(secretKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, secretKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, skey_mpz, curve->G, curve); + point_multiplication(Pkey_test, secretKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { snprintf(err_string, BUF_LEN, "Points are not equal"); @@ -1110,13 +1111,13 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(skey_mpz); + mpz_clear(secretKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len, - unsigned char *hash, char *sig_r, char *sig_s, uint8_t *sig_v, int base) { + unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); @@ -1136,56 +1137,56 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0'; snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); - mpz_t skey_mpz; - mpz_init(skey_mpz); - if (mpz_set_str(skey_mpz, skey, ECDSA_SKEY_BASE) == -1) { + mpz_t secretKeyMpz; + mpz_init(secretKeyMpz); + if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { *errStatus = -1; snprintf(err_string, BUF_LEN, "invalid secret key"); - mpz_clear(skey_mpz); + mpz_clear(secretKeyMpz); return; } - mpz_t msg_mpz; - mpz_init(msg_mpz); - if (mpz_set_str(msg_mpz, hash, 16) == -1) { + mpz_t msgMpz; + mpz_init(msgMpz); + if (mpz_set_str(msgMpz, hash, 16) == -1) { *errStatus = -1; snprintf(err_string, BUF_LEN, "invalid message hash"); - mpz_clear(msg_mpz); + mpz_clear(msgMpz); return; } signature sign = signature_init(); - signature_sign(sign, msg_mpz, skey_mpz, curve); + signature_sign(sign, msgMpz, secretKeyMpz, curve); point Pkey = point_init(); - signature_extract_public_key(Pkey, skey_mpz, curve); + signature_extract_public_key(Pkey, secretKeyMpz, curve); - if (!signature_verify(msg_mpz, sign, Pkey, curve)) { + if (!signature_verify(msgMpz, sign, Pkey, curve)) { *errStatus = -2; snprintf(err_string, BUF_LEN, "signature is not verified! "); return; } - char arr_m[mpz_sizeinbase(msg_mpz, 16) + 2]; - char *msg = mpz_get_str(arr_m, 16, msg_mpz); - snprintf(err_string, BUF_LEN, "message is %s ", arr_m); + char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; + char *msg = mpz_get_str(arrM, 16, msgMpz); + snprintf(err_string, BUF_LEN, "message is %s ", arrM); - char arr_r[mpz_sizeinbase(sign->r, base) + 2]; - char *r = mpz_get_str(arr_r, base, sign->r); - strncpy(sig_r, arr_r, 1024); + char arrR[mpz_sizeinbase(sign->r, base) + 2]; + char *r = mpz_get_str(arrR, base, sign->r); + strncpy(sigR, arrR, 1024); - char arr_s[mpz_sizeinbase(sign->s, base) + 2]; - char *s = mpz_get_str(arr_s, base, sign->s); - strncpy(sig_s, arr_s, 1024); + char arrS[mpz_sizeinbase(sign->s, base) + 2]; + char *s = mpz_get_str(arrS, base, sign->s); + strncpy(sigS, arrS, 1024); *sig_v = sign->v; - mpz_clear(skey_mpz); - mpz_clear(msg_mpz); + mpz_clear(secretKeyMpz); + mpz_clear(msgMpz); domain_parameters_clear(curve); signature_free(sign); point_clear(Pkey); From 9e2d76c5d05be742d6cb92a271c923390e1afdba Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 16:48:04 +0300 Subject: [PATCH 03/25] Fixed docs --- SGXWALLET_VERSION | 2 +- secure_enclave/EnclaveCommon.cpp | 2 +- secure_enclave/EnclaveCommon.h | 2 +- secure_enclave/secure_enclave.c | 469 ++++++++++++++++--------------- 4 files changed, 250 insertions(+), 225 deletions(-) diff --git a/SGXWALLET_VERSION b/SGXWALLET_VERSION index 8db2981e..2992f405 100644 --- a/SGXWALLET_VERSION +++ b/SGXWALLET_VERSION @@ -1 +1 @@ -#define SGXWALLET_VERSION "1.49.3" \ No newline at end of file +#define SGXWALLET_VERSION "1.49.4" \ No newline at end of file diff --git a/secure_enclave/EnclaveCommon.cpp b/secure_enclave/EnclaveCommon.cpp index beb67f6f..47b0bbc9 100644 --- a/secure_enclave/EnclaveCommon.cpp +++ b/secure_enclave/EnclaveCommon.cpp @@ -298,7 +298,7 @@ void logMsg(log_level _level, char* _msg) { EXTERNC void LOG_INFO(char* _msg) { logMsg(L_INFO, _msg); }; -EXTERNC void LOG_WARNING(char* _msg) { +EXTERNC void LOG_WARN(char* _msg) { logMsg(L_WARNING, _msg); }; diff --git a/secure_enclave/EnclaveCommon.h b/secure_enclave/EnclaveCommon.h index 90d60108..21d4ed1b 100644 --- a/secure_enclave/EnclaveCommon.h +++ b/secure_enclave/EnclaveCommon.h @@ -53,7 +53,7 @@ EXTERNC void enclave_init(); EXTERNC void LOG_INFO(char* msg); -EXTERNC void LOG_WARNING(char* _msg); +EXTERNC void LOG_WARN(char* _msg); EXTERNC void LOG_ERROR(char* _msg); EXTERNC void LOG_DEBUG(char* _msg); EXTERNC void LOG_TRACE(char* _msg); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index cdc43d28..6f8f9527 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -137,8 +137,8 @@ void trustedEMpzDiv(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} void trustedEMpfDiv(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} -void trustedGenerateEcdsaKey(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGenerateEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -174,10 +174,10 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, uint8_t base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -194,14 +194,14 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); - snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); + snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); sgx_status_t status = sgx_seal_data(0, NULL, ECDSA_SKEY_LEN, (uint8_t *) skey_str, sealedLen, - (sgx_sealed_data_t *) encrypted_key); + (sgx_sealed_data_t *) encryptedPrivateKey); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal ecsdsa private key failed"); + snprintf(errString, BUF_LEN, "seal ecsdsa private key failed"); *errStatus = status; return; } @@ -214,8 +214,8 @@ void trustedGenerateEcdsaKey(int *errStatus, char *err_string, } -void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { +void trustedGetPublicEcdsaKey(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t dec_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -225,36 +225,36 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &dec_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &dec_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); *errStatus = status; return; } - //strncpy(err_string, skey, 1024); + //strncpy(errString, skey, 1024); - mpz_t secretKeyMpz; - mpz_init(secretKeyMpz); - // mpz_import(secretKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { - snprintf(err_string, BUF_LEN, "wrong string to init private key"); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "wrong string to init private key"); *errStatus = -10; - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, secretKeyMpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, secretKeyMpz, curve->G, curve); + point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { - snprintf(err_string, BUF_LEN, "Points are not equal"); + snprintf(errString, BUF_LEN, "Points are not equal"); *errStatus = -11; return; } @@ -262,10 +262,10 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, int base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -281,12 +281,12 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } -void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t dec_len, +void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t dec_len, unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); @@ -295,10 +295,10 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, char* arrR = NULL; char* arrS = NULL; - char* secretKey = calloc(ECDSA_SKEY_LEN,1); + char* privateKey = calloc(ECDSA_SKEY_LEN,1); - mpz_t secretKeyMpz; - mpz_init(secretKeyMpz); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); mpz_t msgMpz; mpz_init(msgMpz); @@ -309,38 +309,66 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, point publicKey = point_init(); + + if (!hash) { + *errStatus = -1; + LOG_WARN("NULL message hash"); + snprintf(errString, BUF_LEN, "NULL message hash"); + goto clean; + } + + if (!hash) { + *errStatus = -1; + char* msg = "NULL message hash"; + LOG_ERROR(msg); + snprintf(errString, BUF_LEN, msg); + goto clean; + } + + if (!encryptedPrivateKey) { + *errStatus = -1; + snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key"); + LOG_ERROR(errString); + goto clean; + } + sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, secretKey, &dec_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_key with status %d", status); + snprintf(errString, BUF_LEN, + "sgx_unseal_data failed for encryptedPrivateKey:status %d", status); + LOG_ERROR(errString); goto clean; } + - //snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); - - if (mpz_set_str(secretKeyMpz, secretKey, ECDSA_SKEY_BASE) == -1) { + if (mpz_set_str(privateKeyMpz, privateKey, ECDSA_SKEY_BASE) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid secret key"); + snprintf(errString, BUF_LEN, "mpz_set_str(privateKeyMpz ...) failed"); + LOG_ERROR(errString); goto clean; } + if (mpz_set_str(msgMpz, hash, 16) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid message hash"); + snprintf(errString, BUF_LEN, "invalid message hash %s", hash); + LOG_WARN(errString); goto clean; } - signature_sign(sign, msgMpz, secretKeyMpz, curve); + signature_sign(sign, msgMpz, privateKeyMpz, curve); - signature_extract_public_key(publicKey, secretKeyMpz, curve); + signature_extract_public_key(publicKey, privateKeyMpz, curve); if (!signature_verify(msgMpz, sign, publicKey, curve)) { *errStatus = -2; - snprintf(err_string, BUF_LEN, "signature is not verified"); + snprintf(errString, BUF_LEN, "ECDSA sig not verified"); + LOG_WARN(errString); goto clean; } @@ -351,7 +379,6 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1); mpz_get_str(arrR, base, sign->r); strncpy(sigR, arrR, 1024); - arrS = calloc(mpz_sizeinbase(sign->s, base) + 2, 1); mpz_get_str(arrS, base, sign->s); strncpy(sigS, arrS, 1024); @@ -359,17 +386,15 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, clean: - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); mpz_clear(msgMpz); domain_parameters_clear(curve); point_clear(publicKey); - - signature_free(sign); - if (secretKey) - free(secretKey); + if (privateKey) + free(privateKey); if (arrM) { free(arrM); @@ -387,19 +412,19 @@ void trustedEcdsaSign(int *errStatus, char *err_string, uint8_t *encrypted_key, } -void trustedEncryptKey(int *errStatus, char *err_string, char *key, - uint8_t *encrypted_key, uint32_t *enc_len) { +void trustedEncryptKey(int *errStatus, char *errString, char *key, + uint8_t *encryptedPrivateKey, uint32_t *enc_len) { LOG_DEBUG (__FUNCTION__); *errStatus = UNKNOWN_ERROR; - memset(err_string, 0, BUF_LEN); + memset(errString, 0, BUF_LEN); - checkKey(errStatus, err_string, key); + checkKey(errStatus, errString, key); if (*errStatus != 0) { - snprintf(err_string + strlen(err_string), BUF_LEN, "check_key failed"); + snprintf(errString + strlen(errString), BUF_LEN, "check_key failed"); return; } @@ -408,18 +433,18 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, if (sealedLen > BUF_LEN) { *errStatus = ENCRYPTED_KEY_TOO_LONG; - snprintf(err_string, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "sealedLen > MAX_ENCRYPTED_KEY_LENGTH"); return; } - memset(encrypted_key, 0, BUF_LEN); + memset(encryptedPrivateKey, 0, BUF_LEN); sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, - (sgx_sealed_data_t *) encrypted_key); + (sgx_sealed_data_t *) encryptedPrivateKey); if (status != SGX_SUCCESS) { *errStatus = SEAL_KEY_FAILED; - snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status); + snprintf(errString, BUF_LEN, "SGX seal data failed with status %d", status); return; } @@ -428,17 +453,17 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, char decryptedKey[BUF_LEN]; memset(decryptedKey, 0, BUF_LEN); - trustedDecryptKey(errStatus, err_string, encrypted_key, sealedLen, decryptedKey); + trustedDecryptKey(errStatus, errString, encryptedPrivateKey, sealedLen, decryptedKey); if (*errStatus != 0) { - snprintf(err_string + strlen(err_string), BUF_LEN, ":trustedDecryptKey failed"); + snprintf(errString + strlen(errString), BUF_LEN, ":trustedDecryptKey failed"); return; } uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); if (decryptedKeyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); + snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); return; } @@ -446,14 +471,14 @@ void trustedEncryptKey(int *errStatus, char *err_string, char *key, *errStatus = -8; if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { - snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); + snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); return; } *errStatus = 0; } -void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *key) { LOG_DEBUG (__FUNCTION__); @@ -463,18 +488,18 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, *errStatus = -9; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) key, &decLen); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); return; } - //snprintf(err_string, BUF_LEN, "decr key is %s", key); + //snprintf(errString, BUF_LEN, "decr key is %s", key); if (decLen > MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); return; } @@ -485,7 +510,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, if (keyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Key is not null terminated"); + snprintf(errString, BUF_LEN, "Key is not null terminated"); return; } @@ -495,7 +520,7 @@ void trustedDecryptKey(int *errStatus, char *err_string, uint8_t *encrypted_key, } -void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *_hashX, char *_hashY, char *signature) { @@ -508,10 +533,10 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ - trustedDecryptKey(errStatus, err_string, encrypted_key, enc_len, key); + trustedDecryptKey(errStatus, errString, encryptedPrivateKey, enc_len, key); if (*errStatus != 0) { - strncpy(signature, err_string, BUF_LEN); + strncpy(signature, errString, BUF_LEN); return; } @@ -527,7 +552,7 @@ void trustedBlsSignMessage(int *errStatus, char *err_string, uint8_t *encrypted_ free(sig); } -void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { LOG_DEBUG (__FUNCTION__); @@ -538,7 +563,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk return; } - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); uint32_t sealedLen = sgx_calc_sealed_data_size(0, DKG_BUFER_LENGTH);//sizeof(sgx_sealed_data_t) + sizeof(dkg_secret); @@ -547,7 +572,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk (sgx_sealed_data_t *) encrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "SGX seal data failed"); + snprintf(errString, BUF_LEN, "SGX seal data failed"); *errStatus = status; return; } @@ -556,7 +581,7 @@ void trustedGenDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dk //free(dkg_secret); } -void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, +void trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, uint32_t *dec_len) { LOG_DEBUG (__FUNCTION__); @@ -567,7 +592,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte (const sgx_sealed_data_t *) encrypted_dkg_secret, NULL, 0, decrypted_dkg_secret, &decr_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } @@ -575,7 +600,7 @@ void trustedDecryptDkgSecret(int *errStatus, char *err_string, uint8_t *encrypte *dec_len = decr_len; } -void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, +void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, char *secret_shares, unsigned _t, unsigned _n) { @@ -584,21 +609,21 @@ void trustedGetSecretShares(int *errStatus, char *err_string, uint8_t *encrypted char decrypted_dkg_secret[DKG_BUFER_LENGTH]; uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); return; } *dec_len = decr_len; - // strncpy(err_string, decrypted_dkg_secret, 1024); + // strncpy(errString, decrypted_dkg_secret, 1024); calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n); //free(decrypted_dkg_secret); } -void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, char *public_shares, unsigned _t, unsigned _n) { @@ -606,23 +631,23 @@ void trustedGetPublicShares(int *errStatus, char *err_string, uint8_t *encrypted char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1); uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "trustedDecryptDkgSecret failed with status %d", *errStatus); return; } - //strncpy(err_string, decrypted_dkg_secret, 1024); - // strncpy(err_string, "before calc_public_shares ", 1024); + //strncpy(errString, decrypted_dkg_secret, 1024); + // strncpy(errString, "before calc_public_shares ", 1024); if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); + snprintf(errString, BUF_LEN, "t does not match polynomial in db"); return; } free(decrypted_dkg_secret); } -void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encrypted_poly) { +void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly) { memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH); uint32_t decr_len; sgx_status_t status = sgx_unseal_data( @@ -630,13 +655,13 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *err_string, uint8_t *encry if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); return; } } -void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { LOG_DEBUG (__FUNCTION__); @@ -651,7 +676,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e uint32_t enc_len; - trustedGenerateEcdsaKey(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKey(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); if (*errStatus != 0) { return; } @@ -662,11 +687,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e (const sgx_sealed_data_t *) encrypted_skey, NULL, 0, (uint8_t *) skey, &enc_len); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed - encrypted_skey with status %d", status); *errStatus = status; return; } - snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); + snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey); char *common_key[ECDSA_SKEY_LEN]; gen_session_key(skey, pub_keyB, common_key); @@ -675,14 +700,14 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "\nt does not match poly degree\n"); + snprintf(errString, BUF_LEN, "\nt does not match poly degree\n"); return; } - snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); + snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share); if (calc_secret_shareG2(s_share, s_shareG2) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid decr secret share\n"); + snprintf(errString, BUF_LEN, "invalid decr secret share\n"); return; } @@ -690,7 +715,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e xor_encrypt(common_key, s_share, cypher); if (cypher == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -701,7 +726,7 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *err_string, uint8_t *e } -void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, +void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encryptedDHKey, uint8_t *encrypted_dkg_secret, uint32_t *dec_len, char *DH_key, char *s_shareG2, uint8_t _t, uint8_t _n, uint8_t ind1) { @@ -712,9 +737,9 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt char decrypted_dkg_secret[DKG_BUFER_LENGTH]; uint32_t decr_len; - trustedDecryptDkgSecret(errStatus, err_string, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); + trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, &decr_len); if (*errStatus != 0) { - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_dkg_secret failed with status %d", *errStatus); return; } @@ -722,18 +747,18 @@ void trustedComplaintResponse(int *errStatus, char *err_string, uint8_t *encrypt } -void trustedDkgVerify(int *errStatus, char *err_string, const char *public_shares, const char *s_share, - uint8_t *encrypted_key, uint64_t key_len, unsigned _t, int _ind, int *result) { +void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share, + uint8_t *encryptedPrivateKey, uint64_t key_len, unsigned _t, int _ind, int *result) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); return; } @@ -747,14 +772,14 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share common_key[ECDSA_SKEY_LEN - 1] = 0; if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -766,28 +791,28 @@ void trustedDkgVerify(int *errStatus, char *err_string, const char *public_share mpz_init(s); if (mpz_set_str(s, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); mpz_clear(s); return; } *result = Verification(public_shares, s, _t, _ind); - snprintf(err_string, BUF_LEN, "common_key in verification is %s", common_key); + snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key); } -void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, - uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { +void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares, + uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey, &key_len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "sgx_unseal_key failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_key failed with status %d", status); return; } @@ -813,7 +838,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -823,7 +848,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -832,7 +857,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, mpz_init(decr_secret_share); if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decrypted secret share"); + snprintf(errString, BUF_LEN, "invalid decrypted secret share"); mpz_clear(decr_secret_share); return; } @@ -852,7 +877,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char *key = mpz_get_str(key_share, 16, bls_key); - snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); + snprintf(errString, BUF_LEN, " bls private key is %s", key_share); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); @@ -860,7 +885,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, (sgx_sealed_data_t *) encr_bls_key); if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "seal bls private key failed with status %d ", status); + snprintf(errString, BUF_LEN, "seal bls private key failed with status %d ", status); mpz_clear(bls_key); mpz_clear(sum); mpz_clear(q); @@ -874,7 +899,7 @@ void trustedCreateBlsKey(int *errStatus, char *err_string, const char *s_shares, mpz_clear(q); } -void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { +void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG (__FUNCTION__); @@ -883,21 +908,21 @@ void trustedGetBlsPubKey(int *errStatus, char *err_string, uint8_t *encrypted_ke uint32_t len = key_len; sgx_status_t status = sgx_unseal_data( - (const sgx_sealed_data_t *) encrypted_key, NULL, 0, (uint8_t *) skey_hex, &len); + (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey_hex, &len); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data failed with status %d", status); return; } if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "could not calculate bls public key"); + snprintf(errString, BUF_LEN, "could not calculate bls public key"); return; } } -void trustedGenerateSEK(int *errStatus, char *err_string, +void trustedGenerateSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) { LOG_DEBUG (__FUNCTION__); @@ -918,7 +943,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, SEK_hex, sealedLen, (sgx_sealed_data_t *) encrypted_SEK); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal SEK failed"); + snprintf(errString, BUF_LEN, "seal SEK failed"); *errStatus = status; return; } @@ -928,7 +953,7 @@ void trustedGenerateSEK(int *errStatus, char *err_string, } -void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uint64_t encr_len) { +void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) { LOG_DEBUG (__FUNCTION__); @@ -939,7 +964,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "sgx unseal SEK failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx unseal SEK failed with status %d", status); return; } @@ -948,7 +973,7 @@ void trustedSetSEK(int *errStatus, char *err_string, uint8_t *encrypted_SEK, uin } -void trustedSetSEK_backup(int *errStatus, char *err_string, +void trustedSetSEK_backup(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) { LOG_DEBUG (__FUNCTION__); @@ -961,7 +986,7 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, SEK_hex, sealedLen, (sgx_sealed_data_t *) encrypted_SEK); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "seal SEK failed with status %d", status); + snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status); *errStatus = status; return; } @@ -969,8 +994,8 @@ void trustedSetSEK_backup(int *errStatus, char *err_string, *enc_len = sealedLen; } -void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -999,10 +1024,10 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, uint8_t base = 16; int len = mpz_sizeinbase(Pkey->x, base) + 2; - //snprintf(err_string, BUF_LEN, "len = %d\n", len); + //snprintf(errString, BUF_LEN, "len = %d\n", len); char arr_x[len]; char *px = mpz_get_str(arr_x, base, Pkey->x); - //snprintf(err_string, BUF_LEN, "arr=%p px=%p\n", arr_x, px); + //snprintf(errString, BUF_LEN, "arr=%p px=%p\n", arr_x, px); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; @@ -1019,21 +1044,21 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); char skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2]; char *s = mpz_get_str(skey_str, ECDSA_SKEY_BASE, skey); - snprintf(err_string, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); + snprintf(errString, BUF_LEN, "skey is %s len %d\n", skey_str, strlen(skey_str)); - int stat = AES_encrypt(skey_str, encrypted_key); + int stat = AES_encrypt(skey_str, encryptedPrivateKey); if (stat != 0) { - snprintf(err_string, BUF_LEN, "ecdsa private key encryption failed"); + snprintf(errString, BUF_LEN, "ecdsa private key encryption failed"); *errStatus = stat; return; } *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; - stat = AES_decrypt(encrypted_key, *enc_len, skey_str); + stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str); if (stat != 0) { - snprintf(err_string + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); + snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat); //*errStatus = stat; return; } @@ -1043,8 +1068,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *err_string, point_clear(Pkey); } -void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, - uint8_t *encrypted_key, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { +void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, + uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG (__FUNCTION__); @@ -1053,38 +1078,38 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != 0) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status); *errStatus = status; return; } skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; - strncpy(err_string, skey, 1024); + strncpy(errString, skey, 1024); - mpz_t secretKeyMpz; - mpz_init(secretKeyMpz); - // mpz_import(secretKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); - if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { - snprintf(err_string, BUF_LEN, "wrong string to init private key - %s", skey); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + // mpz_import(privateKeyMpz, 32, 1, sizeof(skey[0]), 0, 0, skey); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "wrong string to init private key - %s", skey); *errStatus = -10; - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); return; } //Public key point Pkey = point_init(); - signature_extract_public_key(Pkey, secretKeyMpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); point Pkey_test = point_init(); - point_multiplication(Pkey_test, secretKeyMpz, curve->G, curve); + point_multiplication(Pkey_test, privateKeyMpz, curve->G, curve); if (!point_cmp(Pkey, Pkey_test)) { - snprintf(err_string, BUF_LEN, "Points are not equal"); + snprintf(errString, BUF_LEN, "Points are not equal"); *errStatus = -11; return; } @@ -1111,12 +1136,12 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *err_string, } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); domain_parameters_clear(curve); point_clear(Pkey); } -void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t enc_len, +void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) { LOG_DEBUG (__FUNCTION__); @@ -1126,23 +1151,23 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != 0) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE - 1] = '\0'; - snprintf(err_string, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); - mpz_t secretKeyMpz; - mpz_init(secretKeyMpz); - if (mpz_set_str(secretKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { + snprintf(errString, BUF_LEN, "pr key is %s length %d ", skey, strlen(skey)); + mpz_t privateKeyMpz; + mpz_init(privateKeyMpz); + if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid secret key"); - mpz_clear(secretKeyMpz); + snprintf(errString, BUF_LEN, "invalid secret key"); + mpz_clear(privateKeyMpz); return; } @@ -1151,29 +1176,29 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke mpz_init(msgMpz); if (mpz_set_str(msgMpz, hash, 16) == -1) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid message hash"); + snprintf(errString, BUF_LEN, "invalid message hash"); mpz_clear(msgMpz); return; } signature sign = signature_init(); - signature_sign(sign, msgMpz, secretKeyMpz, curve); + signature_sign(sign, msgMpz, privateKeyMpz, curve); point Pkey = point_init(); - signature_extract_public_key(Pkey, secretKeyMpz, curve); + signature_extract_public_key(Pkey, privateKeyMpz, curve); if (!signature_verify(msgMpz, sign, Pkey, curve)) { *errStatus = -2; - snprintf(err_string, BUF_LEN, "signature is not verified! "); + snprintf(errString, BUF_LEN, "signature is not verified! "); return; } char arrM[mpz_sizeinbase(msgMpz, 16) + 2]; char *msg = mpz_get_str(arrM, 16, msgMpz); - snprintf(err_string, BUF_LEN, "message is %s ", arrM); + snprintf(errString, BUF_LEN, "message is %s ", arrM); char arrR[mpz_sizeinbase(sign->r, base) + 2]; char *r = mpz_get_str(arrR, base, sign->r); @@ -1185,7 +1210,7 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke *sig_v = sign->v; - mpz_clear(secretKeyMpz); + mpz_clear(privateKeyMpz); mpz_clear(msgMpz); domain_parameters_clear(curve); signature_free(sign); @@ -1193,21 +1218,21 @@ void trustedEcdsaSignAES(int *errStatus, char *err_string, uint8_t *encrypted_ke } -void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, - uint8_t *encrypted_key, uint32_t *enc_len) { +void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, + uint8_t *encryptedPrivateKey, uint32_t *enc_len) { LOG_DEBUG (__FUNCTION__); *errStatus = UNKNOWN_ERROR; - memset(err_string, 0, BUF_LEN); + memset(errString, 0, BUF_LEN); - memset(encrypted_key, 0, BUF_LEN); + memset(encryptedPrivateKey, 0, BUF_LEN); - int stat = AES_encrypt(key, encrypted_key); + int stat = AES_encrypt(key, encryptedPrivateKey); if (stat != 0) { *errStatus = stat; - snprintf(err_string, BUF_LEN, "AES encrypt failed with status %d", stat); + snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat); return; } @@ -1216,18 +1241,18 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, char decryptedKey[BUF_LEN]; memset(decryptedKey, 0, BUF_LEN); - stat = AES_decrypt(encrypted_key, *enc_len, decryptedKey); + stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey); if (stat != 0) { *errStatus = stat; - snprintf(err_string, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); + snprintf(errString, BUF_LEN, ":trustedDecryptKey failed with status %d", stat); return; } uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); if (decryptedKeyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Decrypted key is not null terminated"); + snprintf(errString, BUF_LEN, "Decrypted key is not null terminated"); return; } @@ -1235,32 +1260,32 @@ void trustedEncryptKeyAES(int *errStatus, char *err_string, const char *key, *errStatus = -8; if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { - snprintf(err_string, BUF_LEN, "Decrypted key does not match original key"); + snprintf(errString, BUF_LEN, "Decrypted key does not match original key"); return; } *errStatus = 0; } -void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *key) { uint32_t decLen; *errStatus = -9; - int status = AES_decrypt(encrypted_key, enc_len, key); + int status = AES_decrypt(encryptedPrivateKey, enc_len, key); if (status != 0) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } if (decLen > MAX_KEY_LENGTH) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); + snprintf(errString, BUF_LEN, "wrong decLen");//"decLen != MAX_KEY_LENGTH"); return; } @@ -1271,16 +1296,16 @@ void trustedDecryptKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_k if (keyLen == MAX_KEY_LENGTH) { - snprintf(err_string, BUF_LEN, "Key is not null terminated"); + snprintf(errString, BUF_LEN, "Key is not null terminated"); return; } *errStatus = 0; - memcpy(err_string, AES_key, 1024); + memcpy(errString, AES_key, 1024); } -void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypted_key, +void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *_hashX, char *_hashY, char *signature) { @@ -1291,11 +1316,11 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt char sig[BUF_LEN]; memset(sig, 0, BUF_LEN); - int stat = AES_decrypt(encrypted_key, enc_len, key); + int stat = AES_decrypt(encryptedPrivateKey, enc_len, key); if (stat != 0) { *errStatus = stat; - strncpy(signature, err_string, BUF_LEN); + strncpy(signature, errString, BUF_LEN); return; } @@ -1311,7 +1336,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *err_string, uint8_t *encrypt } void -trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { +trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { LOG_DEBUG (__FUNCTION__); @@ -1323,12 +1348,12 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ return; } - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); int status = AES_encrypt(dkg_secret, encrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "SGX AES encrypt DKG poly failed"); + snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed"); *errStatus = status; return; } @@ -1341,14 +1366,14 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt dkg poly failed"); + snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed"); *errStatus = status; return; } if (strcmp(dkg_secret, decr_dkg_secret) != 0) { - snprintf(err_string, BUF_LEN, "poly is %s ", dkg_secret); - snprintf(err_string + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, + snprintf(errString, BUF_LEN, "poly is %s ", dkg_secret); + snprintf(errString + strlen(dkg_secret) + 8, BUF_LEN - strlen(dkg_secret) - 8, "encrypted poly is not equal to decrypted poly"); *errStatus = -333; } @@ -1357,7 +1382,7 @@ trustedGenDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_ } void -trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, +trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint8_t *decrypted_dkg_secret, uint32_t *dec_len) { LOG_DEBUG (__FUNCTION__); @@ -1365,14 +1390,14 @@ trustedDecryptDkgSecretAES(int *errStatus, char *err_string, uint8_t *encrypted_ int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } } -void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *encrypted_poly, uint64_t *enc_len) { +void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) { LOG_DEBUG (__FUNCTION__); @@ -1381,12 +1406,12 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *err_string, uint8_t *en if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); + snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status); return; } } -void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t *encrypted_skey, uint32_t *dec_len, +void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { char skey[ECDSA_SKEY_LEN]; @@ -1398,7 +1423,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t uint32_t enc_len; - trustedGenerateEcdsaKeyAES(errStatus, err_string, encrypted_skey, &enc_len, pub_key_x, pub_key_y); + trustedGenerateEcdsaKeyAES(errStatus, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); if (*errStatus != 0) { return; } @@ -1408,11 +1433,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t skey[ECDSA_SKEY_LEN - 1] = 0; if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d", status); *errStatus = status; return; } - snprintf(err_string, BUF_LEN, "unsealed random skey is %s\n", skey); + snprintf(errString, BUF_LEN, "unsealed random skey is %s\n", skey); *dec_len = enc_len;// + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; @@ -1425,14 +1450,14 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t if (calc_secret_share(decryptedDkgPoly, s_share, _t, _n, ind) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, decryptedDkgPoly); + snprintf(errString, BUF_LEN, decryptedDkgPoly); return; } - snprintf(err_string + 88, BUF_LEN, "\nsecret share is %s", s_share); + snprintf(errString + 88, BUF_LEN, "\nsecret share is %s", s_share); if (calc_secret_shareG2(s_share, s_shareG2) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); return; } @@ -1440,7 +1465,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t xor_encrypt(common_key, s_share, cypher); if (cypher == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1452,7 +1477,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *err_string, uint8_t } -void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encrypted_dkg_secret, uint32_t enc_len, +void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, char *public_shares, unsigned _t, unsigned _n) { @@ -1466,33 +1491,33 @@ void trustedGetPublicSharesAES(int *errStatus, char *err_string, uint8_t *encryp if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status); *errStatus = status; return; } if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "t does not match polynomial in db"); + snprintf(errString, BUF_LEN, "t does not match polynomial in db"); return; } } -void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_shares, const char *s_share, - uint8_t *encrypted_key, uint64_t enc_len, unsigned _t, int _ind, int *result) { +void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, + uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; memset(skey, 0, ECDSA_SKEY_LEN); - int status = AES_decrypt(encrypted_key, enc_len, skey); + int status = AES_decrypt(encryptedPrivateKey, enc_len, skey); if (status != SGX_SUCCESS) { - snprintf(err_string, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); + snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status); *errStatus = status; return; } @@ -1509,7 +1534,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh if (common_key == NULL || strlen(common_key) == 0) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1518,7 +1543,7 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); return; } @@ -1526,27 +1551,27 @@ void trustedDkgVerifyAES(int *errStatus, char *err_string, const char *public_sh mpz_init(s); if (mpz_set_str(s, decr_sshare, 16) == -1) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid decr secret share"); + snprintf(errString, BUF_LEN, "invalid decr secret share"); mpz_clear(s); return; } *result = Verification(public_shares, s, _t, _ind); - snprintf(err_string, BUF_LEN, "secret share dec %s", public_shares); + snprintf(errString, BUF_LEN, "secret share dec %s", public_shares); } -void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shares, - uint8_t *encrypted_key, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { +void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, + uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { LOG_DEBUG (__FUNCTION__); char skey[ECDSA_SKEY_LEN]; - int status = AES_decrypt(encrypted_key, key_len, skey); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey); if (status != SGX_SUCCESS) { *errStatus = status; - snprintf(err_string, BUF_LEN, "aes decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status); return; } skey[ECDSA_SKEY_LEN - 1] = 0; @@ -1574,7 +1599,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar if (common_key == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -1584,7 +1609,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar xor_decrypt(common_key, encr_sshare, decr_sshare); if (decr_sshare == NULL) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "invalid common_key"); + snprintf(errString, BUF_LEN, "invalid common_key"); mpz_clear(sum); return; } @@ -1594,8 +1619,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar mpz_init(decr_secret_share); if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { *errStatus = 111; - //snprintf(err_string, BUF_LEN ,"invalid decrypted secret share"); - snprintf(err_string, BUF_LEN, decr_sshare); + //snprintf(errString, BUF_LEN ,"invalid decrypted secret share"); + snprintf(errString, BUF_LEN, decr_sshare); mpz_clear(decr_secret_share); return; } @@ -1615,7 +1640,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar char key_share[mpz_sizeinbase(bls_key, 16) + 2]; char *key = mpz_get_str(key_share, 16, bls_key); - snprintf(err_string, BUF_LEN, " bls private key is %s", key_share); + snprintf(errString, BUF_LEN, " bls private key is %s", key_share); uint32_t sealedLen = sgx_calc_sealed_data_size(0, ECDSA_SKEY_LEN); @@ -1623,7 +1648,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar if (status != SGX_SUCCESS) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); + snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status); mpz_clear(bls_key); mpz_clear(sum); mpz_clear(q); @@ -1637,7 +1662,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *err_string, const char *s_shar } void -trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint64_t key_len, char *bls_pub_key) { +trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG (__FUNCTION__); @@ -1645,10 +1670,10 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, uint32_t len = key_len; - int status = AES_decrypt(encrypted_key, key_len, skey_hex); + int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex); if (status != SGX_SUCCESS) { *errStatus = 1; - snprintf(err_string, BUF_LEN, "aes_decrypt failed with status %d", status); + snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status); return; } @@ -1656,7 +1681,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *err_string, uint8_t *encrypted_key, if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) { *errStatus = -1; - snprintf(err_string, BUF_LEN, "could not calculate bls public key"); + snprintf(errString, BUF_LEN, "could not calculate bls public key"); return; } } From 3bf5e53bbb7534339293520fb56840b65ac00889 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 16:54:49 +0300 Subject: [PATCH 04/25] Fixed docs --- secure_enclave/secure_enclave.