Skip to content
Permalink
Browse files Browse the repository at this point in the history
SKALE-3205-restart
  • Loading branch information
kladkogex committed Sep 8, 2020
1 parent da89bfe commit 77425c8
Show file tree
Hide file tree
Showing 10 changed files with 131 additions and 157 deletions.
9 changes: 5 additions & 4 deletions BLSCrypto.cpp
Expand Up @@ -86,7 +86,7 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,

CHECK_STATE(_hexArrayLen > 2 * _len);

for (int j = 0; j < _len; j++) {
for (uint64_t j = 0; j < _len; j++) {
_hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)];
_hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F];
}
Expand All @@ -105,7 +105,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,
CHECK_STATE(_bin_len)


int len = strnlen(_hex, 2 * _max_length + 1);
uint64_t len = strnlen(_hex, 2 * _max_length + 1);

CHECK_STATE(len != 2 * _max_length + 1);

Expand All @@ -117,7 +117,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,

*_bin_len = len / 2;

for (int i = 0; i < len / 2; i++) {
for (uint64_t i = 0; i < len / 2; i++) {
int high = char2int((char) _hex[i * 2]);
int low = char2int((char) _hex[i * 2 + 1]);

Expand Down Expand Up @@ -247,7 +247,8 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key

strncpy(keyArray->data(), _key, BUF_LEN);
*errStatus = 0;
unsigned int encryptedLen = 0;

uint64_t encryptedLen = 0;

sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen);

Expand Down
10 changes: 5 additions & 5 deletions DKGCrypto.cpp
Expand Up @@ -135,13 +135,13 @@ string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string
string gen_dkg_poly(int _t) {
vector<char> errMsg(BUF_LEN, 0);
int errStatus = 0;
uint32_t enc_len = 0;
uint64_t enc_len = 0;

vector <uint8_t> encrypted_dkg_secret(BUF_LEN, 0);

sgx_status_t status = trustedGenDkgSecretAES(
eid, &errStatus,errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);


sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());

uint64_t length = enc_len;;
Expand Down Expand Up @@ -214,7 +214,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve

for (int i = 0; i < _n; i++) {
vector <uint8_t> encryptedSkey(BUF_LEN, 0);
uint32_t decLen;
uint64_t decLen;
vector<char> currentShare(193, 0);
vector<char> sShareG2(320, 0);

Expand Down Expand Up @@ -300,7 +300,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
}

uint32_t enc_bls_len = 0;
uint64_t enc_bls_len = 0;

sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
&enc_bls_len);
Expand Down
2 changes: 1 addition & 1 deletion ECDSACrypto.cpp
Expand Up @@ -54,7 +54,7 @@ vector <string> genECDSAKey() {
vector<char> pub_key_x(BUF_LEN, 0);
vector<char> pub_key_y(BUF_LEN, 0);

uint32_t enc_len = 0;
uint64_t enc_len = 0;

sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
errMsg.data(), encr_pr_key.data(), &enc_len,
Expand Down
6 changes: 3 additions & 3 deletions SEKManager.cpp
Expand Up @@ -52,7 +52,7 @@ bool case_insensitive_match(string s1, string s2) {
void create_test_key() {
int errStatus = 0;
vector<char> errMsg(1024, 0);
uint32_t enc_len;
uint64_t enc_len;

SAFE_UINT8_BUF(encrypted_key, BUF_LEN);

Expand Down Expand Up @@ -109,7 +109,7 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {

auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0);

uint32_t l = 0;
uint64_t l = 0;

sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
SEK.c_str());
Expand All @@ -127,7 +127,7 @@ void gen_SEK() {
vector<char> errMsg(1024, 0);
int err_status = 0;
vector <uint8_t> encrypted_SEK(1024, 0);
uint32_t enc_len = 0;
uint64_t enc_len = 0;

SAFE_CHAR_BUF(SEK, 65);

Expand Down
2 changes: 1 addition & 1 deletion SGXWalletServer.cpp
Expand Up @@ -563,7 +563,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu

vector<string> public_keys = calculateAllBlsPublicKeys(public_shares);

if (public_keys.size() != n) {
if (public_keys.size() != (uint64_t)n) {
throw SGXException(UNKNOWN_ERROR, "");
}

Expand Down
98 changes: 31 additions & 67 deletions secure_enclave/AESUtils.c
Expand Up @@ -27,12 +27,24 @@
#include "stdlib.h"
#include <string.h>


#include "AESUtils.h"

sgx_aes_gcm_128bit_key_t AES_key;
sgx_aes_gcm_128bit_key_t AES_DH_key;

int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {

#define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);

int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned char type,
unsigned char decryptable, uint64_t* resultLen) {



if (!type) {
LOG_ERROR("Null type in AES_encrypt");
return -1;
}

if (!message) {
LOG_ERROR("Null message in AES_encrypt");
Expand All @@ -46,19 +58,31 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {

uint64_t len = strlen(message) + 1;

if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}

SAFE_CHAR_BUF(fullMessage, len + 2);

fullMessage[0] = type;
fullMessage[1] = decryptable;

strncpy(fullMessage + 2, message, len );

len = len + 2;
message = fullMessage;

sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);

sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);

*resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;

return status;
}

Expand Down Expand Up @@ -96,78 +120,18 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);

return status;
}




int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) {

if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}

if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}

uint64_t len = strlen(message) + 1;

if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}

sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);

sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
for (int i = 2; i < strlen(message) + 1; i++) {
message[i - 2 ] = message[i];
}

return status;
return status;
}

int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {

if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}

if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}


if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
return -1;
}



uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;

if (msgLen < len) {
LOG_ERROR("Output buffer not large enough");
return -2;
}

sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
(unsigned char*) message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);

return status;
}



Expand Down
11 changes: 10 additions & 1 deletion secure_enclave/AESUtils.h
Expand Up @@ -27,13 +27,22 @@
extern sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_DH_key;

int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
unsigned char type, unsigned char decryptable, uint64_t* resultLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;

int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;

void derive_DH_Key();

#define ECDSA '1'
#define BLS '2'
#define DKG '3'

#define DECRYPTABLE '1'
#define NON_DECRYPTABLE '2'



#endif //SGXD_AESUTILS_H

0 comments on commit 77425c8

Please sign in to comment.