[WIP] Add Sealing Key

commerceblock · Apr 5, 2024 · e7a5b86 · e7a5b86
1 parent f308e68
commit e7a5b86
Show file tree

Hide file tree

Showing 17 changed files with 854 additions and 889 deletions.
diff --git a/enclave/App/App.cpp b/enclave/App/App.cpp
diff --git a/enclave/App/database/db_manager.cpp b/enclave/App/database/db_manager.cpp
diff --git a/enclave/App/database/db_manager.h b/enclave/App/database/db_manager.h
@@ -4,18 +4,38 @@
 #define DB_MANAGER_H
 
 #include "../Enclave_u.h"
+#include <memory>
 #include <string>
 
 namespace db_manager {
 
-    // Remove these 2 functions. Sealed seeds should be stored in the file system.
-    bool add_sealed_seed(char* sealed_secret, size_t sealed_secret_size, std::string& error_message);
-    bool get_sealed_seed(char* sealed_secret, size_t sealed_secret_size, std::string& error_message);
-
     bool save_generated_public_key(
-        const chacha20_poly1305_encrypted_data& encrypted_data, 
+        const chacha20_poly1305_encrypted_data& encrypted_keypair, 
+        unsigned char* server_public_key, size_t server_public_key_size,
+        const std::string& statechain_id,
+        std::string& error_message);
+
+    bool load_generated_key_data(
+        const std::string& statechain_id, 
+        std::unique_ptr<chacha20_poly1305_encrypted_data>& encrypted_keypair,
+        std::unique_ptr<chacha20_poly1305_encrypted_data>& encrypted_secnonce,
+        unsigned char* public_nonce, const size_t public_nonce_size, 
+        std::string& error_message);
+
+    bool update_sealed_secnonce(
+        const std::string& statechain_id, 
+        unsigned char* serialized_server_pubnonce, const size_t serialized_server_pubnonce_size, 
+        const chacha20_poly1305_encrypted_data& encrypted_secnonce, 
+        std::string& error_message);
+
+    bool update_sig_count(const std::string& statechain_id);
+
+    bool signature_count(const std::string& statechain_id, int& sig_count);
+
+    bool update_sealed_keypair(
+        const chacha20_poly1305_encrypted_data& encrypted_keypair, 
         unsigned char* server_public_key, size_t server_public_key_size,
-        std::string& statechain_id,
+        const std::string& statechain_id,
         std::string& error_message);
 }
 

diff --git a/enclave/App/sealing_key_manager/sealing_key_manager.h b/enclave/App/sealing_key_manager/sealing_key_manager.h
@@ -45,10 +45,6 @@ namespace sealing_key_manager {
         // bool testSealedSeed(sgx_enclave_id_t& enclave_id);
         void listKeyShares();
     };
-
-
-
-
 }
 