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 6f8f9527..0ea6cd3d 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -365,16 +365,14 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate signature_extract_public_key(publicKey, privateKeyMpz, curve); + + if (!signature_verify(msgMpz, sign, publicKey, curve)) { *errStatus = -2; snprintf(errString, BUF_LEN, "ECDSA sig not verified"); LOG_WARN(errString); goto clean; } - - arrM = calloc(mpz_sizeinbase(msgMpz, 16) + 2 ,1); - mpz_get_str(arrM, 16, msgMpz); - arrR = calloc(mpz_sizeinbase(sign->r, base) + 2,1); mpz_get_str(arrR, base, sign->r); @@ -396,9 +394,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate if (privateKey) free(privateKey); - if (arrM) { - free(arrM); - } + if (arrR) { free(arrR); } From 1aa170b1740d3a3f25793987cbae8aa9aec1c928 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 18:09:02 +0300 Subject: [PATCH 05/25] Fixed docs --- secure_enclave/Point.c | 360 --------------------------------------- secure_enclave/Point.h | 370 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 348 insertions(+), 382 deletions(-) diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index 4cfe60b1..eac24a7a 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -32,363 +32,3 @@ #include "DomainParameters.h" #include "Point.h" -/*Initialize a point*/ -point point_init() -{ - point p; - p = calloc(sizeof(struct point_s), 1); - mpz_init(p->x); - mpz_init(p->y); - p->infinity = false; - return p; -} - -/*Set point to be a infinity*/ -void point_at_infinity(point p) -{ - p->infinity = true; -} - -/*Print point to standart output stream*/ -void point_print(point p) -{ - /* //Write something if point is a infinity - if(p->infinity) - { - printf("Point is at infinity!"); - }else{ - printf("\nPoint: (\n\t"); - //mpz_out_str(stdout, 10, p->x); - printf("\n,\n\t"); - //mpz_out_str(stdout, 10, p->y); - printf("\n)\n"); - }*/ -} - -/*Set a point from another point*/ -void point_set(point R, point P) -{ - //Copy the point - mpz_set(R->x, P->x); - mpz_set(R->y, P->y); - - //Including infinity settings - R->infinity = P->infinity; -} - -/*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base) -{ - mpz_set_str(p->x, x, base); - mpz_set_str(p->y, y, base); -} - -/*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y) -{ - point_set_str(p,x,y,16); -} - -/*Set point from decimal unsigned long ints*/ -void point_set_ui(point p, unsigned long int x, unsigned long int y) -{ - mpz_set_ui(p->x, x); - mpz_set_ui(p->y, y); -} - -/*Make R a copy of P*/ -void point_copy(point R, point P) -{ - //Same as point set - point_set(R, P); -} - -/*Addition of point P + Q = result*/ -void point_addition(point result, point P, point Q, domain_parameters curve) -{ - //If Q is at infinity, set result to P - if(Q->infinity) - { - point_set(result, P); - - //If P is at infinity set result to be Q - }else if(P->infinity){ - point_set(result, Q); - - //If the points are the same use point doubling - }else if(point_cmp(P,Q)) - { - point_doubling(result, Q, curve); - }else{ - //Calculate the inverse point - point iQ = point_init(); - point_inverse(iQ, Q, curve); - bool is_inverse = point_cmp(iQ,P); - point_clear(iQ); - - //If it is the inverse - if(is_inverse) - { - //result must be point at infinity - point_at_infinity(result); - }else{ - //Initialize slope variable - mpz_t s;mpz_init(s); - //Initialize temporary variables - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - mpz_t t5;mpz_init(t5); - /* - Modulo algebra rules: - (b1 + b2) mod n = (b2 mod n) + (b1 mod n) mod n - (b1 * b2) mod n = (b2 mod n) * (b1 mod n) mod n - */ - - //Calculate slope - //s = (Py - Qy)/(Px-Qx) mod p - mpz_sub(t1, P->y, Q->y); - mpz_sub(t2, P->x, Q->x); - //Using Modulo to stay within the group! - number_theory_inverse(t3, t2, curve->p); //Handle errors - mpz_mul(t4, t1, t3); - mpz_mod(s, t4, curve->p); - - //Calculate Rx using algorithm shown to the right of the commands - //Rx = s² - Px - Qx = (s² mod p) - (Px mod p) - (Qx mod p) mod p - number_theory_exp_modp_ui(t1, s, 2, curve->p); //t1 = s² mod p - mpz_mod(t2, P->x, curve->p); //t2 = Px mod p - mpz_mod(t3, Q->x, curve->p); //t3 = Qx mod p - mpz_sub(t4, t1, t2); //t4 = t1 - t2 - mpz_sub(t5, t4, t3); //t5 = t4 - t3 - mpz_mod(result->x, t5, curve->p); //R->x = t5 mod p - - //Calculate Ry using algorithm shown to the right of the commands - //Ry = s(Px-Rx) - Py mod p - mpz_sub(t1, P->x, result->x); //t1 = Px - Rx - mpz_mul(t2, s, t1); //t2 = s*t1 - mpz_sub(t3, t2, P->y); //t3 = t2 - Py - mpz_mod(result->y, t3, curve->p); //Ry = t3 mod p - - //Clear variables, release memory - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); - mpz_clear(t5); - mpz_clear(s); - } - } -} - -/*Set R to the additive inverse of P, in the curve curve*/ -void point_inverse(point R, point P, domain_parameters curve) -{ - //If at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Set Rx = Px - mpz_set(R->x, P->x); - - //Set Ry = -Py mod p = p - Ry (Since, Ry < p and Ry is positive) - mpz_sub(R->y, curve->p, P->y); - } -} - -/*Set point R = 2P*/ -void point_doubling(point R, point P, domain_parameters curve) -{ - //If at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Initialize slope variable - mpz_t s;mpz_init(s); - //Initialize temporary variables - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - mpz_t t5;mpz_init(t5); - - //Calculate slope - //s = (3*Px² + a) / (2*Py) mod p - number_theory_exp_modp_ui(t1, P->x, 2, curve->p); //t1 = Px² mod p - mpz_mul_ui(t2, t1, 3); //t2 = 3 * t1 - mpz_mod(t3, t2, curve->p); //t3 = t2 mod p - mpz_add(t4, t3, curve->a); //t4 = t3 + a - mpz_mod(t5, t4, curve->p); //t5 = t4 mod p - - mpz_mul_ui(t1, P->y, 2); //t1 = 2*Py - number_theory_inverse(t2, t1, curve->p); //t2 = t1^-1 mod p - mpz_mul(t1, t5, t2); //t1 = t5 * t2 - mpz_mod(s, t1, curve->p); //s = t1 mod p - - //Calculate Rx - //Rx = s² - 2*Px mod p - number_theory_exp_modp_ui(t1, s, 2, curve->p);//t1 = s² mod p - mpz_mul_ui(t2, P->x, 2); //t2 = Px*2 - mpz_mod(t3, t2, curve->p); //t3 = t2 mod p - mpz_sub(t4, t1, t3); //t4 = t1 - t3 - mpz_mod(R->x, t4, curve->p); //Rx = t4 mod p - - //Calculate Ry using algorithm shown to the right of the commands - //Ry = s(Px-Rx) - Py mod p - mpz_sub(t1, P->x, R->x); //t1 = Px - Rx - mpz_mul(t2, s, t1); //t2 = s*t1 - mpz_sub(t3, t2, P->y); //t3 = t2 - Py - mpz_mod(R->y, t3, curve->p); //Ry = t3 mod p - - //Clear variables, release memory - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); - mpz_clear(t5); - mpz_clear(s); - } -} - -/*Compare two points return 1 if not the same, returns 0 if they are the same*/ -bool point_cmp(point P, point Q) -{ - //If at infinity - if(P->infinity && Q->infinity) - return true; - else if(P->infinity || Q->infinity) - return false; - else - return !mpz_cmp(P->x,Q->x) && !mpz_cmp(P->y,Q->y); -} - -/*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ -void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve) -{ - //If at infinity R is also at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Initializing variables - point x = point_init(); - point_copy(x, P); - point t = point_init(); - point_copy(t, x); - - //Set R = point at infinity - point_at_infinity(R); - -/* -Loops through the integer bit per bit, if a bit is 1 then x is added to the result. Looping through the multiplier in this manner allows us to use as many point doubling operations as possible. No reason to say 5P=P+P+P+P+P, when you might as well just use 5P=2(2P)+P. -This is not the most effecient method of point multiplication, but it's faster than P+P+P+... which is not computational feasiable. -*/ - int bits = mpz_sizeinbase(multiplier, 2); - unsigned long int bit = 0; - while(bit <= bits) - { - if(mpz_tstbit(multiplier, bit)) - { - point_addition(t, x, R, curve); - point_copy(R, t); - } - point_doubling(t, x, curve); - point_copy(x, t); - bit++; - } - - //Release temporary variables - point_clear(x); - point_clear(t); - } -} - -/*Decompress a point from hexadecimal representation - *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ -void point_decompress(point P, char* zPoint, domain_parameters curve) -{ - //Initialiser variabler - mpz_t x;mpz_init(x); - mpz_t a;mpz_init(a); - mpz_t b;mpz_init(b); - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - - //Get x coordinate - mpz_set_str(x, zPoint + 2, 16); - - //alpha = x^3+a*x+b mod p - number_theory_exp_modp_ui(t1, x, 3, curve->p);//t1 = x^3 mod p - mpz_mul(t3, x, curve->a); //t3 = a*x - mpz_mod(t2, t3, curve->p); //t2 = t3 mod p - mpz_add(t3, t1, t2); //t3 = t1 + t2 - mpz_add(t4, t3, curve->b); //t4 = t3 + b - mpz_mod(a, t4, curve->p); //a = t4 mod p - - //beta = sqrt(alpha) mod p - number_theory_squareroot_modp(b, a, curve->p); - - //Get y mod 2 from input - mpz_set_ui(t2, zPoint[1] == '2' ? 0 : 1); - - //Set x - mpz_set(P->x, x); - - //t2 = beta mod p - mpz_mod_ui(t1, b, 2); - if(mpz_cmp(t1, t2)) - mpz_set(P->y, b); //y = beta - else - mpz_sub(P->y, curve->p, b);//y = p -beta - - //Release variables - mpz_clear(x); - mpz_clear(a); - mpz_clear(b); - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); -} - -/*Compress a point to hexadecimal string - *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ -char* point_compress(point P) -{ - //Point should not be at infinity - assert(!P->infinity); - - //Reserve memory - int l = mpz_sizeinbase(P->x, 16) + 2; - char* result = (char*)calloc(l + 1, 1); - result[l] = '\0'; - mpz_t t1;mpz_init(t1); - - //Add x coordinat in hex to result - mpz_get_str(result +2, 16, P->x); - - //Determine if it's odd or even - mpz_mod_ui(t1, P->y, 2); - if(mpz_cmp_ui(t1, 0)) - strncpy(result, "02", 2); - else - strncpy(result, "03", 2); - - mpz_clear(t1); - - return result; -} - -/*Release point*/ -void point_clear(point p) -{ - mpz_clear(p->x); - mpz_clear(p->y); - free(p); -} - diff --git a/secure_enclave/Point.h b/secure_enclave/Point.h index a35ef552..79ea9bf1 100644 --- a/secure_enclave/Point.h +++ b/secure_enclave/Point.h @@ -29,53 +29,379 @@ #include "DomainParameters.h" /*Initialize a point*/ -point point_init(); +static inline point point_init() +{ + point p; + p = calloc(sizeof(struct point_s), 1); + mpz_init(p->x); + mpz_init(p->y); + p->infinity = false; + return p; +} + /*Release point*/ -void point_clear(point p); +static inline void point_clear(point p) +{ + mpz_clear(p->x); + mpz_clear(p->y); + free(p); +} + /*Set point to be a infinity*/ -void point_at_infinity(point p); +static inline void point_at_infinity(point p) +{ + p->infinity = true; +} + + +/*Compare two points return 1 if not the same, returns 0 if they are the same*/ +static inline bool point_cmp(point P, point Q) +{ + //If at infinity + if(P->infinity && Q->infinity) + return true; + else if(P->infinity || Q->infinity) + return false; + else + return !mpz_cmp(P->x,Q->x) && !mpz_cmp(P->y,Q->y); +} -/*Set R to the additive inverse of P, in the curve curve*/ -void point_inverse(point R, point P, domain_parameters curve); /*Print point to standart output stream*/ -void point_print(point p); +static inline void point_print(point p) +{ + /* //Write something if point is a infinity + if(p->infinity) + { + printf("Point is at infinity!"); + }else{ + printf("\nPoint: (\n\t"); + //mpz_out_str(stdout, 10, p->x); + printf("\n,\n\t"); + //mpz_out_str(stdout, 10, p->y); + printf("\n)\n"); + }*/ +} + +/*Set a point from another point*/ +static inline void point_set(point R, point P) +{ + //Copy the point + mpz_set(R->x, P->x); + mpz_set(R->y, P->y); + + //Including infinity settings + R->infinity = P->infinity; +} + +/*Set point from strings of a base from 2-62*/ +static inline void point_set_str(point p, char *x, char *y, int base) +{ + mpz_set_str(p->x, x, base); + mpz_set_str(p->y, y, base); +} /*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y); +static inline void point_set_hex(point p, char *x, char *y) +{ + point_set_str(p,x,y,16); +} /*Set point from decimal unsigned long ints*/ -void point_set_ui(point p, unsigned long int x, unsigned long int y); +static inline void point_set_ui(point p, unsigned long int x, unsigned long int y) +{ + mpz_set_ui(p->x, x); + mpz_set_ui(p->y, y); +} + +/*Make R a copy of P*/ +static inline void point_copy(point R, point P) +{ + //Same as point set + point_set(R, P); +} + +/*Set R to the additive inverse of P, in the curve curve*/ +static inline void point_inverse(point R, point P, domain_parameters curve) +{ + //If at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Set Rx = Px + mpz_set(R->x, P->x); + + //Set Ry = -Py mod p = p - Ry (Since, Ry < p and Ry is positive) + mpz_sub(R->y, curve->p, P->y); + } +} -/*Addition of point P + Q = result*/ -void point_addition(point result, point P, point Q, domain_parameters curve); /*Set point R = 2P*/ -void point_doubling(point R, point P, domain_parameters curve); +static inline void point_doubling(point R, point P, domain_parameters curve) +{ + //If at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Initialize slope variable + mpz_t s;mpz_init(s); + //Initialize temporary variables + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + mpz_t t5;mpz_init(t5); + + //Calculate slope + //s = (3*Px² + a) / (2*Py) mod p + number_theory_exp_modp_ui(t1, P->x, 2, curve->p); //t1 = Px² mod p + mpz_mul_ui(t2, t1, 3); //t2 = 3 * t1 + mpz_mod(t3, t2, curve->p); //t3 = t2 mod p + mpz_add(t4, t3, curve->a); //t4 = t3 + a + mpz_mod(t5, t4, curve->p); //t5 = t4 mod p + + mpz_mul_ui(t1, P->y, 2); //t1 = 2*Py + number_theory_inverse(t2, t1, curve->p); //t2 = t1^-1 mod p + mpz_mul(t1, t5, t2); //t1 = t5 * t2 + mpz_mod(s, t1, curve->p); //s = t1 mod p + + //Calculate Rx + //Rx = s² - 2*Px mod p + number_theory_exp_modp_ui(t1, s, 2, curve->p);//t1 = s² mod p + mpz_mul_ui(t2, P->x, 2); //t2 = Px*2 + mpz_mod(t3, t2, curve->p); //t3 = t2 mod p + mpz_sub(t4, t1, t3); //t4 = t1 - t3 + mpz_mod(R->x, t4, curve->p); //Rx = t4 mod p + + //Calculate Ry using algorithm shown to the right of the commands + //Ry = s(Px-Rx) - Py mod p + mpz_sub(t1, P->x, R->x); //t1 = Px - Rx + mpz_mul(t2, s, t1); //t2 = s*t1 + mpz_sub(t3, t2, P->y); //t3 = t2 - Py + mpz_mod(R->y, t3, curve->p); //Ry = t3 mod p + + //Clear variables, release memory + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); + mpz_clear(s); + } +} + + +/*Addition of point P + Q = result*/ +static inline void point_addition(point result, point P, point Q, domain_parameters curve) +{ + //If Q is at infinity, set result to P + if(Q->infinity) + { + point_set(result, P); + + //If P is at infinity set result to be Q + }else if(P->infinity){ + point_set(result, Q); + + //If the points are the same use point doubling + }else if(point_cmp(P,Q)) + { + point_doubling(result, Q, curve); + }else{ + //Calculate the inverse point + point iQ = point_init(); + point_inverse(iQ, Q, curve); + bool is_inverse = point_cmp(iQ,P); + point_clear(iQ); + + //If it is the inverse + if(is_inverse) + { + //result must be point at infinity + point_at_infinity(result); + }else{ + //Initialize slope variable + mpz_t s;mpz_init(s); + //Initialize temporary variables + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + mpz_t t5;mpz_init(t5); + /* + Modulo algebra rules: + (b1 + b2) mod n = (b2 mod n) + (b1 mod n) mod n + (b1 * b2) mod n = (b2 mod n) * (b1 mod n) mod n + */ + + //Calculate slope + //s = (Py - Qy)/(Px-Qx) mod p + mpz_sub(t1, P->y, Q->y); + mpz_sub(t2, P->x, Q->x); + //Using Modulo to stay within the group! + number_theory_inverse(t3, t2, curve->p); //Handle errors + mpz_mul(t4, t1, t3); + mpz_mod(s, t4, curve->p); + + //Calculate Rx using algorithm shown to the right of the commands + //Rx = s² - Px - Qx = (s² mod p) - (Px mod p) - (Qx mod p) mod p + number_theory_exp_modp_ui(t1, s, 2, curve->p); //t1 = s² mod p + mpz_mod(t2, P->x, curve->p); //t2 = Px mod p + mpz_mod(t3, Q->x, curve->p); //t3 = Qx mod p + mpz_sub(t4, t1, t2); //t4 = t1 - t2 + mpz_sub(t5, t4, t3); //t5 = t4 - t3 + mpz_mod(result->x, t5, curve->p); //R->x = t5 mod p + + //Calculate Ry using algorithm shown to the right of the commands + //Ry = s(Px-Rx) - Py mod p + mpz_sub(t1, P->x, result->x); //t1 = Px - Rx + mpz_mul(t2, s, t1); //t2 = s*t1 + mpz_sub(t3, t2, P->y); //t3 = t2 - Py + mpz_mod(result->y, t3, curve->p); //Ry = t3 mod p + + //Clear variables, release memory + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); + mpz_clear(s); + } + } +} + + + + + + /*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ -void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); +static inline void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve) +{ + //If at infinity R is also at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Initializing variables + point x = point_init(); + point_copy(x, P); + point t = point_init(); + point_copy(t, x); -/*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base); + //Set R = point at infinity + point_at_infinity(R); -/*Compare two points return 1 if not the same, returns 0 if they are the same*/ -bool point_cmp(point P, point Q); +/* +Loops through the integer bit per bit, if a bit is 1 then x is added to the result. Looping through the multiplier in this manner allows us to use as many point doubling operations as possible. No reason to say 5P=P+P+P+P+P, when you might as well just use 5P=2(2P)+P. +This is not the most effecient method of point multiplication, but it's faster than P+P+P+... which is not computational feasiable. +*/ + int bits = mpz_sizeinbase(multiplier, 2); + unsigned long int bit = 0; + while(bit <= bits) + { + if(mpz_tstbit(multiplier, bit)) + { + point_addition(t, x, R, curve); + point_copy(R, t); + } + point_doubling(t, x, curve); + point_copy(x, t); + bit++; + } + + //Release temporary variables + point_clear(x); + point_clear(t); + } +} /*Decompress a point from hexadecimal representation *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ -void point_decompress(point P, char* zPoint, domain_parameters curve); +static inline void point_decompress(point P, char* zPoint, domain_parameters curve) +{ + //Initialiser variabler + mpz_t x;mpz_init(x); + mpz_t a;mpz_init(a); + mpz_t b;mpz_init(b); + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + + //Get x coordinate + mpz_set_str(x, zPoint + 2, 16); + + //alpha = x^3+a*x+b mod p + number_theory_exp_modp_ui(t1, x, 3, curve->p);//t1 = x^3 mod p + mpz_mul(t3, x, curve->a); //t3 = a*x + mpz_mod(t2, t3, curve->p); //t2 = t3 mod p + mpz_add(t3, t1, t2); //t3 = t1 + t2 + mpz_add(t4, t3, curve->b); //t4 = t3 + b + mpz_mod(a, t4, curve->p); //a = t4 mod p + + //beta = sqrt(alpha) mod p + number_theory_squareroot_modp(b, a, curve->p); + + //Get y mod 2 from input + mpz_set_ui(t2, zPoint[1] == '2' ? 0 : 1); + + //Set x + mpz_set(P->x, x); + + //t2 = beta mod p + mpz_mod_ui(t1, b, 2); + if(mpz_cmp(t1, t2)) + mpz_set(P->y, b); //y = beta + else + mpz_sub(P->y, curve->p, b);//y = p -beta + + //Release variables + mpz_clear(x); + mpz_clear(a); + mpz_clear(b); + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); +} /*Compress a point to hexadecimal string *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ -char* point_compress(point P); +static inline char* point_compress(point P) +{ + //Point should not be at infinity + assert(!P->infinity); + + //Reserve memory + int l = mpz_sizeinbase(P->x, 16) + 2; + char* result = (char*)calloc(l + 1, 1); + result[l] = '\0'; + mpz_t t1;mpz_init(t1); + + //Add x coordinat in hex to result + mpz_get_str(result +2, 16, P->x); + + //Determine if it's odd or even + mpz_mod_ui(t1, P->y, 2); + if(mpz_cmp_ui(t1, 0)) + strncpy(result, "02", 2); + else + strncpy(result, "03", 2); + + mpz_clear(t1); + + return result; +} + + -/*Make R a copy of P*/ -void point_copy(point R, point P); -/*Set a point from another point*/ -void point_set(point R, point P); #endif \ No newline at end of file From cec32d231a57802677705820a6c58cb0ba609c5d Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 14 May 2020 19:00:55 +0300 Subject: [PATCH 06/25] SKALE-1880-fix-ecdsa --- secure_enclave/Curves.c | 6 ++++++ secure_enclave/DHDkg.c | 4 ++++ secure_enclave/DKGUtils.cpp | 7 ++++++- secure_enclave/DKGUtils.h | 6 +++++- secure_enclave/DomainParameters.c | 5 +++++ secure_enclave/NumberTheory.c | 8 +++++++- secure_enclave/Point.c | 7 ++++++- secure_enclave/Signature.c | 8 +++++++- 8 files changed, 46 insertions(+), 5 deletions(-) diff --git a/secure_enclave/Curves.c b/secure_enclave/Curves.c index 5357eea9..485d1530 100644 --- a/secure_enclave/Curves.c +++ b/secure_enclave/Curves.c @@ -24,7 +24,13 @@ #include #include #include + +#ifdef NO_SGX +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "DomainParameters.h" #include "Curves.h" #include "Point.h" diff --git a/secure_enclave/DHDkg.c b/secure_enclave/DHDkg.c index 4d9b5786..4bd2dc7f 100644 --- a/secure_enclave/DHDkg.c +++ b/secure_enclave/DHDkg.c @@ -23,7 +23,11 @@ #include #include +#ifdef NO_SGX +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif #include "DomainParameters.h" #include "Curves.h" diff --git a/secure_enclave/DKGUtils.cpp b/secure_enclave/DKGUtils.cpp index c17e01d2..3aff3ab2 100644 --- a/secure_enclave/DKGUtils.cpp +++ b/secure_enclave/DKGUtils.cpp @@ -23,7 +23,12 @@ #include "DKGUtils.h" -#include +#ifdef NO_SGX +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include <../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp> #include <../trusted_libff/libff/algebra/fields/fp.hpp> diff --git a/secure_enclave/DKGUtils.h b/secure_enclave/DKGUtils.h index 38ac7e8e..1c916000 100644 --- a/secure_enclave/DKGUtils.h +++ b/secure_enclave/DKGUtils.h @@ -30,7 +30,11 @@ #define EXTERNC #endif -#include +#ifdef NO_SGX +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif EXTERNC int gen_dkg_poly( char* secret, unsigned _t); diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.c index 495ed48c..8c3f97cb 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.c @@ -21,7 +21,12 @@ @date 2019 */ +#ifdef NO_SGX +#include +#else #include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include #include #include diff --git a/secure_enclave/NumberTheory.c b/secure_enclave/NumberTheory.c index da5bb1c3..28a84ae5 100644 --- a/secure_enclave/NumberTheory.c +++ b/secure_enclave/NumberTheory.c @@ -23,8 +23,14 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include + +#ifdef NO_SGX +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "NumberTheory.h" /*Calculate R = a^k mod P, using repeated square-and-multiply algorithm diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index eac24a7a..ab471f6d 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -23,11 +23,16 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include #include #include +#ifdef NO_SGX +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "NumberTheory.h" #include "DomainParameters.h" diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index ad86c48e..5471e5ad 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -23,9 +23,15 @@ #include #include -#include <../tgmp-build/include/sgx_tgmp.h> #include #include + +#ifdef NO_SGX +#include +#else +#include <../tgmp-build/include/sgx_tgmp.h> +#endif + #include "DomainParameters.h" #include "Point.h" #include "NumberTheory.h" From 8ad1a9ea4fe439e7b95ba00e84a30074104db91b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 15 May 2020 11:28:10 +0300 Subject: [PATCH 07/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 3 +++ common.h | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 982bf514..f38ae57e 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -36,6 +36,9 @@ #include "spdlog/spdlog.h" #include "common.h" + + + #include "BLSCrypto.h" #include "ECDSACrypto.h" diff --git a/common.h b/common.h index fa43e91f..0c258f85 100644 --- a/common.h +++ b/common.h @@ -16,7 +16,7 @@ You should have received a copy of the GNU Affero General Public License along with sgxwallet. If not, see . - @file BLSEnclave.cpp + @file common.h @author Stan Kladko @date 2020 */ @@ -33,8 +33,12 @@ using namespace std; #include - - +#define USER_SPACE +#include +#include "secure_enclave/Point.h" +#include "secure_enclave/DomainParameters.h" +#include "secure_enclave/NumberTheory.h" +#include "secure_enclave/Signature.h" #include "InvalidStateException.h" From 863edb885be16c7c761bc126d5a0ccfca55b9ecf Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:00:43 +0300 Subject: [PATCH 08/25] SKALE-1880-fix-ecdsa --- secure_enclave/Curves.c | 2 +- secure_enclave/DHDkg.c | 2 +- secure_enclave/DKGUtils.cpp | 2 +- secure_enclave/DKGUtils.h | 2 +- secure_enclave/DomainParameters.c | 2 +- secure_enclave/NumberTheory.c | 2 +- secure_enclave/Point.c | 2 +- secure_enclave/Signature.c | 2 +- sgx_data/CSR_DB/000003.log | 0 sgx_data/CSR_DB/CURRENT | 1 + sgx_data/CSR_DB/LOCK | 0 sgx_data/CSR_DB/LOG | 1 + sgx_data/CSR_DB/MANIFEST-000002 | Bin 0 -> 50 bytes sgx_data/sgxwallet.db/000003.log | Bin 0 -> 26776 bytes sgx_data/sgxwallet.db/CURRENT | 1 + sgx_data/sgxwallet.db/LOCK | 0 sgx_data/sgxwallet.db/LOG | 1 + sgx_data/sgxwallet.db/MANIFEST-000002 | Bin 0 -> 50 bytes 18 files changed, 12 insertions(+), 8 deletions(-) create mode 100644 sgx_data/CSR_DB/000003.log create mode 100644 sgx_data/CSR_DB/CURRENT create mode 100644 sgx_data/CSR_DB/LOCK create mode 100644 sgx_data/CSR_DB/LOG create mode 100644 sgx_data/CSR_DB/MANIFEST-000002 create mode 100644 sgx_data/sgxwallet.db/000003.log create mode 100644 sgx_data/sgxwallet.db/CURRENT create mode 100644 sgx_data/sgxwallet.db/LOCK create mode 100644 sgx_data/sgxwallet.db/LOG create mode 100644 sgx_data/sgxwallet.db/MANIFEST-000002 diff --git a/secure_enclave/Curves.c b/secure_enclave/Curves.c index 485d1530..74c72bd5 100644 --- a/secure_enclave/Curves.c +++ b/secure_enclave/Curves.c @@ -25,7 +25,7 @@ #include #include -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/DHDkg.c b/secure_enclave/DHDkg.c index 4bd2dc7f..437a475b 100644 --- a/secure_enclave/DHDkg.c +++ b/secure_enclave/DHDkg.c @@ -23,7 +23,7 @@ #include #include -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/DKGUtils.cpp b/secure_enclave/DKGUtils.cpp index 3aff3ab2..2eec2cdd 100644 --- a/secure_enclave/DKGUtils.cpp +++ b/secure_enclave/DKGUtils.cpp @@ -23,7 +23,7 @@ #include "DKGUtils.h" -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/DKGUtils.h b/secure_enclave/DKGUtils.h index 1c916000..9bf6ab86 100644 --- a/secure_enclave/DKGUtils.h +++ b/secure_enclave/DKGUtils.h @@ -30,7 +30,7 @@ #define EXTERNC #endif -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/DomainParameters.c b/secure_enclave/DomainParameters.c index 8c3f97cb..3cb632a9 100644 --- a/secure_enclave/DomainParameters.c +++ b/secure_enclave/DomainParameters.c @@ -21,7 +21,7 @@ @date 2019 */ -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/NumberTheory.c b/secure_enclave/NumberTheory.c index 28a84ae5..0c8339b1 100644 --- a/secure_enclave/NumberTheory.c +++ b/secure_enclave/NumberTheory.c @@ -25,7 +25,7 @@ #include #include -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index ab471f6d..3bdce33d 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -27,7 +27,7 @@ #include #include -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 5471e5ad..127fa63b 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -26,7 +26,7 @@ #include #include -#ifdef NO_SGX +#ifdef USER_SPACE #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/sgx_data/CSR_DB/000003.log b/sgx_data/CSR_DB/000003.log new file mode 100644 index 00000000..e69de29b diff --git a/sgx_data/CSR_DB/CURRENT b/sgx_data/CSR_DB/CURRENT new file mode 100644 index 00000000..1a848522 --- /dev/null +++ b/sgx_data/CSR_DB/CURRENT @@ -0,0 +1 @@ +MANIFEST-000002 diff --git a/sgx_data/CSR_DB/LOCK b/sgx_data/CSR_DB/LOCK new file mode 100644 index 00000000..e69de29b diff --git a/sgx_data/CSR_DB/LOG b/sgx_data/CSR_DB/LOG new file mode 100644 index 00000000..b325fe2e --- /dev/null +++ b/sgx_data/CSR_DB/LOG @@ -0,0 +1 @@ +2020/05/19-21:00:09.479062 140645839620992 Delete type=3 #1 diff --git a/sgx_data/CSR_DB/MANIFEST-000002 b/sgx_data/CSR_DB/MANIFEST-000002 new file mode 100644 index 0000000000000000000000000000000000000000..bbbc585686bcbcc33686059c69d80b7b4e1291cd GIT binary patch literal 50 zcmWIhx#Ncn10$nUPHI_dPD+xVQ)NkNd1i5{bAE0?Vo_pAe$kRS-TOEg7@3$k8JJmE F7y#sj5K{mE literal 0 HcmV?d00001 diff --git a/sgx_data/sgxwallet.db/000003.log b/sgx_data/sgxwallet.db/000003.log new file mode 100644 index 0000000000000000000000000000000000000000..b3b1bda0e5322bb608a64e62b99a8af8ba73f7c3 GIT binary patch literal 26776 zcmeI)PpEfEdKd71Co?fInm?MvEX07D!QH7-=Tx1#S%^tDGht>r!py>~hB~L}Bnx$s z>_S8&5F;*wV8|wkf-WRrXhD~869|YKS1v?d=t2aeBp^b_=eh3$E~ZI$=Iysvzjvnl zzJ2fSo^z_|sqgcAzu%|M=l{*W{h@#L*;lXLdHpB8zWSE0zW1eH`}Sp9mSy$NH~wtL zy4*R}(q}o>dtLH2@>%UasrhU1Q{N z*Sn^?-hHN{mc0Mxzxi{&e7*DPGcU30+rIYRSHJf4FTMBUU*6ZX%+&KzQ`-8uwKiHc zq;@ZNEBig`k?SbAz_L_REp6M6YsuGoFZ(h5-Yj#ykKF6}@BZ=s`X}XcufFBwo!))_ zy)Qj&^*sAg&*pP8$KcA@N?q={v?$m`!NG= zcLuhPfZ31wIS^TMX)Wh@-f6k#p34~f(yrxzx2rF`-fLNB-^)HzTh5vDty-(6ZNBF~ zuGZ3?TqWhRq|2`aB<^d?*L@X$xL$W&`+#fDs6NL$x20eE*zW62JA}D%yY?;hp?rh# z*X#+(-B)kzgMabQ-v8Mjc=g$r;JN+vAN%r;KYjH_zWCRE^!=~@=(|r_JIZb#`_ubB z_U?P}o#pA>FMT2Yk}{mm%d)3`y?oL&Y0LW<1uPzU9rrA?-8rouKizGEoOQObfXR~Q zG4E}eHLdkD)#LVo<9Hn!53qc@TjX)|#|*rlfwM2|kDH5+`uW@u)^*F!aliVq-nab^ z0{79@(#El#nCQIJi03v(OYJU-slJYNZp)Q=Qpk<6r3P6?S?<&Y` zuO4|DRV8`kl5;z<`newH^S+ejYI7^wwQQxU{icexjK0)c-3smZ?L5k|9;u&e+mEg1 zBN@+8M?bE-^uvs9dA(GBku#Q=N{gZv78~DLw|R}et0OOE|XNB0vST+TvjsA}f!Mr#Mm zlOzzFU@IvvSG_%TTe_-wx%Rf^Ey)+@xKlau?TOnwTzsCb?Fx96_HvG89?c9?1mZlF zIm;Df00k%(PwsNVRRUXUTBgiqHqN6_H-NmkJ9<9zSTBbFdR@#*oV#!s{a*w@T zrw0(w(!Qu%N;_sTCA&CG*Q_JmRlLRGxo>O>AFigsM6Jfw=b}2;TBh-Id`5uX*IviD z-{U?ov}Oxkg)}rpVIB$NI_Nj+A!zWTByxpT%8^max^^EDipNz_Dq9o0c;ML8E24L6 zX3tV6AjV~fZEfE9wo8YDe4d)~x)! ztV)1A_uY=|c9ha6d#rP{rE?;M4K(m1l+__laJ>uf>f638Bi|z}Yr%t+WL*r3-q>G| z#nx?$rBX^Y)4uHeydwDBNF+{xHTKI$N4d9Z;-`(QT!A}V+eW|F^KfY@TD^|Fufa*v zhRR;zynB8->iJ1Gpf;{?>1vO00 zR`*(w>vO$~=BnkKwG>O!_DtU!_u`T4tKAdUt*>bZasfHxIBwfS1enwskam~N%*?VL z9eX~+BM4giZTl>OuPO^|(X)ZWv(Xd8M=3eoheFfCx=D|nzotH?>h_=)l)Ro0+Fb9j z<{ZcA_oi=%rgT_$Q678m++F$*B4o}{&aSj|Sr1<9&7AfEV7GffmL!hPz8z__>ljCg znt9vmfM^P6^)}pxgTT*~HYb7lO;S`WV$Bu5`3YCdq!(78e zNs{~Xo#EwXJ!`qrd7SIMU+Xd|tgM#X4e~Pg9eJ{a>a@qNNyPFwdz}y^r|fBkML~bS zj{vz08<5He*bFbSRZ_Y7n7d-^ZJnvW37fVx`d zSkff5MN%;cZh@qdPvmv6>)bcH)d?M15>S1WJEdFtTtnmXaU7vGT890+0y2l)eQc+h zk8LY2!PqP*FdNd80H?TNM4T0!#-NXBA8wJyi*V@|C;~PHn*r}>4|hP>J!LC`rbTAz z`&`|7&I=+*frov}{kTWX^F9s*rulb&x%pJ0CV1hIPYx=&j zw0T(DKf8b5ifL6XxN?&rTe9jl#}0SuWWShUGbGc%;;jAGJMc^6#+C5 zsba6ioVFPAMKC^#{aN}k%;FB7k_vM!W)wC<3RN2zm;3x`bA_fro6BA992H?#rK}mi zSie)T>~__yZS;7krr1+ls1R%o%1H;1us9!XUR4~i_nI8oATE$rjhzM}Sq8dC!6YY8 zU5MuQZXVTJ;O(#_;XLpv0N-SbF6F7JVW=$sM#Y0l*CFxf?FeGUSUF1t^7VJu<<(wZ8(Pqx1lae{p-tK7EQy1gg5Ge7}- zN`FHJe)nyOYq{@0;LFxFrRD0DJNCsC4iKy*Rf;)MZcnLu@mYyl1=Zb{#BF9a^JQ7( z*4y@nDXR%KSN4f<_d|KK&zo#hCfJeRWu6Pmk%O#|$5u>C&)k}#N3kV>mN_~)u_Tv; zT2t^Vr<>qVE=E$Nj@d9f>|Jf`uAbQlNQqu#o+IzzX6r-*Hf7j$N+N@Y0WZ)h^?sq5 zNoX90sQ-4@?ir&h0B8f`vO^BDcPKKBNG9^12ef%5er2K>SH=y-a-Sms^Ep?@xtLX3 z57kgAqfo{Ne`0DH#$byo*jBQY$mZlq_|m??-8-k{N+w?=jHG%HQ=7%PIjqvYrL+BP zTi>v6jaP&#b8c-FV$U;bMaZ=l2keK zM7PAQ>>(Fmf{dYQ3gi#Nqczgw#?j9c(HLrW8(lc5HMYo!wx_DdG)c8Cg%Lj|!>KM+ z%k=`=lAx@Tw4@^%RpFb<-OaLGiZc1o6N*3sI&nD)@?Bos;E}D zBtxXj1y6h-sRgG5mYWS6#cb5QYAaa-msxm~D^>PB@H*px&$erifh1ic{Mr@__pEAREBm6QZrsnL!Ie@vGb` z8QkEN$g}E{nFlo*Jva!452Er{y)ZE4!3mM1mW#8GUnPPn*b0nG)#iXs<;Iloa>|IJ zazz*mI3G)JgB+5`iEA`vIU>xYa%&|cRiVM=0)9NZ6uy%Qa9fEhDlZnG`QKIbOFSm&o!W5xrNIioTdHgc|`+%62SEdczfOb9Sl*FfYbt=;x)81=daR zK}JTSHVTQPqu`$smk8FuKm_u5ep6j`6F&}h6Hrhyx^A}F#x`g}^671#BC5qc1~jpn z&jDyckxg|emZQ`$MHj7_oR5lCX$(-wzlV4t%WOOLO0c>$R!BVrfl5E}InXZ&D`e%B z$UFcg%l?NMA|J`hIi_Zz^UJ073OXUaP)5WpLmXQ{iRK9o%rC?%R6j_d?JX@@mk}&F z4{0E19UAwXp3w4r#ew7pDFuxaB|1acpG&Z*%P&EfxBn;or>}hn|Mqh)Er@6T)@rkD zExf4|xXHGNZHUy#8bZ5an@a=);93+sMgEp-^;X+uIE}G2{-l+ubZ*SjF(* zyjxcr9b+WhR|23Z`Hbhqyyfd4Gb)q~tkxDm_Fhe;#1@dLADC ze$2qzoq>8>2|6IK+$YSnq3cVF*KxnB3CMRe(6cY;%3sF zLY~E}nJxsE=xd}tsHOvr(UoAfH*ah~Jv}3e6~glv*i!fgC^I#wQwH-N;ZF+DSEJH4+H8%ZO#cZxDOKp}p{(ONX`(DtIB@$cZzPIyGB|R3tSKnJS`7_ag zc9Rg8&&nAnK`u$d$iE7mUPWToO2m`lj9ilrPJs^zofMp!=(@9|AIf{Q9V-jJgLO;P z#mTvJ;+N8Z=h8d*6BxmP-mwlh(X?6&+Cuc88tXHwwU;=sOVNAlkuG)-`Gky47$Y80 z?ra$Rlt;|SkROSNllc&$#)eUDH(iR4!|ozR5;!=-B$F^j5o}cl#!j1JtA}_--BidV z;(a9}8IO6;PIU!;F)?%q+mv`71U)3Sa2GB-I$Uhmq?q!F{FZG;!VdYB1}H}LeN{op z{Xsfe)U0~et_Y@Cp|)WGWEoz&t%C%-Jsn&1*2`)WhqPw*Bs}dTYjS3}WmMXQ@yIwJ zd@{?=6q|;s%YK`LVS+a)oy|yj!1vg+1ZXCfb^{Bgp_t3fCK5}Hr$E|Z%4i&31f-Ua zi^w9_FKfXq#^q^krUPu?iZn4YD(QtF%J1@R!K=dK*0Yf7bB_dCtN~e&x{2KaX7*AT z4-7U2HCqUvFvG%zB^Vn>`1JIDmNWaCBB@Ve<=s-8;RLZ^(9?O-IucmfaL3byLmLW4 z^cv7%0)+S@#)|`E{scrJX8d<&xJF5Mi)-@vv%x~<28>zy(Z()eqXd;Q|L&mb;s{h2r+&(im3g3p6|y z1H~P}bD2yfH-h9VKB=BOo!C33L|7TnGi-&`t5t#f$mJ0^t0Z9?8-^`0K}N{PzUT)r zd=u=Z_&tFjBgL-hUmHMr}igq`RruvZ)_X(_&STF+e+tK8=!a6TlgVkblrl0pp}vVjOG&J& z%vg$}78kp4+G2cG-qTI-Yp_rZSr(FsBx!TVCe&zBi5M~+8!Jt)RcDAlvs9Bq^yZhbO&)m5RAPj3rCZNpd@{Fx!=~1=pfGx z*0{%FL&NIMwwg2i{6Asdn z(;0wAJFxx2n&*N=`-Nza((rU*gw1zoN0Di@-O=9Rgx&-5$CU^-N%zik69?%Osn%#H zf=Swn$?#dWSR*cx_8rKfVW=>AfU*+9{M(=yzAg}xbz3O4kJ&Uv`;3JhCtxbCf;8YM zm~up4gn!81vSG|^SIhPz`rD#qZ)iAVEI?Dre)Q&ClE})&k&;OO)cZxmOW&MM9RSQm zoqaaAx)wg)p$v15EU7h9t_4b4Rx&hq7IaF4njs*Z5N2Sp&lx5hUfMiW+cHQ`09qxe z;gCxh9e#Sd!XRUG30x?`{ZU=Uks!T}MQtf>67{L|Ou+D0lJEiu-6&6#(2lMbm z>2QNRIDb+>@^B~ACju}FjW#? z3DRQ{kXsK>l#7gEAj$F2?=`3q$?~8FjzX!7AgMNdrXnFf%k{kemAwGERf2&ya{tK} zVXDYH(QS0gO_sIj3Q8@&Gh~g%1?%GHBeJipL+<8WGiI_1L%`nX}RbsHUS_3 ztB=B$P}sv0EW%b~5wi%<6ay3DFxeQ&>ivFvFG{ zRie)|u>=C_BnJ%u1T@&i-9R*g)ws3B1$LTVN4{Gy3{x1*DUgr}&h3jlAd9-YHi{z6 zYx;-IngH2&w!bB`PdSvf6CNT`D{IcZSexM|n;rGzY60UUggmhtUqT)=q3L50HC#5m zJWN~uy;8?i#u);mqs^_JzO&+-zYJ#mXYo>w9$Y!+bLOnFhz)g*mYTdBql=LbH zPLtF_4>ViG7Hy427fm5Jc=QAsxaKmC67hhdSUVOF_8Vr_5CTFjdW0QJsp3LjmoQ^R zqw@)BJnNCtAw$)poMxSADpu@#!^NAxCua%2)-R*O4)Gyis?j3&;#`J8J^VccNy885 zRRpr`aBU>mY8s4=R~2V)JxGD$q7V^2T6{q@OWNmkp(Ix`Vn(WALmrvQ22LhQ7EiFx21_ zO?Bo*ks5RmMOFLhjv;)g7zq~9OcdSig2^qV0vQ6Zsh^N^qUshxRdgvv z&(~nphj}l!7037x_|^dWd?FLDxrwq>6evitJ}ijBbv5vMK43G_e6pqo4zX9!^`du}IQ}YY!H;bFU@fihz?5#?0oIw`$4;<4VN8TXJ zhKS^_F{qPJQxE^^4gvcIO;5Q}qqlD)J*n#M5H_3^0U==p9Cje%;_qO(a6s%})< z9bvENgfyLT1e&sjQPX5muacfZmDsnn#D~;1x>xm2lUjrSQqi2bUL{bsBKEokq1?#< zDZtXWM=T~5={7Xyoc`kP{0%AW+h4B38>g`J7E+jIHTsw{8lk{b7Sv(NKSY}AmdGXe z9obzNI$}WiP-~m;s05W1q2RsVSdSF;fY`?jd>S+GrYVdp#vNjj!9Iip*8qxib;m^F zpeETM`r5Gp=W#<`#B%XL6qID);3!2+Lk-!I8LchRQ961r%?O(yxnV^**SR;LTQGD& z%R}=RDb5YihLI)2G7hO?_P&7yLR7vL3QaD%um1E)=zOyjmYzQN zjMQStP@h&9jZhR69ob=cIdn<+CT3`UlEKvM2b-Ar$@~cGo9x2a3HLRJ)#-Rcd6HEe zsBri|UeS3^lEza3e@L6b2xJ_oD$5EkF6l)+ls2R=I-S2JzJM%89%#!`nDlF$j(yHw zVbaBM6H?G~VpAnhHa$RegSvra7%j~VMjD#$svd$+F0L+JJ`ujjEs<++WT{S?b4o=D zprv4B&cr>E*rx$qk9$03 z;Pni=X%eGgsyt~}j&0}wQFmivmCQ*9b=<<9cAB0}P6-d+GCEWIgt|rrBUP(;;RMB= zsiObinP654zmHC%u6@=XpU*G492=E&pD?NuRan=SzJu@wokw;OlrpVx1JXMS z=v-y^iu+IB@BC#+?9aS}&X1qOJ{&hc_zXqQiHvx4Q=|Zg=@1_RJ7*;r6=nq6IbQJ^ z23`uTomFN+{mlr4^^ zloIcNkb;gtO^H%v;8rZ=CsfEgQIJ8I<%q1rh6&9#W(>b_1lRmOH_3!;qvazSR-O-* zNvlD(&_0jAO{92AuVioZPm1yrs$?{V$yGrYF=4M9F-kv@e}hv>!Z6~i`_KRSfB%Xk_Ge$N#2Y8Ex5321eC7qmi?+g^(KnbV%o;ZIZ!mP?n7!C?2vSc- z98O~;>5PcjQ+iR>UvI4k6MKN{V+KBr8FKvsV-d6(Et1+ zgGe8=QUi$-k@8Kv(?NPF-k!zMmrne0_`nz!0!KrY7ptrJ1O|v@`H*HQiB9T5sI(o* zhQY|>m$+wmAkBBI? z6^&<<&7jDVwJsKk4Lii)JWa5{{doU(KKMI-<#VsT>*Y$+AO7-J!w&nCzE|;+x51QN zvawRh5hT$VFYwSitr74dlj{xek`O6O52S`a&b$}7V9uB+r7?Pq9vb4O0auTEJZ9h< zGw`OF%bP>I$H4oLy!#|xC!!OF?-Dh7w9j~(%@!Zfr5bNXh?j$~fhM_7a|7(>8t5@V z4|Fj{dy58YZCr6GJ=zlWetC76h97#D#(IFExtp@+Y@ZGY=;CD}D4AaRqV*|EC@(tj zsy>aB(Z1Srm1%AH)xY&y|NgyqUVZlqynLsAlWhb4^0)u~FMQ>lSKssUS|2|Pe#nb$ zNnk(mdq4G?p6}1SyyiFeeCg?bfA$}~)wjxJuw<@9pIw)Yak38M?0OyX~~Bw;>0@_p8T&1 z)Bl{5(|)T#LPs3~j5HL7z~W4jmj-F5aQf1VX1oDTkET=h&#(UrO>8=Y<0OMuQ0Y&W z%)G)%W2$4APIpc{o6Zr&d%)`WFMsI^{}i5o-wV9_82RQyz*27b^&k97hUee^@>(As t&p-T{pa19o=RbJ9zwq*!ADwSL>{{vRH-6=R{F3MUftS~Mv*$}se*kiBNe}=4 literal 0 HcmV?d00001 diff --git a/sgx_data/sgxwallet.db/CURRENT b/sgx_data/sgxwallet.db/CURRENT new file mode 100644 index 00000000..1a848522 --- /dev/null +++ b/sgx_data/sgxwallet.db/CURRENT @@ -0,0 +1 @@ +MANIFEST-000002 diff --git a/sgx_data/sgxwallet.db/LOCK b/sgx_data/sgxwallet.db/LOCK new file mode 100644 index 00000000..e69de29b diff --git a/sgx_data/sgxwallet.db/LOG b/sgx_data/sgxwallet.db/LOG new file mode 100644 index 00000000..6f17e5d9 --- /dev/null +++ b/sgx_data/sgxwallet.db/LOG @@ -0,0 +1 @@ +2020/05/19-21:00:09.162445 140645839620992 Delete type=3 #1 diff --git a/sgx_data/sgxwallet.db/MANIFEST-000002 b/sgx_data/sgxwallet.db/MANIFEST-000002 new file mode 100644 index 0000000000000000000000000000000000000000..bbbc585686bcbcc33686059c69d80b7b4e1291cd GIT binary patch literal 50 zcmWIhx#Ncn10$nUPHI_dPD+xVQ)NkNd1i5{bAE0?Vo_pAe$kRS-TOEg7@3$k8JJmE F7y#sj5K{mE literal 0 HcmV?d00001 From cd4dac6c2a4379e709b8447cb98a7895ea9afff7 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:02:20 +0300 Subject: [PATCH 09/25] SKALE-1880-fix-ecdsa --- secure_enclave/Point.c | 360 +++++++++++++++++++++++++++++++++++++++ secure_enclave/Point.h | 370 +++-------------------------------------- 2 files changed, 382 insertions(+), 348 deletions(-) diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index 3bdce33d..9d2b1f38 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -37,3 +37,363 @@ #include "DomainParameters.h" #include "Point.h" +/*Initialize a point*/ +point point_init() +{ + point p; + p = calloc(sizeof(struct point_s), 1); + mpz_init(p->x); + mpz_init(p->y); + p->infinity = false; + return p; +} + +/*Set point to be a infinity*/ +void point_at_infinity(point p) +{ + p->infinity = true; +} + +/*Print point to standart output stream*/ +void point_print(point p) +{ + /* //Write something if point is a infinity + if(p->infinity) + { + printf("Point is at infinity!"); + }else{ + printf("\nPoint: (\n\t"); + //mpz_out_str(stdout, 10, p->x); + printf("\n,\n\t"); + //mpz_out_str(stdout, 10, p->y); + printf("\n)\n"); + }*/ +} + +/*Set a point from another point*/ +void point_set(point R, point P) +{ + //Copy the point + mpz_set(R->x, P->x); + mpz_set(R->y, P->y); + + //Including infinity settings + R->infinity = P->infinity; +} + +/*Set point from strings of a base from 2-62*/ +void point_set_str(point p, char *x, char *y, int base) +{ + mpz_set_str(p->x, x, base); + mpz_set_str(p->y, y, base); +} + +/*Set point from hexadecimal strings*/ +void point_set_hex(point p, char *x, char *y) +{ + point_set_str(p,x,y,16); +} + +/*Set point from decimal unsigned long ints*/ +void point_set_ui(point p, unsigned long int x, unsigned long int y) +{ + mpz_set_ui(p->x, x); + mpz_set_ui(p->y, y); +} + +/*Make R a copy of P*/ +void point_copy(point R, point P) +{ + //Same as point set + point_set(R, P); +} + +/*Addition of point P + Q = result*/ +void point_addition(point result, point P, point Q, domain_parameters curve) +{ + //If Q is at infinity, set result to P + if(Q->infinity) + { + point_set(result, P); + + //If P is at infinity set result to be Q + }else if(P->infinity){ + point_set(result, Q); + + //If the points are the same use point doubling + }else if(point_cmp(P,Q)) + { + point_doubling(result, Q, curve); + }else{ + //Calculate the inverse point + point iQ = point_init(); + point_inverse(iQ, Q, curve); + bool is_inverse = point_cmp(iQ,P); + point_clear(iQ); + + //If it is the inverse + if(is_inverse) + { + //result must be point at infinity + point_at_infinity(result); + }else{ + //Initialize slope variable + mpz_t s;mpz_init(s); + //Initialize temporary variables + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + mpz_t t5;mpz_init(t5); + /* + Modulo algebra rules: + (b1 + b2) mod n = (b2 mod n) + (b1 mod n) mod n + (b1 * b2) mod n = (b2 mod n) * (b1 mod n) mod n + */ + + //Calculate slope + //s = (Py - Qy)/(Px-Qx) mod p + mpz_sub(t1, P->y, Q->y); + mpz_sub(t2, P->x, Q->x); + //Using Modulo to stay within the group! + number_theory_inverse(t3, t2, curve->p); //Handle errors + mpz_mul(t4, t1, t3); + mpz_mod(s, t4, curve->p); + + //Calculate Rx using algorithm shown to the right of the commands + //Rx = s² - Px - Qx = (s² mod p) - (Px mod p) - (Qx mod p) mod p + number_theory_exp_modp_ui(t1, s, 2, curve->p); //t1 = s² mod p + mpz_mod(t2, P->x, curve->p); //t2 = Px mod p + mpz_mod(t3, Q->x, curve->p); //t3 = Qx mod p + mpz_sub(t4, t1, t2); //t4 = t1 - t2 + mpz_sub(t5, t4, t3); //t5 = t4 - t3 + mpz_mod(result->x, t5, curve->p); //R->x = t5 mod p + + //Calculate Ry using algorithm shown to the right of the commands + //Ry = s(Px-Rx) - Py mod p + mpz_sub(t1, P->x, result->x); //t1 = Px - Rx + mpz_mul(t2, s, t1); //t2 = s*t1 + mpz_sub(t3, t2, P->y); //t3 = t2 - Py + mpz_mod(result->y, t3, curve->p); //Ry = t3 mod p + + //Clear variables, release memory + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); + mpz_clear(s); + } + } +} + +/*Set R to the additive inverse of P, in the curve curve*/ +void point_inverse(point R, point P, domain_parameters curve) +{ + //If at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Set Rx = Px + mpz_set(R->x, P->x); + + //Set Ry = -Py mod p = p - Ry (Since, Ry < p and Ry is positive) + mpz_sub(R->y, curve->p, P->y); + } +} + +/*Set point R = 2P*/ +void point_doubling(point R, point P, domain_parameters curve) +{ + //If at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Initialize slope variable + mpz_t s;mpz_init(s); + //Initialize temporary variables + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + mpz_t t5;mpz_init(t5); + + //Calculate slope + //s = (3*Px² + a) / (2*Py) mod p + number_theory_exp_modp_ui(t1, P->x, 2, curve->p); //t1 = Px² mod p + mpz_mul_ui(t2, t1, 3); //t2 = 3 * t1 + mpz_mod(t3, t2, curve->p); //t3 = t2 mod p + mpz_add(t4, t3, curve->a); //t4 = t3 + a + mpz_mod(t5, t4, curve->p); //t5 = t4 mod p + + mpz_mul_ui(t1, P->y, 2); //t1 = 2*Py + number_theory_inverse(t2, t1, curve->p); //t2 = t1^-1 mod p + mpz_mul(t1, t5, t2); //t1 = t5 * t2 + mpz_mod(s, t1, curve->p); //s = t1 mod p + + //Calculate Rx + //Rx = s² - 2*Px mod p + number_theory_exp_modp_ui(t1, s, 2, curve->p);//t1 = s² mod p + mpz_mul_ui(t2, P->x, 2); //t2 = Px*2 + mpz_mod(t3, t2, curve->p); //t3 = t2 mod p + mpz_sub(t4, t1, t3); //t4 = t1 - t3 + mpz_mod(R->x, t4, curve->p); //Rx = t4 mod p + + //Calculate Ry using algorithm shown to the right of the commands + //Ry = s(Px-Rx) - Py mod p + mpz_sub(t1, P->x, R->x); //t1 = Px - Rx + mpz_mul(t2, s, t1); //t2 = s*t1 + mpz_sub(t3, t2, P->y); //t3 = t2 - Py + mpz_mod(R->y, t3, curve->p); //Ry = t3 mod p + + //Clear variables, release memory + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); + mpz_clear(t5); + mpz_clear(s); + } +} + +/*Compare two points return 1 if not the same, returns 0 if they are the same*/ +bool point_cmp(point P, point Q) +{ + //If at infinity + if(P->infinity && Q->infinity) + return true; + else if(P->infinity || Q->infinity) + return false; + else + return !mpz_cmp(P->x,Q->x) && !mpz_cmp(P->y,Q->y); +} + +/*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ +void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve) +{ + //If at infinity R is also at infinity + if(P->infinity) + { + R->infinity = true; + }else{ + //Initializing variables + point x = point_init(); + point_copy(x, P); + point t = point_init(); + point_copy(t, x); + + //Set R = point at infinity + point_at_infinity(R); + +/* +Loops through the integer bit per bit, if a bit is 1 then x is added to the result. Looping through the multiplier in this manner allows us to use as many point doubling operations as possible. No reason to say 5P=P+P+P+P+P, when you might as well just use 5P=2(2P)+P. +This is not the most effecient method of point multiplication, but it's faster than P+P+P+... which is not computational feasiable. +*/ + int bits = mpz_sizeinbase(multiplier, 2); + unsigned long int bit = 0; + while(bit <= bits) + { + if(mpz_tstbit(multiplier, bit)) + { + point_addition(t, x, R, curve); + point_copy(R, t); + } + point_doubling(t, x, curve); + point_copy(x, t); + bit++; + } + + //Release temporary variables + point_clear(x); + point_clear(t); + } +} + +/*Decompress a point from hexadecimal representation + *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ +void point_decompress(point P, char* zPoint, domain_parameters curve) +{ + //Initialiser variabler + mpz_t x;mpz_init(x); + mpz_t a;mpz_init(a); + mpz_t b;mpz_init(b); + mpz_t t1;mpz_init(t1); + mpz_t t2;mpz_init(t2); + mpz_t t3;mpz_init(t3); + mpz_t t4;mpz_init(t4); + + //Get x coordinate + mpz_set_str(x, zPoint + 2, 16); + + //alpha = x^3+a*x+b mod p + number_theory_exp_modp_ui(t1, x, 3, curve->p);//t1 = x^3 mod p + mpz_mul(t3, x, curve->a); //t3 = a*x + mpz_mod(t2, t3, curve->p); //t2 = t3 mod p + mpz_add(t3, t1, t2); //t3 = t1 + t2 + mpz_add(t4, t3, curve->b); //t4 = t3 + b + mpz_mod(a, t4, curve->p); //a = t4 mod p + + //beta = sqrt(alpha) mod p + number_theory_squareroot_modp(b, a, curve->p); + + //Get y mod 2 from input + mpz_set_ui(t2, zPoint[1] == '2' ? 0 : 1); + + //Set x + mpz_set(P->x, x); + + //t2 = beta mod p + mpz_mod_ui(t1, b, 2); + if(mpz_cmp(t1, t2)) + mpz_set(P->y, b); //y = beta + else + mpz_sub(P->y, curve->p, b);//y = p -beta + + //Release variables + mpz_clear(x); + mpz_clear(a); + mpz_clear(b); + mpz_clear(t1); + mpz_clear(t2); + mpz_clear(t3); + mpz_clear(t4); +} + +/*Compress a point to hexadecimal string + *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ +char* point_compress(point P) +{ + //Point should not be at infinity + assert(!P->infinity); + + //Reserve memory + int l = mpz_sizeinbase(P->x, 16) + 2; + char* result = (char*)calloc(l + 1, 1); + result[l] = '\0'; + mpz_t t1;mpz_init(t1); + + //Add x coordinat in hex to result + mpz_get_str(result +2, 16, P->x); + + //Determine if it's odd or even + mpz_mod_ui(t1, P->y, 2); + if(mpz_cmp_ui(t1, 0)) + strncpy(result, "02", 2); + else + strncpy(result, "03", 2); + + mpz_clear(t1); + + return result; +} + +/*Release point*/ +void point_clear(point p) +{ + mpz_clear(p->x); + mpz_clear(p->y); + free(p); +} + diff --git a/secure_enclave/Point.h b/secure_enclave/Point.h index 79ea9bf1..a35ef552 100644 --- a/secure_enclave/Point.h +++ b/secure_enclave/Point.h @@ -29,379 +29,53 @@ #include "DomainParameters.h" /*Initialize a point*/ -static inline point point_init() -{ - point p; - p = calloc(sizeof(struct point_s), 1); - mpz_init(p->x); - mpz_init(p->y); - p->infinity = false; - return p; -} - +point point_init(); /*Release point*/ -static inline void point_clear(point p) -{ - mpz_clear(p->x); - mpz_clear(p->y); - free(p); -} - +void point_clear(point p); /*Set point to be a infinity*/ -static inline void point_at_infinity(point p) -{ - p->infinity = true; -} - - -/*Compare two points return 1 if not the same, returns 0 if they are the same*/ -static inline bool point_cmp(point P, point Q) -{ - //If at infinity - if(P->infinity && Q->infinity) - return true; - else if(P->infinity || Q->infinity) - return false; - else - return !mpz_cmp(P->x,Q->x) && !mpz_cmp(P->y,Q->y); -} +void point_at_infinity(point p); +/*Set R to the additive inverse of P, in the curve curve*/ +void point_inverse(point R, point P, domain_parameters curve); /*Print point to standart output stream*/ -static inline void point_print(point p) -{ - /* //Write something if point is a infinity - if(p->infinity) - { - printf("Point is at infinity!"); - }else{ - printf("\nPoint: (\n\t"); - //mpz_out_str(stdout, 10, p->x); - printf("\n,\n\t"); - //mpz_out_str(stdout, 10, p->y); - printf("\n)\n"); - }*/ -} - -/*Set a point from another point*/ -static inline void point_set(point R, point P) -{ - //Copy the point - mpz_set(R->x, P->x); - mpz_set(R->y, P->y); - - //Including infinity settings - R->infinity = P->infinity; -} - -/*Set point from strings of a base from 2-62*/ -static inline void point_set_str(point p, char *x, char *y, int base) -{ - mpz_set_str(p->x, x, base); - mpz_set_str(p->y, y, base); -} +void point_print(point p); /*Set point from hexadecimal strings*/ -static inline void point_set_hex(point p, char *x, char *y) -{ - point_set_str(p,x,y,16); -} +void point_set_hex(point p, char *x, char *y); /*Set point from decimal unsigned long ints*/ -static inline void point_set_ui(point p, unsigned long int x, unsigned long int y) -{ - mpz_set_ui(p->x, x); - mpz_set_ui(p->y, y); -} - -/*Make R a copy of P*/ -static inline void point_copy(point R, point P) -{ - //Same as point set - point_set(R, P); -} - -/*Set R to the additive inverse of P, in the curve curve*/ -static inline void point_inverse(point R, point P, domain_parameters curve) -{ - //If at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Set Rx = Px - mpz_set(R->x, P->x); - - //Set Ry = -Py mod p = p - Ry (Since, Ry < p and Ry is positive) - mpz_sub(R->y, curve->p, P->y); - } -} - - -/*Set point R = 2P*/ -static inline void point_doubling(point R, point P, domain_parameters curve) -{ - //If at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Initialize slope variable - mpz_t s;mpz_init(s); - //Initialize temporary variables - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - mpz_t t5;mpz_init(t5); - - //Calculate slope - //s = (3*Px² + a) / (2*Py) mod p - number_theory_exp_modp_ui(t1, P->x, 2, curve->p); //t1 = Px² mod p - mpz_mul_ui(t2, t1, 3); //t2 = 3 * t1 - mpz_mod(t3, t2, curve->p); //t3 = t2 mod p - mpz_add(t4, t3, curve->a); //t4 = t3 + a - mpz_mod(t5, t4, curve->p); //t5 = t4 mod p - - mpz_mul_ui(t1, P->y, 2); //t1 = 2*Py - number_theory_inverse(t2, t1, curve->p); //t2 = t1^-1 mod p - mpz_mul(t1, t5, t2); //t1 = t5 * t2 - mpz_mod(s, t1, curve->p); //s = t1 mod p - - //Calculate Rx - //Rx = s² - 2*Px mod p - number_theory_exp_modp_ui(t1, s, 2, curve->p);//t1 = s² mod p - mpz_mul_ui(t2, P->x, 2); //t2 = Px*2 - mpz_mod(t3, t2, curve->p); //t3 = t2 mod p - mpz_sub(t4, t1, t3); //t4 = t1 - t3 - mpz_mod(R->x, t4, curve->p); //Rx = t4 mod p - - //Calculate Ry using algorithm shown to the right of the commands - //Ry = s(Px-Rx) - Py mod p - mpz_sub(t1, P->x, R->x); //t1 = Px - Rx - mpz_mul(t2, s, t1); //t2 = s*t1 - mpz_sub(t3, t2, P->y); //t3 = t2 - Py - mpz_mod(R->y, t3, curve->p); //Ry = t3 mod p - - //Clear variables, release memory - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); - mpz_clear(t5); - mpz_clear(s); - } -} - +void point_set_ui(point p, unsigned long int x, unsigned long int y); /*Addition of point P + Q = result*/ -static inline void point_addition(point result, point P, point Q, domain_parameters curve) -{ - //If Q is at infinity, set result to P - if(Q->infinity) - { - point_set(result, P); - - //If P is at infinity set result to be Q - }else if(P->infinity){ - point_set(result, Q); - - //If the points are the same use point doubling - }else if(point_cmp(P,Q)) - { - point_doubling(result, Q, curve); - }else{ - //Calculate the inverse point - point iQ = point_init(); - point_inverse(iQ, Q, curve); - bool is_inverse = point_cmp(iQ,P); - point_clear(iQ); - - //If it is the inverse - if(is_inverse) - { - //result must be point at infinity - point_at_infinity(result); - }else{ - //Initialize slope variable - mpz_t s;mpz_init(s); - //Initialize temporary variables - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - mpz_t t5;mpz_init(t5); - /* - Modulo algebra rules: - (b1 + b2) mod n = (b2 mod n) + (b1 mod n) mod n - (b1 * b2) mod n = (b2 mod n) * (b1 mod n) mod n - */ - - //Calculate slope - //s = (Py - Qy)/(Px-Qx) mod p - mpz_sub(t1, P->y, Q->y); - mpz_sub(t2, P->x, Q->x); - //Using Modulo to stay within the group! - number_theory_inverse(t3, t2, curve->p); //Handle errors - mpz_mul(t4, t1, t3); - mpz_mod(s, t4, curve->p); - - //Calculate Rx using algorithm shown to the right of the commands - //Rx = s² - Px - Qx = (s² mod p) - (Px mod p) - (Qx mod p) mod p - number_theory_exp_modp_ui(t1, s, 2, curve->p); //t1 = s² mod p - mpz_mod(t2, P->x, curve->p); //t2 = Px mod p - mpz_mod(t3, Q->x, curve->p); //t3 = Qx mod p - mpz_sub(t4, t1, t2); //t4 = t1 - t2 - mpz_sub(t5, t4, t3); //t5 = t4 - t3 - mpz_mod(result->x, t5, curve->p); //R->x = t5 mod p - - //Calculate Ry using algorithm shown to the right of the commands - //Ry = s(Px-Rx) - Py mod p - mpz_sub(t1, P->x, result->x); //t1 = Px - Rx - mpz_mul(t2, s, t1); //t2 = s*t1 - mpz_sub(t3, t2, P->y); //t3 = t2 - Py - mpz_mod(result->y, t3, curve->p); //Ry = t3 mod p - - //Clear variables, release memory - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); - mpz_clear(t5); - mpz_clear(s); - } - } -} - - - - - +void point_addition(point result, point P, point Q, domain_parameters curve); +/*Set point R = 2P*/ +void point_doubling(point R, point P, domain_parameters curve); /*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ -static inline void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve) -{ - //If at infinity R is also at infinity - if(P->infinity) - { - R->infinity = true; - }else{ - //Initializing variables - point x = point_init(); - point_copy(x, P); - point t = point_init(); - point_copy(t, x); +void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); - //Set R = point at infinity - point_at_infinity(R); - -/* -Loops through the integer bit per bit, if a bit is 1 then x is added to the result. Looping through the multiplier in this manner allows us to use as many point doubling operations as possible. No reason to say 5P=P+P+P+P+P, when you might as well just use 5P=2(2P)+P. -This is not the most effecient method of point multiplication, but it's faster than P+P+P+... which is not computational feasiable. -*/ - int bits = mpz_sizeinbase(multiplier, 2); - unsigned long int bit = 0; - while(bit <= bits) - { - if(mpz_tstbit(multiplier, bit)) - { - point_addition(t, x, R, curve); - point_copy(R, t); - } - point_doubling(t, x, curve); - point_copy(x, t); - bit++; - } +/*Set point from strings of a base from 2-62*/ +void point_set_str(point p, char *x, char *y, int base); - //Release temporary variables - point_clear(x); - point_clear(t); - } -} +/*Compare two points return 1 if not the same, returns 0 if they are the same*/ +bool point_cmp(point P, point Q); /*Decompress a point from hexadecimal representation *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ -static inline void point_decompress(point P, char* zPoint, domain_parameters curve) -{ - //Initialiser variabler - mpz_t x;mpz_init(x); - mpz_t a;mpz_init(a); - mpz_t b;mpz_init(b); - mpz_t t1;mpz_init(t1); - mpz_t t2;mpz_init(t2); - mpz_t t3;mpz_init(t3); - mpz_t t4;mpz_init(t4); - - //Get x coordinate - mpz_set_str(x, zPoint + 2, 16); - - //alpha = x^3+a*x+b mod p - number_theory_exp_modp_ui(t1, x, 3, curve->p);//t1 = x^3 mod p - mpz_mul(t3, x, curve->a); //t3 = a*x - mpz_mod(t2, t3, curve->p); //t2 = t3 mod p - mpz_add(t3, t1, t2); //t3 = t1 + t2 - mpz_add(t4, t3, curve->b); //t4 = t3 + b - mpz_mod(a, t4, curve->p); //a = t4 mod p - - //beta = sqrt(alpha) mod p - number_theory_squareroot_modp(b, a, curve->p); - - //Get y mod 2 from input - mpz_set_ui(t2, zPoint[1] == '2' ? 0 : 1); - - //Set x - mpz_set(P->x, x); - - //t2 = beta mod p - mpz_mod_ui(t1, b, 2); - if(mpz_cmp(t1, t2)) - mpz_set(P->y, b); //y = beta - else - mpz_sub(P->y, curve->p, b);//y = p -beta - - //Release variables - mpz_clear(x); - mpz_clear(a); - mpz_clear(b); - mpz_clear(t1); - mpz_clear(t2); - mpz_clear(t3); - mpz_clear(t4); -} +void point_decompress(point P, char* zPoint, domain_parameters curve); /*Compress a point to hexadecimal string *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ -static inline char* point_compress(point P) -{ - //Point should not be at infinity - assert(!P->infinity); - - //Reserve memory - int l = mpz_sizeinbase(P->x, 16) + 2; - char* result = (char*)calloc(l + 1, 1); - result[l] = '\0'; - mpz_t t1;mpz_init(t1); - - //Add x coordinat in hex to result - mpz_get_str(result +2, 16, P->x); - - //Determine if it's odd or even - mpz_mod_ui(t1, P->y, 2); - if(mpz_cmp_ui(t1, 0)) - strncpy(result, "02", 2); - else - strncpy(result, "03", 2); - - mpz_clear(t1); - - return result; -} - - +char* point_compress(point P); +/*Make R a copy of P*/ +void point_copy(point R, point P); +/*Set a point from another point*/ +void point_set(point R, point P); #endif \ No newline at end of file From 88d1694646f1830d676be89d2b91b0bc72a93f5a Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:10:42 +0300 Subject: [PATCH 10/25] SKALE-1880-fix-ecdsa --- .gitignore | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index dbd41820..74cfba61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ # Created by .ignore support plugin (hsz.mobi) -.idea/ -sgx-gmp/ +.idea +cmake-build-debug +build +sgx_data +jsonrpc gmp-build tgmp-build install-sh @@ -47,3 +50,5 @@ jsonrpc/curl jsonrpc/libmicrohttpd secure_enclave/.deps test-driver +/intel-sgx-ssl/ +/intel-sgx-ssl/ From dde48524faa96efcc9cbf9bae853e17d4fc68d3a Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:18:23 +0300 Subject: [PATCH 11/25] SKALE-1180 --- .gitignore | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 74cfba61..457147c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,11 @@ # Created by .ignore support plugin (hsz.mobi) -.idea -cmake-build-debug -build -sgx_data -jsonrpc -gmp-build -tgmp-build +.idea/ +cmake-build-debug/ +build/ +sgx_data/ +jsonrpc/ +gmp-build/ +tgmp-build/ install-sh config.log config.status @@ -28,8 +28,8 @@ sgxgmppi CMakeCache.txt cmake_install.cmake sgxd.cbp -sgx-gmp -sgx-sdk-build +sgx-gmp/ +sgx-sdk-build/ secure_enclave/Makefile secure_enclave/secure_enclave.signed.so secure_enclave/secure_enclave.so @@ -41,14 +41,7 @@ autom4te.cache sgxwallet testw configure -jsonrpc/zlib -jsonrpc/argtable2 -jsonrpc/jsoncpp -jsonrpc/libjson-rpc-cpp -jsonrpc/curl-from-git.tar.gz -jsonrpc/curl -jsonrpc/libmicrohttpd secure_enclave/.deps test-driver /intel-sgx-ssl/ -/intel-sgx-ssl/ + From ed0700ec7a158904ac6f868650d3d14b05918752 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:23:20 +0300 Subject: [PATCH 12/25] SKALE-1880-fix-ecdsa --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 457147c6..f8ada441 100644 --- a/.gitignore +++ b/.gitignore @@ -44,4 +44,5 @@ configure secure_enclave/.deps test-driver /intel-sgx-ssl/ - +m4 +.testw.py.swp From f4a45eea849b22e642bc8fee8b1bf578d765438f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Tue, 19 May 2020 21:41:54 +0300 Subject: [PATCH 13/25] Merged changes from Oleg --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index b632b1d0..78c39607 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.49 \ No newline at end of file +1.50 \ No newline at end of file From 683b595e617a46bd1b6cd4e238bb772aa095b76d Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 20 May 2020 15:40:40 +0300 Subject: [PATCH 14/25] SKALE-1880-fix-ecdsa --- .gitignore | 94 ++++++++++++++++----------------- ECDSACrypto.cpp | 17 +++++- VERSION | 2 +- secure_enclave/secure_enclave.c | 37 +++++++------ 4 files changed, 85 insertions(+), 65 deletions(-) diff --git a/.gitignore b/.gitignore index f8ada441..790bcc8d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,48 +1,48 @@ -# Created by .ignore support plugin (hsz.mobi) -.idea/ -cmake-build-debug/ -build/ -sgx_data/ -jsonrpc/ -gmp-build/ -tgmp-build/ -install-sh -config.log -config.status -Makefile.in -Makefile -secure_enclave_u.h -secure_enclave_u.c -secure_enclave.edl -am--include-marker -*.o -aclocal.m4 -missing -compile -depcomp -ltmain.sh -secure_enclave.signed.so -sgxgmpmath -sgxgmppi -.deps -CMakeCache.txt -cmake_install.cmake -sgxd.cbp -sgx-gmp/ -sgx-sdk-build/ -secure_enclave/Makefile -secure_enclave/secure_enclave.signed.so -secure_enclave/secure_enclave.so -secure_enclave/secure_enclave_t.c -secure_enclave/secure_enclave_t.h -sgxd -cert/SGXServerCertificate* -autom4te.cache -sgxwallet -testw -configure -secure_enclave/.deps -test-driver +/.idea/ +/cmake-build-debug/ +/build/ +/sgx_data/ +/jsonrpc/ +/gmp-build/ +/tgmp-build/ +/install-sh +/config.log +/config.status +/Makefile.in +/Makefile +/secure_enclave_u.h +/secure_enclave_u.c +/secure_enclave.edl +/am--include-marker +/*.o +/*.m4 +/missing +/compile +/depcomp +/ltmain.sh +/secure_enclave.signed.so +/sgxgmpmath +/sgxgmppi +/.deps +/CMakeCache.txt +/cmake_install.cmake +/sgxd.cbp +/sgx-gmp/ +/sgx-sdk-build/ +/secure_enclave/Makefile +/secure_enclave/secure_enclave.signed.so +/secure_enclave/secure_enclave.so +/secure_enclave/secure_enclave_t.c +/secure_enclave/secure_enclave_t.h +/sgxd +/cert/SGXServerCertificate* +/autom4te.cache +/sgxwallet +/testw +/configure +/secure_enclave/.deps +/test-driver /intel-sgx-ssl/ -m4 -.testw.py.swp +/m4 +/.testw.py.swp +/cert_util diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index f38ae57e..b32327c6 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -158,9 +158,24 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i spdlog::debug("encrypted len: {}", dec_len); - if (!encryptKeys) + if (!encryptKeys) { status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, signature_s, &signature_v, base); + mpz_t msgMpz; + mpz_init(msgMpz); + if (mpz_set_str(msgMpz, hashHex, 16) == -1) { + spdlog::error("invalid message hash {}", hashHex); + goto clean; + } + + + clean: + + mpz_clear(msgMpz); + + + + } else status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r, signature_s, &signature_v, base); diff --git a/VERSION b/VERSION index 78c39607..daf515c9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.50 \ No newline at end of file +1.50.1 \ No newline at end of file diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 5943bcd1..388f89ba 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -300,7 +300,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate mpz_t privateKeyMpz; mpz_init(privateKeyMpz); mpz_t msgMpz; - mpz_init(msgMpz); + + signature sign = signature_init(); @@ -311,28 +312,37 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate if (!hash) { - *errStatus = -1; - LOG_WARN("NULL message hash"); - snprintf(errString, BUF_LEN, "NULL message hash"); + *errStatus = 1; + char* msg = "NULL message hash"; + LOG_ERROR(msg); + snprintf(errString, BUF_LEN, msg); goto clean; } - if (!hash) { - *errStatus = -1; - char* msg = "NULL message hash"; + if (strnlen(hash, 64 ) > 64) { + *errStatus = 2; + char* msg = "Hash too long"; LOG_ERROR(msg); snprintf(errString, BUF_LEN, msg); goto clean; } + mpz_init(msgMpz); + + if (mpz_set_str(msgMpz, hash, 16) == -1) { + *errStatus = 1; + snprintf(errString, BUF_LEN, "invalid message hash %s", hash); + LOG_WARN(errString); + goto clean; + } + if (!encryptedPrivateKey) { - *errStatus = -1; + *errStatus = 3; snprintf(errString, BUF_LEN, "NULL encrypted ECDSA private key"); LOG_ERROR(errString); goto clean; } - sgx_status_t status = sgx_unseal_data( (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, privateKey, &dec_len); @@ -354,12 +364,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate } - if (mpz_set_str(msgMpz, hash, 16) == -1) { - *errStatus = -1; - snprintf(errString, BUF_LEN, "invalid message hash %s", hash); - LOG_WARN(errString); - goto clean; - } + signature_sign(sign, msgMpz, privateKeyMpz, curve); @@ -368,7 +373,7 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate if (!signature_verify(msgMpz, sign, publicKey, curve)) { - *errStatus = -2; + *errStatus = 2; snprintf(errString, BUF_LEN, "ECDSA sig not verified"); LOG_WARN(errString); goto clean; From 9624a6e9a7cbcdf0d124aac1076a7496e68b619a Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 20 May 2020 15:43:23 +0300 Subject: [PATCH 15/25] SKALE-1880-fix-ecdsa --- VERSION | 2 +- sgx_data/CSR_DB/000003.log | 0 sgx_data/CSR_DB/CURRENT | 1 - sgx_data/CSR_DB/LOCK | 0 sgx_data/CSR_DB/LOG | 1 - sgx_data/CSR_DB/MANIFEST-000002 | Bin 50 -> 0 bytes sgx_data/sgxwallet.db/000003.log | Bin 26776 -> 0 bytes sgx_data/sgxwallet.db/CURRENT | 1 - sgx_data/sgxwallet.db/LOCK | 0 sgx_data/sgxwallet.db/LOG | 1 - sgx_data/sgxwallet.db/MANIFEST-000002 | Bin 50 -> 0 bytes 11 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 sgx_data/CSR_DB/000003.log delete mode 100644 sgx_data/CSR_DB/CURRENT delete mode 100644 sgx_data/CSR_DB/LOCK delete mode 100644 sgx_data/CSR_DB/LOG delete mode 100644 sgx_data/CSR_DB/MANIFEST-000002 delete mode 100644 sgx_data/sgxwallet.db/000003.log delete mode 100644 sgx_data/sgxwallet.db/CURRENT delete mode 100644 sgx_data/sgxwallet.db/LOCK delete mode 100644 sgx_data/sgxwallet.db/LOG delete mode 100644 sgx_data/sgxwallet.db/MANIFEST-000002 diff --git a/VERSION b/VERSION index daf515c9..bc603ea6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.50.1 \ No newline at end of file +1.50.2 \ No newline at end of file diff --git a/sgx_data/CSR_DB/000003.log b/sgx_data/CSR_DB/000003.log deleted file mode 100644 index e69de29b..00000000 diff --git a/sgx_data/CSR_DB/CURRENT b/sgx_data/CSR_DB/CURRENT deleted file mode 100644 index 1a848522..00000000 --- a/sgx_data/CSR_DB/CURRENT +++ /dev/null @@ -1 +0,0 @@ -MANIFEST-000002 diff --git a/sgx_data/CSR_DB/LOCK b/sgx_data/CSR_DB/LOCK deleted file mode 100644 index e69de29b..00000000 diff --git a/sgx_data/CSR_DB/LOG b/sgx_data/CSR_DB/LOG deleted file mode 100644 index b325fe2e..00000000 --- a/sgx_data/CSR_DB/LOG +++ /dev/null @@ -1 +0,0 @@ -2020/05/19-21:00:09.479062 140645839620992 Delete type=3 #1 diff --git a/sgx_data/CSR_DB/MANIFEST-000002 b/sgx_data/CSR_DB/MANIFEST-000002 deleted file mode 100644 index bbbc585686bcbcc33686059c69d80b7b4e1291cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50 zcmWIhx#Ncn10$nUPHI_dPD+xVQ)NkNd1i5{bAE0?Vo_pAe$kRS-TOEg7@3$k8JJmE F7y#sj5K{mE diff --git a/sgx_data/sgxwallet.db/000003.log b/sgx_data/sgxwallet.db/000003.log deleted file mode 100644 index b3b1bda0e5322bb608a64e62b99a8af8ba73f7c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26776 zcmeI)PpEfEdKd71Co?fInm?MvEX07D!QH7-=Tx1#S%^tDGht>r!py>~hB~L}Bnx$s z>_S8&5F;*wV8|wkf-WRrXhD~869|YKS1v?d=t2aeBp^b_=eh3$E~ZI$=Iysvzjvnl zzJ2fSo^z_|sqgcAzu%|M=l{*W{h@#L*;lXLdHpB8zWSE0zW1eH`}Sp9mSy$NH~wtL zy4*R}(q}o>dtLH2@>%UasrhU1Q{N z*Sn^?-hHN{mc0Mxzxi{&e7*DPGcU30+rIYRSHJf4FTMBUU*6ZX%+&KzQ`-8uwKiHc zq;@ZNEBig`k?SbAz_L_REp6M6YsuGoFZ(h5-Yj#ykKF6}@BZ=s`X}XcufFBwo!))_ zy)Qj&^*sAg&*pP8$KcA@N?q={v?$m`!NG= zcLuhPfZ31wIS^TMX)Wh@-f6k#p34~f(yrxzx2rF`-fLNB-^)HzTh5vDty-(6ZNBF~ zuGZ3?TqWhRq|2`aB<^d?*L@X$xL$W&`+#fDs6NL$x20eE*zW62JA}D%yY?;hp?rh# z*X#+(-B)kzgMabQ-v8Mjc=g$r;JN+vAN%r;KYjH_zWCRE^!=~@=(|r_JIZb#`_ubB z_U?P}o#pA>FMT2Yk}{mm%d)3`y?oL&Y0LW<1uPzU9rrA?-8rouKizGEoOQObfXR~Q zG4E}eHLdkD)#LVo<9Hn!53qc@TjX)|#|*rlfwM2|kDH5+`uW@u)^*F!aliVq-nab^ z0{79@(#El#nCQIJi03v(OYJU-slJYNZp)Q=Qpk<6r3P6?S?<&Y` zuO4|DRV8`kl5;z<`newH^S+ejYI7^wwQQxU{icexjK0)c-3smZ?L5k|9;u&e+mEg1 zBN@+8M?bE-^uvs9dA(GBku#Q=N{gZv78~DLw|R}et0OOE|XNB0vST+TvjsA}f!Mr#Mm zlOzzFU@IvvSG_%TTe_-wx%Rf^Ey)+@xKlau?TOnwTzsCb?Fx96_HvG89?c9?1mZlF zIm;Df00k%(PwsNVRRUXUTBgiqHqN6_H-NmkJ9<9zSTBbFdR@#*oV#!s{a*w@T zrw0(w(!Qu%N;_sTCA&CG*Q_JmRlLRGxo>O>AFigsM6Jfw=b}2;TBh-Id`5uX*IviD z-{U?ov}Oxkg)}rpVIB$NI_Nj+A!zWTByxpT%8^max^^EDipNz_Dq9o0c;ML8E24L6 zX3tV6AjV~fZEfE9wo8YDe4d)~x)! ztV)1A_uY=|c9ha6d#rP{rE?;M4K(m1l+__laJ>uf>f638Bi|z}Yr%t+WL*r3-q>G| z#nx?$rBX^Y)4uHeydwDBNF+{xHTKI$N4d9Z;-`(QT!A}V+eW|F^KfY@TD^|Fufa*v zhRR;zynB8->iJ1Gpf;{?>1vO00 zR`*(w>vO$~=BnkKwG>O!_DtU!_u`T4tKAdUt*>bZasfHxIBwfS1enwskam~N%*?VL z9eX~+BM4giZTl>OuPO^|(X)ZWv(Xd8M=3eoheFfCx=D|nzotH?>h_=)l)Ro0+Fb9j z<{ZcA_oi=%rgT_$Q678m++F$*B4o}{&aSj|Sr1<9&7AfEV7GffmL!hPz8z__>ljCg znt9vmfM^P6^)}pxgTT*~HYb7lO;S`WV$Bu5`3YCdq!(78e zNs{~Xo#EwXJ!`qrd7SIMU+Xd|tgM#X4e~Pg9eJ{a>a@qNNyPFwdz}y^r|fBkML~bS zj{vz08<5He*bFbSRZ_Y7n7d-^ZJnvW37fVx`d zSkff5MN%;cZh@qdPvmv6>)bcH)d?M15>S1WJEdFtTtnmXaU7vGT890+0y2l)eQc+h zk8LY2!PqP*FdNd80H?TNM4T0!#-NXBA8wJyi*V@|C;~PHn*r}>4|hP>J!LC`rbTAz z`&`|7&I=+*frov}{kTWX^F9s*rulb&x%pJ0CV1hIPYx=&j zw0T(DKf8b5ifL6XxN?&rTe9jl#}0SuWWShUGbGc%;;jAGJMc^6#+C5 zsba6ioVFPAMKC^#{aN}k%;FB7k_vM!W)wC<3RN2zm;3x`bA_fro6BA992H?#rK}mi zSie)T>~__yZS;7krr1+ls1R%o%1H;1us9!XUR4~i_nI8oATE$rjhzM}Sq8dC!6YY8 zU5MuQZXVTJ;O(#_;XLpv0N-SbF6F7JVW=$sM#Y0l*CFxf?FeGUSUF1t^7VJu<<(wZ8(Pqx1lae{p-tK7EQy1gg5Ge7}- zN`FHJe)nyOYq{@0;LFxFrRD0DJNCsC4iKy*Rf;)MZcnLu@mYyl1=Zb{#BF9a^JQ7( z*4y@nDXR%KSN4f<_d|KK&zo#hCfJeRWu6Pmk%O#|$5u>C&)k}#N3kV>mN_~)u_Tv; zT2t^Vr<>qVE=E$Nj@d9f>|Jf`uAbQlNQqu#o+IzzX6r-*Hf7j$N+N@Y0WZ)h^?sq5 zNoX90sQ-4@?ir&h0B8f`vO^BDcPKKBNG9^12ef%5er2K>SH=y-a-Sms^Ep?@xtLX3 z57kgAqfo{Ne`0DH#$byo*jBQY$mZlq_|m??-8-k{N+w?=jHG%HQ=7%PIjqvYrL+BP zTi>v6jaP&#b8c-FV$U;bMaZ=l2keK zM7PAQ>>(Fmf{dYQ3gi#Nqczgw#?j9c(HLrW8(lc5HMYo!wx_DdG)c8Cg%Lj|!>KM+ z%k=`=lAx@Tw4@^%RpFb<-OaLGiZc1o6N*3sI&nD)@?Bos;E}D zBtxXj1y6h-sRgG5mYWS6#cb5QYAaa-msxm~D^>PB@H*px&$erifh1ic{Mr@__pEAREBm6QZrsnL!Ie@vGb` z8QkEN$g}E{nFlo*Jva!452Er{y)ZE4!3mM1mW#8GUnPPn*b0nG)#iXs<;Iloa>|IJ zazz*mI3G)JgB+5`iEA`vIU>xYa%&|cRiVM=0)9NZ6uy%Qa9fEhDlZnG`QKIbOFSm&o!W5xrNIioTdHgc|`+%62SEdczfOb9Sl*FfYbt=;x)81=daR zK}JTSHVTQPqu`$smk8FuKm_u5ep6j`6F&}h6Hrhyx^A}F#x`g}^671#BC5qc1~jpn z&jDyckxg|emZQ`$MHj7_oR5lCX$(-wzlV4t%WOOLO0c>$R!BVrfl5E}InXZ&D`e%B z$UFcg%l?NMA|J`hIi_Zz^UJ073OXUaP)5WpLmXQ{iRK9o%rC?%R6j_d?JX@@mk}&F z4{0E19UAwXp3w4r#ew7pDFuxaB|1acpG&Z*%P&EfxBn;or>}hn|Mqh)Er@6T)@rkD zExf4|xXHGNZHUy#8bZ5an@a=);93+sMgEp-^;X+uIE}G2{-l+ubZ*SjF(* zyjxcr9b+WhR|23Z`Hbhqyyfd4Gb)q~tkxDm_Fhe;#1@dLADC ze$2qzoq>8>2|6IK+$YSnq3cVF*KxnB3CMRe(6cY;%3sF zLY~E}nJxsE=xd}tsHOvr(UoAfH*ah~Jv}3e6~glv*i!fgC^I#wQwH-N;ZF+DSEJH4+H8%ZO#cZxDOKp}p{(ONX`(DtIB@$cZzPIyGB|R3tSKnJS`7_ag zc9Rg8&&nAnK`u$d$iE7mUPWToO2m`lj9ilrPJs^zofMp!=(@9|AIf{Q9V-jJgLO;P z#mTvJ;+N8Z=h8d*6BxmP-mwlh(X?6&+Cuc88tXHwwU;=sOVNAlkuG)-`Gky47$Y80 z?ra$Rlt;|SkROSNllc&$#)eUDH(iR4!|ozR5;!=-B$F^j5o}cl#!j1JtA}_--BidV z;(a9}8IO6;PIU!;F)?%q+mv`71U)3Sa2GB-I$Uhmq?q!F{FZG;!VdYB1}H}LeN{op z{Xsfe)U0~et_Y@Cp|)WGWEoz&t%C%-Jsn&1*2`)WhqPw*Bs}dTYjS3}WmMXQ@yIwJ zd@{?=6q|;s%YK`LVS+a)oy|yj!1vg+1ZXCfb^{Bgp_t3fCK5}Hr$E|Z%4i&31f-Ua zi^w9_FKfXq#^q^krUPu?iZn4YD(QtF%J1@R!K=dK*0Yf7bB_dCtN~e&x{2KaX7*AT z4-7U2HCqUvFvG%zB^Vn>`1JIDmNWaCBB@Ve<=s-8;RLZ^(9?O-IucmfaL3byLmLW4 z^cv7%0)+S@#)|`E{scrJX8d<&xJF5Mi)-@vv%x~<28>zy(Z()eqXd;Q|L&mb;s{h2r+&(im3g3p6|y z1H~P}bD2yfH-h9VKB=BOo!C33L|7TnGi-&`t5t#f$mJ0^t0Z9?8-^`0K}N{PzUT)r zd=u=Z_&tFjBgL-hUmHMr}igq`RruvZ)_X(_&STF+e+tK8=!a6TlgVkblrl0pp}vVjOG&J& z%vg$}78kp4+G2cG-qTI-Yp_rZSr(FsBx!TVCe&zBi5M~+8!Jt)RcDAlvs9Bq^yZhbO&)m5RAPj3rCZNpd@{Fx!=~1=pfGx z*0{%FL&NIMwwg2i{6Asdn z(;0wAJFxx2n&*N=`-Nza((rU*gw1zoN0Di@-O=9Rgx&-5$CU^-N%zik69?%Osn%#H zf=Swn$?#dWSR*cx_8rKfVW=>AfU*+9{M(=yzAg}xbz3O4kJ&Uv`;3JhCtxbCf;8YM zm~up4gn!81vSG|^SIhPz`rD#qZ)iAVEI?Dre)Q&ClE})&k&;OO)cZxmOW&MM9RSQm zoqaaAx)wg)p$v15EU7h9t_4b4Rx&hq7IaF4njs*Z5N2Sp&lx5hUfMiW+cHQ`09qxe z;gCxh9e#Sd!XRUG30x?`{ZU=Uks!T}MQtf>67{L|Ou+D0lJEiu-6&6#(2lMbm z>2QNRIDb+>@^B~ACju}FjW#? z3DRQ{kXsK>l#7gEAj$F2?=`3q$?~8FjzX!7AgMNdrXnFf%k{kemAwGERf2&ya{tK} zVXDYH(QS0gO_sIj3Q8@&Gh~g%1?%GHBeJipL+<8WGiI_1L%`nX}RbsHUS_3 ztB=B$P}sv0EW%b~5wi%<6ay3DFxeQ&>ivFvFG{ zRie)|u>=C_BnJ%u1T@&i-9R*g)ws3B1$LTVN4{Gy3{x1*DUgr}&h3jlAd9-YHi{z6 zYx;-IngH2&w!bB`PdSvf6CNT`D{IcZSexM|n;rGzY60UUggmhtUqT)=q3L50HC#5m zJWN~uy;8?i#u);mqs^_JzO&+-zYJ#mXYo>w9$Y!+bLOnFhz)g*mYTdBql=LbH zPLtF_4>ViG7Hy427fm5Jc=QAsxaKmC67hhdSUVOF_8Vr_5CTFjdW0QJsp3LjmoQ^R zqw@)BJnNCtAw$)poMxSADpu@#!^NAxCua%2)-R*O4)Gyis?j3&;#`J8J^VccNy885 zRRpr`aBU>mY8s4=R~2V)JxGD$q7V^2T6{q@OWNmkp(Ix`Vn(WALmrvQ22LhQ7EiFx21_ zO?Bo*ks5RmMOFLhjv;)g7zq~9OcdSig2^qV0vQ6Zsh^N^qUshxRdgvv z&(~nphj}l!7037x_|^dWd?FLDxrwq>6evitJ}ijBbv5vMK43G_e6pqo4zX9!^`du}IQ}YY!H;bFU@fihz?5#?0oIw`$4;<4VN8TXJ zhKS^_F{qPJQxE^^4gvcIO;5Q}qqlD)J*n#M5H_3^0U==p9Cje%;_qO(a6s%})< z9bvENgfyLT1e&sjQPX5muacfZmDsnn#D~;1x>xm2lUjrSQqi2bUL{bsBKEokq1?#< zDZtXWM=T~5={7Xyoc`kP{0%AW+h4B38>g`J7E+jIHTsw{8lk{b7Sv(NKSY}AmdGXe z9obzNI$}WiP-~m;s05W1q2RsVSdSF;fY`?jd>S+GrYVdp#vNjj!9Iip*8qxib;m^F zpeETM`r5Gp=W#<`#B%XL6qID);3!2+Lk-!I8LchRQ961r%?O(yxnV^**SR;LTQGD& z%R}=RDb5YihLI)2G7hO?_P&7yLR7vL3QaD%um1E)=zOyjmYzQN zjMQStP@h&9jZhR69ob=cIdn<+CT3`UlEKvM2b-Ar$@~cGo9x2a3HLRJ)#-Rcd6HEe zsBri|UeS3^lEza3e@L6b2xJ_oD$5EkF6l)+ls2R=I-S2JzJM%89%#!`nDlF$j(yHw zVbaBM6H?G~VpAnhHa$RegSvra7%j~VMjD#$svd$+F0L+JJ`ujjEs<++WT{S?b4o=D zprv4B&cr>E*rx$qk9$03 z;Pni=X%eGgsyt~}j&0}wQFmivmCQ*9b=<<9cAB0}P6-d+GCEWIgt|rrBUP(;;RMB= zsiObinP654zmHC%u6@=XpU*G492=E&pD?NuRan=SzJu@wokw;OlrpVx1JXMS z=v-y^iu+IB@BC#+?9aS}&X1qOJ{&hc_zXqQiHvx4Q=|Zg=@1_RJ7*;r6=nq6IbQJ^ z23`uTomFN+{mlr4^^ zloIcNkb;gtO^H%v;8rZ=CsfEgQIJ8I<%q1rh6&9#W(>b_1lRmOH_3!;qvazSR-O-* zNvlD(&_0jAO{92AuVioZPm1yrs$?{V$yGrYF=4M9F-kv@e}hv>!Z6~i`_KRSfB%Xk_Ge$N#2Y8Ex5321eC7qmi?+g^(KnbV%o;ZIZ!mP?n7!C?2vSc- z98O~;>5PcjQ+iR>UvI4k6MKN{V+KBr8FKvsV-d6(Et1+ zgGe8=QUi$-k@8Kv(?NPF-k!zMmrne0_`nz!0!KrY7ptrJ1O|v@`H*HQiB9T5sI(o* zhQY|>m$+wmAkBBI? z6^&<<&7jDVwJsKk4Lii)JWa5{{doU(KKMI-<#VsT>*Y$+AO7-J!w&nCzE|;+x51QN zvawRh5hT$VFYwSitr74dlj{xek`O6O52S`a&b$}7V9uB+r7?Pq9vb4O0auTEJZ9h< zGw`OF%bP>I$H4oLy!#|xC!!OF?-Dh7w9j~(%@!Zfr5bNXh?j$~fhM_7a|7(>8t5@V z4|Fj{dy58YZCr6GJ=zlWetC76h97#D#(IFExtp@+Y@ZGY=;CD}D4AaRqV*|EC@(tj zsy>aB(Z1Srm1%AH)xY&y|NgyqUVZlqynLsAlWhb4^0)u~FMQ>lSKssUS|2|Pe#nb$ zNnk(mdq4G?p6}1SyyiFeeCg?bfA$}~)wjxJuw<@9pIw)Yak38M?0OyX~~Bw;>0@_p8T&1 z)Bl{5(|)T#LPs3~j5HL7z~W4jmj-F5aQf1VX1oDTkET=h&#(UrO>8=Y<0OMuQ0Y&W z%)G)%W2$4APIpc{o6Zr&d%)`WFMsI^{}i5o-wV9_82RQyz*27b^&k97hUee^@>(As t&p-T{pa19o=RbJ9zwq*!ADwSL>{{vRH-6=R{F3MUftS~Mv*$}se*kiBNe}=4 diff --git a/sgx_data/sgxwallet.db/CURRENT b/sgx_data/sgxwallet.db/CURRENT deleted file mode 100644 index 1a848522..00000000 --- a/sgx_data/sgxwallet.db/CURRENT +++ /dev/null @@ -1 +0,0 @@ -MANIFEST-000002 diff --git a/sgx_data/sgxwallet.db/LOCK b/sgx_data/sgxwallet.db/LOCK deleted file mode 100644 index e69de29b..00000000 diff --git a/sgx_data/sgxwallet.db/LOG b/sgx_data/sgxwallet.db/LOG deleted file mode 100644 index 6f17e5d9..00000000 --- a/sgx_data/sgxwallet.db/LOG +++ /dev/null @@ -1 +0,0 @@ -2020/05/19-21:00:09.162445 140645839620992 Delete type=3 #1 diff --git a/sgx_data/sgxwallet.db/MANIFEST-000002 b/sgx_data/sgxwallet.db/MANIFEST-000002 deleted file mode 100644 index bbbc585686bcbcc33686059c69d80b7b4e1291cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50 zcmWIhx#Ncn10$nUPHI_dPD+xVQ)NkNd1i5{bAE0?Vo_pAe$kRS-TOEg7@3$k8JJmE F7y#sj5K{mE From 7acee1a7800014305d9f7203d4e45e07eed13fe8 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 20 May 2020 17:34:20 +0300 Subject: [PATCH 16/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 21 ++++++++++++++----- Makefile.am | 9 +++++--- common.h | 5 +---- secure_enclave/Curves.h | 8 +++++++- secure_enclave/DomainParameters.h | 15 +++++++++----- secure_enclave/Point.h | 34 ++++++++++++++++--------------- secure_enclave/Signature.h | 26 ++++++++++++++--------- secure_enclave/Verify.h | 30 +++++++++++++++++++++++++++ secure_enclave/secure_enclave.c | 1 - 9 files changed, 104 insertions(+), 45 deletions(-) create mode 100644 secure_enclave/Verify.h diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index b32327c6..78ece073 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -39,7 +39,10 @@ +#include "secure_enclave/Verify.h" + #include "BLSCrypto.h" + #include "ECDSACrypto.h" @@ -153,16 +156,23 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i } - spdlog::debug("encryptedKeyHex: {}", encryptedKeyHex); - spdlog::debug("HASH: {}", hashHex); - spdlog::debug("encrypted len: {}", dec_len); - if (!encryptKeys) { status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, signature_s, &signature_v, base); + + domain_parameters curve = domain_parameters_init(); + domain_parameters_load_curve(curve, secp256k1); + + point publicKey = point_init(); + + mpz_t msgMpz; mpz_init(msgMpz); + + + + if (mpz_set_str(msgMpz, hashHex, 16) == -1) { spdlog::error("invalid message hash {}", hashHex); goto clean; @@ -173,7 +183,8 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i mpz_clear(msgMpz); - + domain_parameters_clear(curve); + point_clear(publicKey); } else diff --git a/Makefile.am b/Makefile.am index 4c17ec9d..23aaa4db 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ include $(top_srcdir)/build-aux/sgx_app.am ## ## And a pattern rule for building prexoxy functions from EDL files: ## -## %_u.h %_u.c: %.edl +## %_u.h %_u.c: %.edl34 ## ## And sets these Makefile variables: ## @@ -67,9 +67,12 @@ bin_PROGRAMS = sgxwallet testw cert_util ## have to be explicitly listed. COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ - SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp ECDSACrypto.cpp \ + SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \ + secure_enclave/DomainParameters.c ECDSACrypto.cpp \ DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \ - sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c + sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \ + secure_enclave/NumberTheory.c secure_enclave/Signature.c \ + secure_enclave/Curves.c secure_enclave/Point.c COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC) diff --git a/common.h b/common.h index 0c258f85..f96915b4 100644 --- a/common.h +++ b/common.h @@ -35,10 +35,7 @@ using namespace std; #define USER_SPACE #include -#include "secure_enclave/Point.h" -#include "secure_enclave/DomainParameters.h" -#include "secure_enclave/NumberTheory.h" -#include "secure_enclave/Signature.h" +#include "secure_enclave/Verify.h" #include "InvalidStateException.h" diff --git a/secure_enclave/Curves.h b/secure_enclave/Curves.h index b1688afb..8a4bcdff 100644 --- a/secure_enclave/Curves.h +++ b/secure_enclave/Curves.h @@ -25,6 +25,12 @@ #ifndef SGXWALLET_CURVES_H #define SGXWALLET_CURVES_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif + /*Curves that can be loaded using domain_parameters_load_curve()*/ typedef enum { secp112r1 = 0, @@ -47,7 +53,7 @@ typedef enum { secp112r1 = 0, #define NUMBER_OF_CURVES (secp521r1+1) /*Load a curve depending on it's curve number, defined by the enum*/ -void domain_parameters_load_curve(domain_parameters out, curve_list curve); +EXTERNC void domain_parameters_load_curve(domain_parameters out, curve_list curve); /* REMARK: For some weird reason secp112r2 and secp128r2 doesn't want to be stable. Actually they work once in a while. However running the benchmark command gives -1 as operation time, sometimes and only sometimes! diff --git a/secure_enclave/DomainParameters.h b/secure_enclave/DomainParameters.h index 7dfde87b..13b09f20 100644 --- a/secure_enclave/DomainParameters.h +++ b/secure_enclave/DomainParameters.h @@ -23,6 +23,11 @@ #ifndef SGXWALLET_DOMAINPARAMETERS_H #define SGXWALLET_DOMAINPARAMETERS_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif /*Type that represents a point*/ typedef struct point_s* point; @@ -48,13 +53,13 @@ struct domain_parameters_s }; /*Initialize a curve*/ -domain_parameters domain_parameters_init(); +EXTERNC domain_parameters domain_parameters_init(); /*Sets the name of a curve*/ -void domain_parameters_set_name(domain_parameters curve, char* name); +EXTERNC void domain_parameters_set_name(domain_parameters curve, char* name); /*Set domain parameters from decimal unsigned long ints*/ -void domain_parameters_set_ui(domain_parameters curve, +EXTERNC void domain_parameters_set_ui(domain_parameters curve, char* name, unsigned long int p, unsigned long int a, @@ -65,9 +70,9 @@ void domain_parameters_set_ui(domain_parameters curve, unsigned long int h); /*Set domain parameters from hexadecimal string*/ -void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h); +EXTERNC void domain_parameters_set_hex(domain_parameters curve, char* name, char* p, char* a, char* b, char* Gx, char* Gy, char* n, char* h); /*Release memory*/ -void domain_parameters_clear(domain_parameters curve); +EXTERNC void domain_parameters_clear(domain_parameters curve); #endif \ No newline at end of file diff --git a/secure_enclave/Point.h b/secure_enclave/Point.h index a35ef552..a96eebb7 100644 --- a/secure_enclave/Point.h +++ b/secure_enclave/Point.h @@ -26,56 +26,58 @@ #define SGXWALLET_POINT_H + + #include "DomainParameters.h" /*Initialize a point*/ -point point_init(); +EXTERNC point point_init(); /*Release point*/ -void point_clear(point p); +EXTERNC void point_clear(point p); /*Set point to be a infinity*/ -void point_at_infinity(point p); +EXTERNC void point_at_infinity(point p); /*Set R to the additive inverse of P, in the curve curve*/ -void point_inverse(point R, point P, domain_parameters curve); +EXTERNC void point_inverse(point R, point P, domain_parameters curve); /*Print point to standart output stream*/ -void point_print(point p); +EXTERNC void point_print(point p); /*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y); +EXTERNC void point_set_hex(point p, char *x, char *y); /*Set point from decimal unsigned long ints*/ -void point_set_ui(point p, unsigned long int x, unsigned long int y); +EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y); /*Addition of point P + Q = result*/ -void point_addition(point result, point P, point Q, domain_parameters curve); +EXTERNC void point_addition(point result, point P, point Q, domain_parameters curve); /*Set point R = 2P*/ -void point_doubling(point R, point P, domain_parameters curve); +EXTERNC void point_doubling(point R, point P, domain_parameters curve); /*Perform scalar multiplication to P, with the factor multiplier, over the curve curve*/ -void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); +EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); /*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base); +EXTERNC void point_set_str(point p, char *x, char *y, int base); /*Compare two points return 1 if not the same, returns 0 if they are the same*/ -bool point_cmp(point P, point Q); +EXTERNC bool point_cmp(point P, point Q); /*Decompress a point from hexadecimal representation *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.4.