 #endif // SEALING_KEY_MANAGER_H
diff --git a/enclave/App/statechain/deposit.cpp b/enclave/App/statechain/deposit.cpp
@@ -0,0 +1,49 @@
+#include "deposit.h"
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#pragma GCC diagnostic ignored "-Wfloat-equal"
+#pragma GCC diagnostic ignored "-Wshadow"
+#pragma GCC diagnostic ignored "-Wconversion"
+#include <lib/crow_all.h>
+#pragma GCC diagnostic pop
+
+#include "../../utils/strencodings.h"
+#include "../../utils/include_secp256k1_zkp_lib.h"
+#include "../database/db_manager.h"
+#include "../statechain/deposit.h"
+#include "../sealing_key_manager/sealing_key_manager.h"
+
+#include "../Enclave_u.h"
+
+namespace deposit {
+    crow::response get_public_key(sgx_enclave_id_t& enclave_id, const std::string& statechain_id, sealing_key_manager::SealingKeyManager& sealing_key_manager) {
+        // 1. Allocate memory for the aggregated pubkey and sealedprivkey.
+        size_t server_pubkey_size = 33; // serialized compressed public keys are 33-byte array
+        unsigned char server_pubkey[server_pubkey_size];
+
+        // new encryption scheme
+        chacha20_poly1305_encrypted_data encrypted_data;
+        utils::initialize_encrypted_data(encrypted_data, sizeof(secp256k1_keypair));
+
+        sgx_status_t ecall_ret;
+        enclave_generate_new_keypair(enclave_id, &ecall_ret, 
+            server_pubkey, server_pubkey_size, 
+            sealing_key_manager.sealed_seed, sealing_key_manager.sealed_seed_size,
+            &encrypted_data);
+
+        std::string error_message;
+        bool data_saved = db_manager::save_generated_public_key(encrypted_data, server_pubkey, server_pubkey_size, statechain_id, error_message);
+
+        auto server_seckey_hex = key_to_string(server_pubkey, server_pubkey_size);
+
+        if (!data_saved) {
+            error_message = "Failed to save aggregated key data: " + error_message;
+            return crow::response(500, error_message);
+        }
+
+        crow::json::wvalue result({{"server_pubkey", server_seckey_hex}});
+        return crow::response{result};
+    }
+}
diff --git a/enclave/App/statechain/deposit.h b/enclave/App/statechain/deposit.h
@@ -0,0 +1,22 @@
+#pragma once
+
+#ifndef STATECHAIN_DEPOSIT_H
+#define STATECHAIN_DEPOSIT_H
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#pragma GCC diagnostic ignored "-Wfloat-equal"
+#pragma GCC diagnostic ignored "-Wshadow"
+#pragma GCC diagnostic ignored "-Wconversion"
+#include <lib/crow_all.h>
+#pragma GCC diagnostic pop
+
+#include "../Enclave_u.h"
+#include "../sealing_key_manager/sealing_key_manager.h"
+
+namespace deposit {
+    crow::response get_public_key(sgx_enclave_id_t& enclave_id, const std::string& statechain_id, sealing_key_manager::SealingKeyManager& sealing_key_manager);
+}
+
+#endif // STATECHAIN_DEPOSIT_H
diff --git a/enclave/App/statechain/sign.cpp b/enclave/App/statechain/sign.cpp
@@ -0,0 +1,164 @@
+#include "sign.h"
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#pragma GCC diagnostic ignored "-Wfloat-equal"
+#pragma GCC diagnostic ignored "-Wshadow"
+#pragma GCC diagnostic ignored "-Wconversion"
+#include <lib/crow_all.h>
+#pragma GCC diagnostic pop
+
+#include "../../utils/strencodings.h"
+#include "../../utils/include_secp256k1_zkp_lib.h"
+#include "../database/db_manager.h"
+#include "../Enclave_u.h"
+#include "../sealing_key_manager/sealing_key_manager.h"
+
+namespace signature {
+    crow::response get_public_nonce(sgx_enclave_id_t& enclave_id, const std::string& statechain_id, sealing_key_manager::SealingKeyManager& sealing_key_manager) {
+
+        auto encrypted_keypair = std::make_unique<chacha20_poly1305_encrypted_data>();
+
+        // the secret nonce is not defined yet
+        auto encrypted_secnonce = std::make_unique<chacha20_poly1305_encrypted_data>();
+        encrypted_secnonce.reset();
+
+        std::string error_message;
+        bool data_loaded = db_manager::load_generated_key_data(
+            statechain_id,
+            encrypted_keypair,
+            encrypted_secnonce,
+            nullptr,
+            0,
+            error_message
+        );
+
+        assert(encrypted_secnonce == nullptr);
+
+        if (!data_loaded) {
+            error_message = "Failed to load aggregated key data: " + error_message;
+            return crow::response(500, error_message);
+        }
+
+        unsigned char serialized_server_pubnonce[66];
+        memset(serialized_server_pubnonce, 0, sizeof(serialized_server_pubnonce));
+
+        encrypted_secnonce = std::make_unique<chacha20_poly1305_encrypted_data>();
+        utils::initialize_encrypted_data(*encrypted_secnonce, sizeof(secp256k1_musig_secnonce));
+
+        sgx_status_t ecall_ret;
+        sgx_status_t status = enclave_generate_nonce(
+            enclave_id, &ecall_ret, 
+            sealing_key_manager.sealed_seed, sealing_key_manager.sealed_seed_size,
+            encrypted_keypair.get(),
+            encrypted_secnonce.get(),
+            serialized_server_pubnonce, sizeof(serialized_server_pubnonce));
+
+        if (ecall_ret != SGX_SUCCESS) {
+            return crow::response(500, "Generate Nonce Ecall failed ");
+        }  if (status != SGX_SUCCESS) {
+            return crow::response(500, "Generate Nonce failed ");
+        }
+
+        bool data_saved = db_manager::update_sealed_secnonce(
+            statechain_id,
+            serialized_server_pubnonce, sizeof(serialized_server_pubnonce),
+            *encrypted_secnonce,
+            error_message
+        );
+
+        if (!data_saved) {
+            error_message = "Failed to save sealed secret nonce: " + error_message;
+            return crow::response(500, error_message);
+        }
+
+        auto serialized_server_pubnonce_hex = key_to_string(serialized_server_pubnonce, sizeof(serialized_server_pubnonce));
+
+        crow::json::wvalue result({{"server_pubnonce", serialized_server_pubnonce_hex}});
+        return crow::response{result};
+    }
+
+    crow::response get_partial_signature(
+        sgx_enclave_id_t& enclave_id, 
+        const std::string& statechain_id, 
+        const int64_t negate_seckey, 
+        std::vector<unsigned char>& serialized_session, 
+        const sealing_key_manager::SealingKeyManager& sealing_key_manager) 
+    {
+
+        auto encrypted_keypair = std::make_unique<chacha20_poly1305_encrypted_data>();
+        auto encrypted_secnonce = std::make_unique<chacha20_poly1305_encrypted_data>();
+
+        unsigned char serialized_server_pubnonce[66];
+        memset(serialized_server_pubnonce, 0, sizeof(serialized_server_pubnonce));
+
+        std::string error_message;
+        bool data_loaded = db_manager::load_generated_key_data(
+            statechain_id,
+            encrypted_keypair,
+            encrypted_secnonce,
+            serialized_server_pubnonce,
+            sizeof(serialized_server_pubnonce),
+            error_message
+        );
+
+        if (!data_loaded) {
+            error_message = "Failed to load aggregated key data: " + error_message;
+            return crow::response(500, error_message);
+        }
+
+        bool is_sealed_keypair_empty = encrypted_keypair == nullptr;
+        bool is_sealed_secnonce_empty = encrypted_secnonce == nullptr;
+
+        if (is_sealed_keypair_empty || is_sealed_secnonce_empty) {
+            return crow::response(400, "Empty sealed keypair or sealed secnonce!");
+        }
+
+        unsigned char serialized_partial_sig[32];
+
+        sgx_status_t ecall_ret;
+        sgx_status_t status = enclave_partial_signature(
+            enclave_id, &ecall_ret,
+            sealing_key_manager.sealed_seed, sealing_key_manager.sealed_seed_size,
+            encrypted_keypair.get(),
+            encrypted_secnonce.get(),
+            (int) negate_seckey,
+            serialized_session.data(), serialized_session.size(),
+            serialized_server_pubnonce, sizeof(serialized_server_pubnonce),
+            serialized_partial_sig, sizeof(serialized_partial_sig));
+
+        if (ecall_ret != SGX_SUCCESS) {
+            return crow::response(500, "Enclave Generate Signature Ecall failed ");
+        }  if (status != SGX_SUCCESS) {
+            return crow::response(500, "Enclave Generate Signature failed ");
+        }
+
+        bool sig_count_updated = db_manager::update_sig_count(statechain_id);
+        if (!sig_count_updated) {
+            return crow::response(500, "Failed to update signature count!");
+        }
+
+        auto partial_sig_hex = key_to_string(serialized_partial_sig, sizeof(serialized_partial_sig));
+
+        crow::json::wvalue result({{"partial_sig", partial_sig_hex}});
+        return crow::response{result};
+
+    }
+
+    crow::response signature_count(const std::string& statechain_id) {
+
+        int sig_count;
+        std::string error_message;
+        bool count_retrieved = db_manager::signature_count(statechain_id, sig_count);
+
+        if (!count_retrieved) {
+            error_message = "Failed to retrieve signature count: " + error_message;
+            return crow::response(500, error_message);
+        }
+
+        crow::json::wvalue result({{"sig_count", sig_count}});
+        return crow::response{result};
+
+    }
+}
diff --git a/enclave/App/statechain/sign.h b/enclave/App/statechain/sign.h
@@ -0,0 +1,31 @@
+#pragma once
+
+#ifndef STATECHAIN_SIGN_H
+#define STATECHAIN_SIGN_H
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#pragma GCC diagnostic ignored "-Wfloat-equal"
+#pragma GCC diagnostic ignored "-Wshadow"
+#pragma GCC diagnostic ignored "-Wconversion"
+#include <lib/crow_all.h>
+#pragma GCC diagnostic pop
+
+#include "../Enclave_u.h"
+#include "../sealing_key_manager/sealing_key_manager.h"
+
+namespace signature {
+    crow::response get_public_nonce(sgx_enclave_id_t& enclave_id, const std::string& statechain_id, sealing_key_manager::SealingKeyManager& sealing_key_manager);
+
+    crow::response get_partial_signature(
+        sgx_enclave_id_t& enclave_id, 
+        const std::string& statechain_id, 
+        const int64_t negate_seckey, 
+        std::vector<unsigned char>& serialized_session, 
+        const sealing_key_manager::SealingKeyManager& sealing_key_manager);
+
+    crow::response signature_count(const std::string& statechain_id);
+}
+
+#endif // STATECHAIN_SIGN_H