*/ -void point_decompress(point P, char* zPoint, domain_parameters curve); +EXTERNC void point_decompress(point P, char* zPoint, domain_parameters curve); /*Compress a point to hexadecimal string *This function is implemented as specified in SEC 1: Elliptic Curve Cryptography, section 2.3.3.*/ -char* point_compress(point P); +EXTERNC char* point_compress(point P); /*Make R a copy of P*/ -void point_copy(point R, point P); +EXTERNC void point_copy(point R, point P); /*Set a point from another point*/ -void point_set(point R, point P); +EXTERNC void point_set(point R, point P); #endif \ No newline at end of file diff --git a/secure_enclave/Signature.h b/secure_enclave/Signature.h index 1c9f679c..a2d8d2fd 100644 --- a/secure_enclave/Signature.h +++ b/secure_enclave/Signature.h @@ -24,6 +24,12 @@ #ifndef SGXWALLET_SIGNATURE_H #define SGXWALLET_SIGNATURE_H +#ifdef __cplusplus +#define EXTERNC extern "C" +#else +#define EXTERNC +#endif + /*Type for representing a signature*/ struct signature_s { @@ -35,34 +41,34 @@ struct signature_s typedef struct signature_s* signature; /*Initialize a signature*/ -signature signature_init(); +EXTERNC signature signature_init(); /*Set signature from strings of a base from 2-62*/ -void signature_set_str(signature sig, char *r, char *s, int base); +EXTERNC void signature_set_str(signature sig, char *r, char *s, int base); /*Set signature from hexadecimal strings*/ -void signature_set_hex(signature sig, char *r, char *s); +EXTERNC void signature_set_hex(signature sig, char *r, char *s); /*Set signature from decimal unsigned long ints*/ -void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); +EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); /*Print signature to standart output stream*/ -void signature_print(signature sig); +EXTERNC void signature_print(signature sig); /*Make R a copy of P*/ -void signature_copy(signature R, signature sig); +EXTERNC void signature_copy(signature R, signature sig); /*Compare two signatures return 1 if not the same, returns 0 if they are the same*/ -bool signature_cmp(signature sig1, signature sig2); +EXTERNC bool signature_cmp(signature sig1, signature sig2); /*Release signature*/ -void signature_free(signature sig); +EXTERNC void signature_free(signature sig); /*Generates a public key for a private key*/ -void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve); +EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, domain_parameters curve); /*Generate signature for a message*/ -void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); +EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); /*Verify the integrity of a message using it's signature*/ static inline bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { diff --git a/secure_enclave/Verify.h b/secure_enclave/Verify.h new file mode 100644 index 00000000..72fb0099 --- /dev/null +++ b/secure_enclave/Verify.h @@ -0,0 +1,30 @@ +/* + Copyright (C) 2019-Present SKALE Labs + + This file is part of sgxwallet. + + sgxwallet is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + sgxwallet is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with sgxwallet. If not, see . + + @file Verify.h + @author Stan Kladko + @date 2020 +*/ +#ifndef SGXWALLET_VERIFY_H +#define SGXWALLET_VERIFY_H +#include "secure_enclave/Point.h" +#include "secure_enclave/DomainParameters.h" +#include "secure_enclave/NumberTheory.h" +#include "secure_enclave/Signature.h" +#include "secure_enclave/Curves.h" +#endif //SGXWALLET_VERIFY_H diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 388f89ba..cf0ae301 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -307,7 +307,6 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate domain_parameters curve = domain_parameters_init(); domain_parameters_load_curve(curve, secp256k1); - point publicKey = point_init(); From 228cb22120aa415f59f3727a555cc8ec754adb8e Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 20 May 2020 19:15:42 +0300 Subject: [PATCH 17/25] SKALE-1880-fix-ecdsa --- ECDSAImpl.c | 5 +++++ Makefile.am | 9 ++++----- common.h | 2 +- secure_enclave/DKGUtils.h | 1 + secure_enclave/Signature.c | 5 ++++- secure_enclave/Verify.h | 3 +++ 6 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 ECDSAImpl.c diff --git a/ECDSAImpl.c b/ECDSAImpl.c new file mode 100644 index 00000000..dc3d89b5 --- /dev/null +++ b/ECDSAImpl.c @@ -0,0 +1,5 @@ +#include "secure_enclave/Point.c" +#include "secure_enclave/DomainParameters.c" +#include "secure_enclave/NumberTheory.c" +#include "secure_enclave/Signature.c" +#include "secure_enclave/Curves.c" \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index 23aaa4db..3a90359d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -45,7 +45,7 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl #AM_CPPFLAGS += -g -Og -AM_CFLAGS = -g -Og -rdynamic -Wl,--no-as-needed -lSegFault +AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault @@ -68,11 +68,10 @@ bin_PROGRAMS = sgxwallet testw cert_util COMMON_SRC = InvalidStateException.cpp Exception.cpp InvalidArgumentException.cpp Log.cpp \ SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp BLSCrypto.cpp \ - secure_enclave/DomainParameters.c ECDSACrypto.cpp \ + ECDSACrypto.cpp \ DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \ sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c \ - secure_enclave/NumberTheory.c secure_enclave/Signature.c \ - secure_enclave/Curves.c secure_enclave/Point.c + ECDSAImpl.c COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h sgxwallet_SOURCES = sgxwallet.c $(COMMON_SRC) @@ -118,4 +117,4 @@ cert_util_SOURCES= InvalidStateException.cpp Exception.cpp InvalidArgumentExcep cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \ -LlibBLS/build/libff/libff \ -l:libbls.a -l:libleveldb.a \ - -l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl + -l:libff.a -lgmp -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl \ No newline at end of file diff --git a/common.h b/common.h index f96915b4..a20beaa6 100644 --- a/common.h +++ b/common.h @@ -33,7 +33,7 @@ using namespace std; #include -#define USER_SPACE + #include #include "secure_enclave/Verify.h" #include "InvalidStateException.h" diff --git a/secure_enclave/DKGUtils.h b/secure_enclave/DKGUtils.h index 9bf6ab86..7c1f8fe0 100644 --- a/secure_enclave/DKGUtils.h +++ b/secure_enclave/DKGUtils.h @@ -31,6 +31,7 @@ #endif #ifdef USER_SPACE + #include #else #include <../tgmp-build/include/sgx_tgmp.h> diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 127fa63b..5c16eece 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -28,6 +28,8 @@ #ifdef USER_SPACE #include + + #else #include <../tgmp-build/include/sgx_tgmp.h> #endif @@ -90,6 +92,7 @@ void signature_extract_public_key(point public_key, mpz_t private_key, domain_pa point_multiplication(public_key, private_key, curve->G, curve); } +#ifndef USER_SPACE /*Generate signature for a message*/ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve) { //message must not have a bit length longer than that of n @@ -177,7 +180,7 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para } - +#endif /*Release signature*/ void signature_free(signature sig) { diff --git a/secure_enclave/Verify.h b/secure_enclave/Verify.h index 72fb0099..4a7365b2 100644 --- a/secure_enclave/Verify.h +++ b/secure_enclave/Verify.h @@ -22,6 +22,9 @@ */ #ifndef SGXWALLET_VERIFY_H #define SGXWALLET_VERIFY_H + +#define USER_SPACE 1 + #include "secure_enclave/Point.h" #include "secure_enclave/DomainParameters.h" #include "secure_enclave/NumberTheory.h" From acc829f0805acfa0ec1387bf6678c48c2d81e8c7 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Wed, 20 May 2020 20:52:31 +0300 Subject: [PATCH 18/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 78ece073..f78d1afc 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -129,13 +129,6 @@ std::string getECDSAPubKey(const char *_encryptedKeyHex) { } string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);// - spdlog::debug("enc_len is {}", enc_len); - spdlog::debug("pubkey is {}", pubKey); - spdlog::debug("pubkey length is {}", pubKey.length()); - spdlog::debug("err str is {}", errMsg.data()); - spdlog::debug("err status is {}", errStatus); - - return pubKey; } From ce9530aebb417bf5b5f9b9fe97dd877509aa041f Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Thu, 21 May 2020 23:19:56 +0300 Subject: [PATCH 19/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 81 ++++++++++++++++++++++++-------------- common.h | 2 + secure_enclave/Signature.c | 68 ++++++++++++++++++++++++++++++++ secure_enclave/Signature.h | 59 +-------------------------- 4 files changed, 122 insertions(+), 88 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index f78d1afc..22d9f4c3 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -57,12 +57,12 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { void fillRandomBuffer(vector& _buffer) { ifstream devRandom("/dev/urandom", ios::in|ios::binary); - devRandom.exceptions(std::ifstream::failbit | std::ifstream::badbit); + devRandom.exceptions(ifstream::failbit | ifstream::badbit); devRandom.read((char*) _buffer.data(), _buffer.size()); devRandom.close(); } -std::vector genECDSAKey() { +vector genECDSAKey() { vector errMsg(1024, 0); int errStatus = 0; vector encr_pr_key(1024, 0); @@ -83,12 +83,12 @@ std::vector genECDSAKey() { spdlog::error("RPCException thrown with status {}", status); throw SGXException(status, errMsg.data()); } - std::vector keys(3); + vector keys(3); vector hexEncrKey(BUF_LEN * 2, 0); carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); keys.at(0) = hexEncrKey.data(); - keys.at(1) = std::string(pub_key_x.data()) + std::string(pub_key_y.data()); + keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); vector randBuffer(32,0); @@ -105,7 +105,7 @@ std::vector genECDSAKey() { return keys; } -std::string getECDSAPubKey(const char *_encryptedKeyHex) { +string getECDSAPubKey(const char *_encryptedKeyHex) { vector errMsg(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); @@ -139,11 +139,15 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i int errStatus = 0; char *signature_r = (char *) calloc(1024, 1); char *signature_s = (char *) calloc(1024, 1); + uint8_t *encr_key = (uint8_t *) calloc(1024, 1); uint8_t signature_v = 0; uint64_t dec_len = 0; + + signature sig = signature_init(); + //uint8_t encr_key[BUF_LEN]; - uint8_t *encr_key = (uint8_t *) calloc(1024, 1); + if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) { throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); } @@ -154,30 +158,13 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, signature_s, &signature_v, base); - domain_parameters curve = domain_parameters_init(); - domain_parameters_load_curve(curve, secp256k1); - - point publicKey = point_init(); - - - mpz_t msgMpz; - mpz_init(msgMpz); - if (mpz_set_str(msgMpz, hashHex, 16) == -1) { - spdlog::error("invalid message hash {}", hashHex); - goto clean; - } - clean: - - mpz_clear(msgMpz); - - domain_parameters_clear(curve); - point_clear(publicKey); + } else @@ -188,8 +175,6 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i } - spdlog::debug("signature r in ecdsa_sign_hash: {}", signature_r); - spdlog::debug("signature s in ecdsa_sign_hash: {}", signature_s); if (status != SGX_SUCCESS) { @@ -204,10 +189,46 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, i signature_vect.at(2) = string(signature_s); } - free(errMsg); - free(signature_r); - free(signature_s); - free(encr_key); + + + domain_parameters curve = domain_parameters_init(); + domain_parameters_load_curve(curve, secp256k1); + point publicKey = point_init(); + + + mpz_t msgMpz; + mpz_init(msgMpz); + + + if (mpz_set_str(msgMpz, hashHex, 16) == -1) { + spdlog::error("invalid message hash {}", hashHex); + goto clean; + } + + + signature_set_str(sig, signature_r, signature_s, 16); + + + if (!signature_verify(msgMpz, sig, publicKey, curve)) { + spdlog::warn("ECDSA sig not verified"); + goto clean; + } + + + + + clean: + + mpz_clear(msgMpz); + domain_parameters_clear(curve); + point_clear(publicKey); + + signature_free(sig); + + SAFE_FREE(errMsg); + SAFE_FREE(signature_r); + SAFE_FREE(signature_s); + SAFE_FREE(encr_key); return signature_vect; } \ No newline at end of file diff --git a/common.h b/common.h index a20beaa6..a2ab135e 100644 --- a/common.h +++ b/common.h @@ -39,6 +39,8 @@ using namespace std; #include "InvalidStateException.h" +#define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}} + inline std::string className(const std::string &prettyFunction) { size_t colons = prettyFunction.find("::"); if (colons == std::string::npos) diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 5c16eece..3ee2fc28 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -188,3 +188,71 @@ void signature_free(signature sig) { mpz_clear(sig->s); free(sig); } + +/*Verify the integrity of a message using it's signature*/ +bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { + + //Initialize variables + mpz_t one, w, u1, u2, t, tt2; + mpz_init(one); + mpz_init(w); + mpz_init(u1); + mpz_init(u2); + mpz_init(t); + mpz_init(tt2); + + mpz_set_ui(one, 1); + + point x = point_init(); + point t1 = point_init(); + point t2 = point_init(); + + bool result = false; + + + if (mpz_cmp(sig->r, one) < 0 && + mpz_cmp(curve->n, sig->r) <= 0 && + mpz_cmp(sig->s, one) < 0 && + mpz_cmp(curve->n, sig->s) <= 0) { + goto clean; + } + + //w = s¯¹ mod n + number_theory_inverse(w, sig->s, curve->n); + + //u1 = message * w mod n + mpz_mod(tt2, message, curve->n); + mpz_mul(t, tt2, w); + mpz_mod(u1, t, curve->n); + + //u2 = r*w mod n + mpz_mul(t, sig->r, w); + mpz_mod(u2, t, curve->n); + + //x = u1*G+u2*Q + point_multiplication(t1, u1, curve->G, curve); + point_multiplication(t2, u2, public_key, curve); + point_addition(x, t1, t2, curve); + + //Get the result, by comparing x value with r and verifying that x is NOT at infinity + + result = mpz_cmp(sig->r, x->x) == 0 && !x->infinity; + + + clean: + + + point_clear(x); + point_clear(t1); + point_clear(t2); + + mpz_clear(one); + mpz_clear(w); + mpz_clear(u1); + mpz_clear(u2); + mpz_clear(t); + mpz_clear(tt2); + + return result; + +} diff --git a/secure_enclave/Signature.h b/secure_enclave/Signature.h index a2d8d2fd..ef9fe95f 100644 --- a/secure_enclave/Signature.h +++ b/secure_enclave/Signature.h @@ -71,63 +71,6 @@ EXTERNC void signature_extract_public_key(point public_key, mpz_t private_key, d EXTERNC void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve); /*Verify the integrity of a message using it's signature*/ -static inline bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) { - - //Initialize variables - mpz_t one, w, u1, u2, t, tt2; - mpz_init(one); mpz_init(w); mpz_init(u1); - mpz_init(u2); mpz_init(t); mpz_init(tt2); - - mpz_set_ui(one, 1); - - point x = point_init(); - point t1 = point_init(); - point t2 = point_init(); - - bool result = false; - - - if (mpz_cmp(sig->r, one) < 0 && - mpz_cmp(curve->n, sig->r) <= 0 && - mpz_cmp(sig->s, one) < 0 && - mpz_cmp(curve->n, sig->s) <= 0) { - goto clean; - } - - //w = s¯¹ mod n - number_theory_inverse(w, sig->s, curve->n); - - //u1 = message * w mod n - mpz_mod(tt2, message, curve->n); - mpz_mul(t, tt2, w); - mpz_mod(u1, t, curve->n); - - //u2 = r*w mod n - mpz_mul(t, sig->r, w); - mpz_mod(u2, t, curve->n); - - //x = u1*G+u2*Q - point_multiplication(t1, u1, curve->G, curve); - point_multiplication(t2, u2, public_key, curve); - point_addition(x, t1, t2, curve); - - //Get the result, by comparing x value with r and verifying that x is NOT at infinity - - result = mpz_cmp(sig->r, x->x) == 0 && !x->infinity; - - - clean: - - - point_clear(x); - point_clear(t1); - point_clear(t2); - - mpz_clear(one); mpz_clear(w); mpz_clear(u1); mpz_clear(u2); mpz_clear(t); - mpz_clear(tt2); - - return result; -} - +EXTERNC bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve); #endif From 7bf43a09fac5b040e01d4cc02df7d817fdbb62e3 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 00:04:32 +0300 Subject: [PATCH 20/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 174 +++++++++++++++++++------------------ secure_enclave/Point.c | 4 +- secure_enclave/Point.h | 4 +- secure_enclave/Signature.c | 4 +- secure_enclave/Signature.h | 4 +- 5 files changed, 99 insertions(+), 91 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 22d9f4c3..209d7e70 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -32,13 +32,10 @@ #include - #include "spdlog/spdlog.h" #include "common.h" - - #include "secure_enclave/Verify.h" #include "BLSCrypto.h" @@ -46,7 +43,6 @@ #include "ECDSACrypto.h" - string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { string px = pub_key_x; string py = pub_key_y; @@ -55,35 +51,35 @@ string concatPubKeyWith0x(char *pub_key_x, char *pub_key_y) { } -void fillRandomBuffer(vector& _buffer) { - ifstream devRandom("/dev/urandom", ios::in|ios::binary); +void fillRandomBuffer(vector &_buffer) { + ifstream devRandom("/dev/urandom", ios::in | ios::binary); devRandom.exceptions(ifstream::failbit | ifstream::badbit); - devRandom.read((char*) _buffer.data(), _buffer.size()); + devRandom.read((char *) _buffer.data(), _buffer.size()); devRandom.close(); } -vector genECDSAKey() { +vector genECDSAKey() { vector errMsg(1024, 0); int errStatus = 0; - vector encr_pr_key(1024, 0); - vectorpub_key_x(1024, 0); - vectorpub_key_y(1024, 0); + vector encr_pr_key(1024, 0); + vector pub_key_x(1024, 0); + vector pub_key_y(1024, 0); uint32_t enc_len = 0; if (!encryptKeys) status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encr_pr_key.data(), - &enc_len, pub_key_x.data(), pub_key_y.data()); + &enc_len, pub_key_x.data(), pub_key_y.data()); else status = trustedGenerateEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encr_pr_key.data(), &enc_len, - pub_key_x.data(), pub_key_y.data()); + errMsg.data(), encr_pr_key.data(), &enc_len, + pub_key_x.data(), pub_key_y.data()); if (status != SGX_SUCCESS || errStatus != 0) { spdlog::error("RPCException thrown with status {}", status); throw SGXException(status, errMsg.data()); } - vector keys(3); + vector keys(3); vector hexEncrKey(BUF_LEN * 2, 0); carray2Hex(encr_pr_key.data(), enc_len, hexEncrKey.data()); @@ -91,10 +87,10 @@ vector genECDSAKey() { keys.at(1) = string(pub_key_x.data()) + string(pub_key_y.data()); - vector randBuffer(32,0); + vector randBuffer(32, 0); fillRandomBuffer(randBuffer); - vector rand_str(64,0); + vector rand_str(64, 0); carray2Hex(randBuffer.data(), 32, rand_str.data()); @@ -110,7 +106,7 @@ string getECDSAPubKey(const char *_encryptedKeyHex) { vector errMsg(BUF_LEN, 0); vector pubKeyX(BUF_LEN, 0); vector pubKeyY(BUF_LEN, 0); - vector encrPrKey(BUF_LEN, 0); + vector encrPrKey(BUF_LEN, 0); int errStatus = 0; uint64_t enc_len = 0; @@ -121,114 +117,126 @@ string getECDSAPubKey(const char *_encryptedKeyHex) { if (!encryptKeys) status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), - pubKeyY.data()); - else status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, - errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); + pubKeyY.data()); + else + status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, + errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data()); if (errStatus != 0) { throw SGXException(-666, errMsg.data()); } string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());//concatPubKeyWith0x(pub_key_x, pub_key_y);// + + if (pubKey.size() != 128) { + spdlog::error("Incorrect pub key size", status); + throw SGXException(666, "Incorrect pub key size"); + } + return pubKey; } -vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { - vector signature_vect(3); - - char *errMsg = (char *) calloc(1024, 1); - int errStatus = 0; - char *signature_r = (char *) calloc(1024, 1); - char *signature_s = (char *) calloc(1024, 1); - uint8_t *encr_key = (uint8_t *) calloc(1024, 1); - uint8_t signature_v = 0; - uint64_t dec_len = 0; +void verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, + const char *signatureS) { signature sig = signature_init(); - //uint8_t encr_key[BUF_LEN]; - - if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)) { - throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex"); - } - - + auto r = pubKeyStr.substr(0, 64); + auto s = pubKeyStr.substr(64, 128); + domain_parameters curve = domain_parameters_init(); + domain_parameters_load_curve(curve, secp256k1); + point publicKey = point_init(); - if (!encryptKeys) { - status = trustedEcdsaSign(eid, &errStatus, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char *) hashHex, signature_r, - signature_s, &signature_v, base); + mpz_t msgMpz; + mpz_init(msgMpz); + if (mpz_set_str(msgMpz, hashHex, 16) == -1) { + spdlog::error("invalid message hash {}", hashHex); + goto clean; + } + signature_set_str(sig, signatureR, signatureS, 16); + point_set_hex(publicKey, r.c_str(), s.c_str()); + if (!signature_verify(msgMpz, sig, publicKey, curve)) { + spdlog::error("ECDSA sig not verified"); + goto clean; + } + clean: + mpz_clear(msgMpz); + domain_parameters_clear(curve); + point_clear(publicKey); + signature_free(sig); - +} - } - else - status = trustedEcdsaSignAES(eid, &errStatus, errMsg, encr_key, dec_len, (unsigned char *) hashHex, signature_r, - signature_s, &signature_v, base); - if (errStatus != 0) { - throw SGXException(-666, errMsg); - } +vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { + vector signature_vect(3); + vector errMsg(1024, 0); + int errStatus = 0; + vector signatureR(1024, 0); + vector signatureS(1024, 0); + vector encryptedKey(1024, 0); + uint8_t signatureV = 0; + uint64_t decLen = 0; + string pubKeyStr = ""; + shared_ptr exception = NULL; - if (status != SGX_SUCCESS) { - spdlog::error(" failed to sign "); - } - signature_vect.at(0) = to_string(signature_v); - if (base == 16) { - signature_vect.at(1) = "0x" + string(signature_r); - signature_vect.at(2) = "0x" + string(signature_s); - } else { - signature_vect.at(1) = string(signature_r); - signature_vect.at(2) = string(signature_s); + if (!hex2carray(encryptedKeyHex, &decLen, encryptedKey.data())) { + exception = make_shared(INVALID_HEX, "Invalid encryptedKeyHex"); + goto clean; } + pubKeyStr = getECDSAPubKey(encryptedKeyHex); - domain_parameters curve = domain_parameters_init(); - domain_parameters_load_curve(curve, secp256k1); - point publicKey = point_init(); - - - mpz_t msgMpz; - mpz_init(msgMpz); + if (!encryptKeys) { + status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), + encryptedKey.data(), ECDSA_ENCR_LEN, (unsigned char *) hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); - if (mpz_set_str(msgMpz, hashHex, 16) == -1) { - spdlog::error("invalid message hash {}", hashHex); + } else + status = trustedEcdsaSignAES(eid, &errStatus, + errMsg.data(), encryptedKey.data(), decLen, (unsigned char *) hashHex, + signatureR.data(), + signatureS.data(), &signatureV, base); + if (errStatus != 0) { + exception = make_shared(666, errMsg.data()); goto clean; } - signature_set_str(sig, signature_r, signature_s, 16); - - - if (!signature_verify(msgMpz, sig, publicKey, curve)) { - spdlog::warn("ECDSA sig not verified"); + if (status != SGX_SUCCESS) { + spdlog::error("failed to sign {}", status); + exception = make_shared(666, "failed to sign"); goto clean; } + signature_vect.at(0) = to_string(signatureV); + if (base == 16) { + signature_vect.at(1) = "0x" + string(signatureR.data()); + signature_vect.at(2) = "0x" + string(signatureS.data()); + } else { + signature_vect.at(1) = string(signatureR.data()); + signature_vect.at(2) = string(signatureS.data()); + } + /* Now verify signature */ + verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data()); clean: - mpz_clear(msgMpz); - domain_parameters_clear(curve); - point_clear(publicKey); - - signature_free(sig); - - SAFE_FREE(errMsg); - SAFE_FREE(signature_r); - SAFE_FREE(signature_s); - SAFE_FREE(encr_key); + if (exception) + throw *exception; return signature_vect; } \ No newline at end of file diff --git a/secure_enclave/Point.c b/secure_enclave/Point.c index 9d2b1f38..db71fd52 100644 --- a/secure_enclave/Point.c +++ b/secure_enclave/Point.c @@ -82,14 +82,14 @@ void point_set(point R, point P) } /*Set point from strings of a base from 2-62*/ -void point_set_str(point p, char *x, char *y, int base) +void point_set_str(point p, const char *x, const char *y, int base) { mpz_set_str(p->x, x, base); mpz_set_str(p->y, y, base); } /*Set point from hexadecimal strings*/ -void point_set_hex(point p, char *x, char *y) +void point_set_hex(point p, const char *x, const char *y) { point_set_str(p,x,y,16); } diff --git a/secure_enclave/Point.h b/secure_enclave/Point.h index a96eebb7..ef57b485 100644 --- a/secure_enclave/Point.h +++ b/secure_enclave/Point.h @@ -46,7 +46,7 @@ EXTERNC void point_inverse(point R, point P, domain_parameters curve); EXTERNC void point_print(point p); /*Set point from hexadecimal strings*/ -EXTERNC void point_set_hex(point p, char *x, char *y); +EXTERNC void point_set_hex(point p, const char *x, const char *y); /*Set point from decimal unsigned long ints*/ EXTERNC void point_set_ui(point p, unsigned long int x, unsigned long int y); @@ -61,7 +61,7 @@ EXTERNC void point_doubling(point R, point P, domain_parameters curve); EXTERNC void point_multiplication(point R, mpz_t multiplier, point P, domain_parameters curve); /*Set point from strings of a base from 2-62*/ -EXTERNC void point_set_str(point p, char *x, char *y, int base); +EXTERNC void point_set_str(point p, const char *x, const char *y, int base); /*Compare two points return 1 if not the same, returns 0 if they are the same*/ EXTERNC bool point_cmp(point P, point Q); diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 3ee2fc28..71c3f879 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -59,13 +59,13 @@ void signature_print(signature sig) { } /*Set signature from strings of a base from 2-62*/ -void signature_set_str(signature sig, char *r, char *s, int base) { +void signature_set_str(signature sig, const char *r, const char *s, int base) { mpz_set_str(sig->r, r, base); mpz_set_str(sig->s, s, base); } /*Set signature from hexadecimal strings*/ -void signature_set_hex(signature sig, char *r, char *s) { +void signature_set_hex(signature sig, const char *r, const char *s) { signature_set_str(sig, r, s, 16); } diff --git a/secure_enclave/Signature.h b/secure_enclave/Signature.h index ef9fe95f..cfe57014 100644 --- a/secure_enclave/Signature.h +++ b/secure_enclave/Signature.h @@ -44,10 +44,10 @@ typedef struct signature_s* signature; EXTERNC signature signature_init(); /*Set signature from strings of a base from 2-62*/ -EXTERNC void signature_set_str(signature sig, char *r, char *s, int base); +EXTERNC void signature_set_str(signature sig, const char *r, const char *s, int base); /*Set signature from hexadecimal strings*/ -EXTERNC void signature_set_hex(signature sig, char *r, char *s); +EXTERNC void signature_set_hex(signature sig, const char *r, const char *s); /*Set signature from decimal unsigned long ints*/ EXTERNC void signature_set_ui(signature sig, unsigned long int r, unsigned long int s); From d2e6f8ca609a526b271981fd19eaa6405d9976d6 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 00:17:22 +0300 Subject: [PATCH 21/25] SKALE-1880-fix-ecdsa --- ECDSACrypto.cpp | 27 ++++++++++++++++++--------- secure_enclave/Signature.c | 2 ++ 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/ECDSACrypto.cpp b/ECDSACrypto.cpp index 209d7e70..3cbcd608 100644 --- a/ECDSACrypto.cpp +++ b/ECDSACrypto.cpp @@ -135,9 +135,10 @@ string getECDSAPubKey(const char *_encryptedKeyHex) { return pubKey; } -void verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, +bool verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatureR, const char *signatureS) { + bool result = false; signature sig = signature_init(); @@ -158,12 +159,15 @@ void verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur } signature_set_str(sig, signatureR, signatureS, 16); + point_set_hex(publicKey, r.c_str(), s.c_str()); if (!signature_verify(msgMpz, sig, publicKey, curve)) { spdlog::error("ECDSA sig not verified"); goto clean; } + result = true; + clean: mpz_clear(msgMpz); @@ -171,10 +175,12 @@ void verifyECDSASig(string& pubKeyStr, const char *hashHex, const char *signatur point_clear(publicKey); signature_free(sig); + return result; + } vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, int base) { - vector signature_vect(3); + vector signatureVector(3); vector errMsg(1024, 0); int errStatus = 0; @@ -219,18 +225,21 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, exception = make_shared(666, "failed to sign"); goto clean; } - signature_vect.at(0) = to_string(signatureV); + signatureVector.at(0) = to_string(signatureV); if (base == 16) { - signature_vect.at(1) = "0x" + string(signatureR.data()); - signature_vect.at(2) = "0x" + string(signatureS.data()); + signatureVector.at(1) = "0x" + string(signatureR.data()); + signatureVector.at(2) = "0x" + string(signatureS.data()); } else { - signature_vect.at(1) = string(signatureR.data()); - signature_vect.at(2) = string(signatureS.data()); + signatureVector.at(1) = string(signatureR.data()); + signatureVector.at(2) = string(signatureS.data()); } /* Now verify signature */ - verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data()); + if (!verifyECDSASig(pubKeyStr, hashHex, signatureR.data(), signatureS.data())) { + exception = make_shared(667, "ECDSA did not verify"); + goto clean; + } clean: @@ -238,5 +247,5 @@ vector ecdsaSignHash(const char *encryptedKeyHex, const char *hashHex, if (exception) throw *exception; - return signature_vect; + return signatureVector; } \ No newline at end of file diff --git a/secure_enclave/Signature.c b/secure_enclave/Signature.c index 71c3f879..e6a63391 100644 --- a/secure_enclave/Signature.c +++ b/secure_enclave/Signature.c @@ -256,3 +256,5 @@ bool signature_verify(mpz_t message, signature sig, point public_key, domain_par return result; } + + From 2a1e807a710bd43b90827d3b00ef7057c5239b6b Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 00:26:41 +0300 Subject: [PATCH 22/25] SKALE-1880-fix-ecdsa --- SGXWalletServer.cpp | 56 ++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index 9f6e2658..a1c9ad9c 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -212,15 +212,15 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin if (!checkName(_keyShareName, "BLS_KEY")) { throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name"); } - string cutHash = _messageHash; - if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { - cutHash.erase(cutHash.begin(), cutHash.begin() + 2); + string hashTmp = _messageHash; + if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2); } - while (cutHash[0] == '0') { - cutHash.erase(cutHash.begin(), cutHash.begin() + 1); + while (hashTmp[0] == '0') { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1); } - if (!checkHex(cutHash)) { + if (!checkHex(hashTmp)) { throw SGXException(INVALID_HEX, "Invalid hash"); } @@ -318,10 +318,10 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st throw SGXException(UNKNOWN_ERROR, "invalid key name"); } - shared_ptr key_ptr = readFromDb(_tempKeyName); + shared_ptr encryptedKey = readFromDb(_tempKeyName); - writeDataToDB(_keyName, *key_ptr); + writeDataToDB(_keyName, *encryptedKey); LevelDB::getLevelDb()->deleteTempNEK(_tempKeyName); } HANDLE_SGX_EXCEPTION(result) @@ -339,40 +339,40 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_ result["signature_r"] = ""; result["signature_s"] = ""; - vector sign_vect(3); + vector signatureVector(3); try { - string cutHash = _messageHash; - if (cutHash[0] == '0' && (cutHash[1] == 'x' || cutHash[1] == 'X')) { - cutHash.erase(cutHash.begin(), cutHash.begin() + 2); + string hashTmp = _messageHash; + if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2); } - while (cutHash[0] == '0') { - cutHash.erase(cutHash.begin(), cutHash.begin() + 1); + while (hashTmp[0] == '0') { + hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 1); } if (!checkECDSAKeyName(_keyName)) { throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name"); } - if (!checkHex(cutHash)) { + if (!checkHex(hashTmp)) { throw SGXException(INVALID_HEX, "Invalid hash"); } if (_base <= 0 || _base > 32) { throw SGXException(-22, "Invalid base"); } - shared_ptr key_ptr = readFromDb(_keyName, ""); + shared_ptr encryptedKey = readFromDb(_keyName, ""); - sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base); - if (sign_vect.size() != 3) { + signatureVector = ecdsaSignHash(encryptedKey->c_str(), hashTmp.c_str(), _base); + if (signatureVector.size() != 3) { throw SGXException(INVALID_ECSDA_SIGNATURE, "Invalid ecdsa signature"); } - spdlog::debug("got signature_s {}", sign_vect.at(2)); + spdlog::debug("got signature_s {}", signatureVector.at(2)); - result["signature_v"] = sign_vect.at(0); - result["signature_r"] = sign_vect.at(1); - result["signature_s"] = sign_vect.at(2); + result["signature_v"] = signatureVector.at(0); + result["signature_r"] = signatureVector.at(1); + result["signature_s"] = signatureVector.at(2); } HANDLE_SGX_EXCEPTION(result) @@ -443,14 +443,14 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t "); } - shared_ptr encr_poly_ptr = readFromDb(_polyName); + shared_ptr encrPoly = readFromDb(_polyName); - verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n); + verifVector = get_verif_vect(encrPoly->c_str(), _t, _n); for (int i = 0; i < _t; i++) { - vector cur_coef = verifVector.at(i); + vector currentCoef = verifVector.at(i); for (int j = 0; j < 4; j++) { - result["verificationVector"][i][j] = cur_coef.at(j); + result["verificationVector"][i][j] = currentCoef.at(j); } } @@ -480,7 +480,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t "); } - shared_ptr encr_poly_ptr = readFromDb(_polyName); + shared_ptr encrPoly = readFromDb(_polyName); vector pubKeysStrs; for (int i = 0; i < _n; i++) { @@ -490,7 +490,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J pubKeysStrs.push_back(_pubKeys[i].asString()); } - string s = trustedGetSecretShares(_polyName, encr_poly_ptr->c_str(), pubKeysStrs, _t, _n); + string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n); //cerr << "result is " << s << endl; result["secretShare"] = s; From f1a2f547d8ff5f0b0293b29a26ff7fe80f2ebfcb Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 00:29:21 +0300 Subject: [PATCH 23/25] SKALE-1880-fix-ecdsa --- SGXWALLET_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SGXWALLET_VERSION b/SGXWALLET_VERSION index be867a16..d633666f 100644 --- a/SGXWALLET_VERSION +++ b/SGXWALLET_VERSION @@ -1 +1 @@ -#define SGXWALLET_VERSION "1.49.5" +#define SGXWALLET_VERSION "1.50.2" From 6ba1f1c9dd80d0cdbbf527248e4ddb610d3ec7f7 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 01:20:31 +0300 Subject: [PATCH 24/25] SKALE-1880-fix-ecdsa --- Makefile.am | 8 ++++---- SGXWALLET_VERSION | 1 - SGXWalletServer.cpp | 6 ++---- SGXWalletServer.hpp | 10 ++++++++++ ServerInit.cpp | 2 +- ServerInit.h | 1 - testw.cpp | 2 +- 7 files changed, 18 insertions(+), 12 deletions(-) delete mode 100644 SGXWALLET_VERSION diff --git a/Makefile.am b/Makefile.am index 3a90359d..d3be6d86 100644 --- a/Makefile.am +++ b/Makefile.am @@ -33,7 +33,7 @@ SUBDIRS=secure_enclave ## ## SGX_EDGER8R_FLAGS= - +WALLET_VERSION := $(shell cat VERSION) ## Needed to make our pattern rule work. @@ -45,11 +45,11 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl #AM_CPPFLAGS += -g -Og -AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault +AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" +AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" -AM_CPPFLAGS += -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include +AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS) -I. -I./libBLS/deps/deps_inst/x86_or_x64/include ## Additional targets to remove with 'make clean'. You must list ## any edger8r generated files here. diff --git a/SGXWALLET_VERSION b/SGXWALLET_VERSION deleted file mode 100644 index d633666f..00000000 --- a/SGXWALLET_VERSION +++ /dev/null @@ -1 +0,0 @@ -#define SGXWALLET_VERSION "1.50.2" diff --git a/SGXWalletServer.cpp b/SGXWalletServer.cpp index a1c9ad9c..0e6d4683 100644 --- a/SGXWalletServer.cpp +++ b/SGXWalletServer.cpp @@ -678,12 +678,10 @@ Json::Value SGXWalletServer::getServerStatusImpl() { return result; } -Json::Value SGXWalletServer::getServerVersionImpl() { +Json::Value SGXWalletServer::getServerVersionImpl() { INIT_RESULT(result) - - result["version"] = SGXWALLET_VERSION; - + result["version"] = TOSTRING(SGXWALLET_VERSION); return result; } diff --git a/SGXWalletServer.hpp b/SGXWalletServer.hpp index a243945f..63079692 100644 --- a/SGXWalletServer.hpp +++ b/SGXWalletServer.hpp @@ -33,8 +33,13 @@ using namespace jsonrpc; using namespace std; +#define STRINGIFY(x) #x +#define TOSTRING(x) STRINGIFY(x) + class SGXWalletServer : public AbstractStubServer { + + recursive_mutex m; static shared_ptr server; @@ -42,6 +47,11 @@ class SGXWalletServer : public AbstractStubServer { public: + + static const char* getVersion() { + return TOSTRING(SGXWALLET_VERSION); + } + SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type); virtual Json::Value diff --git a/ServerInit.cpp b/ServerInit.cpp index e5323a04..cd3c6a94 100644 --- a/ServerInit.cpp +++ b/ServerInit.cpp @@ -111,7 +111,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) { static int sgxServerInited; - cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl; + cout << "Running sgxwallet version:" << SGXWalletServer::getVersion() << endl; CHECK_STATE(sgxServerInited == 0) sgxServerInited = 1; diff --git a/ServerInit.h b/ServerInit.h index 19702c5b..73296b61 100644 --- a/ServerInit.h +++ b/ServerInit.h @@ -25,7 +25,6 @@ #define SGXWALLET_SERVERINIT_H #include "stdint.h" -#include "SGXWALLET_VERSION" #ifdef __cplusplus #define EXTERNC extern "C" diff --git a/testw.cpp b/testw.cpp index 4c253e81..15bd07e4 100644 --- a/testw.cpp +++ b/testw.cpp @@ -776,7 +776,7 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") { TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") { HttpClient client(RPC_ENDPOINT); StubClient c(client, JSONRPC_CLIENT_V2); - REQUIRE(c.getServerVersion()["version"] == SGXWALLET_VERSION); + REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion()); } From dcca6f29bc45172b40254176c4387992fa9a5370 Mon Sep 17 00:00:00 2001 From: kladko <13399135+kladkogex@users.noreply.github.com> Date: Fri, 22 May 2020 11:21:26 +0300 Subject: [PATCH 25/25] SKALE-1880-fix-ecdsa --- Dockerfile | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index bc6f0f9b..6e47a943 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,28 +1,8 @@ FROM skalenetwork/sgxwallet_base:latest + +COPY . /usr/src/sdk WORKDIR /usr/src/sdk -RUN ccache -sz -RUN touch /var/hwmode -COPY *.cpp ./ -COPY *.h ./ -COPY *.txt ./ -COPY *.c ./ -COPY *.am ./ -COPY *.hpp ./ -COPY *.gmp ./ -COPY *.ac ./ -COPY *.json ./ -COPY docker ./docker -COPY build-aux ./build-aux -COPY cert ./cert -COPY jsonrpc ./jsonrpc -COPY autoconf.bash ./ -COPY leveldb ./leveldb -COPY m4 ./m4 -COPY scripts ./scripts -COPY secure_enclave ./secure_enclave -COPY spdlog ./spdlog -COPY SGXWALLET_VERSION ./ RUN ./autoconf.bash RUN ./configure