[WIP] Add Sealing Key

commerceblock · Apr 2, 2024 · f308e68 · f308e68
1 parent a0d06ce
commit f308e68
Show file tree

Hide file tree

Showing 5 changed files with 139 additions and 17 deletions.
diff --git a/enclave/App/App.cpp b/enclave/App/App.cpp
@@ -20,6 +20,7 @@
 #include "../utils/include_secp256k1_zkp_lib.h"
 #include "../utils/strencodings.h"
 #include "utilities/utilities.h"
+#include "database/db_manager.h"
 #include "sealing_key_manager/sealing_key_manager.h"
 
 #include "App.h"
@@ -274,7 +275,7 @@ void ocall_print_hex(const unsigned char** key, const int *keylen)
     printf("%s\n", key_to_string(*key, *keylen).c_str());
 }
 
-void initialize_encrypted_data(chacha20_poly1305_encrypted_data& encrypted_data, size_t data_len, sealing_key_manager::SealingKeyManager& sealing_key_manager) {
+void initialize_encrypted_data(chacha20_poly1305_encrypted_data& encrypted_data, size_t data_len) {
 
     // initialize encrypted_data
     encrypted_data.data_len = data_len;
@@ -283,12 +284,6 @@ void initialize_encrypted_data(chacha20_poly1305_encrypted_data& encrypted_data,
 
     memset(encrypted_data.mac, 0, sizeof(encrypted_data.mac));
     memset(encrypted_data.nonce, 0, sizeof(encrypted_data.nonce));
-
-    // copy sealed seed
-    encrypted_data.sealed_key_len = sealing_key_manager.sealed_seed_size;
-    encrypted_data.sealed_key = new char[encrypted_data.sealed_key_len];
-    memcpy(encrypted_data.sealed_key, sealing_key_manager.sealed_seed, encrypted_data.sealed_key_len);
-
 }
 
 int SGX_CDECL main(int argc, char *argv[])
@@ -362,14 +357,21 @@ int SGX_CDECL main(int argc, char *argv[])
             }
 
             // new encryption scheme
-            chacha20_poly1305_encrypted_data encrypted_data;
-            initialize_encrypted_data(encrypted_data, sizeof(secp256k1_keypair), sealing_key_manager);
+            /* chacha20_poly1305_encrypted_data encrypted_data;
+            initialize_encrypted_data(encrypted_data, sizeof(secp256k1_keypair));
 
             size_t server_pubkey_size2 = 33; // serialized compressed public keys are 33-byte array
             unsigned char server_pubkey2[server_pubkey_size2];
 
             sgx_status_t ecall_ret2;
-            generate_new_keypair2(enclave_id, &ecall_ret2, server_pubkey2, server_pubkey_size2, &encrypted_data);
+            generate_new_keypair2(enclave_id, &ecall_ret2, 
+                server_pubkey2, server_pubkey_size2, 
+                sealing_key_manager.sealed_seed, sealing_key_manager.sealed_seed_size,
+                &encrypted_data);
+
+            std::string error_message2;
+            db_manager::save_generated_public_key(encrypted_data, server_pubkey2, server_pubkey_size2, statechain_id, error_message2);
+            */
 
             auto server_seckey_hex = key_to_string(server_pubkey, server_pubkey_size);
 

diff --git a/enclave/App/database/db_manager.cpp b/enclave/App/database/db_manager.cpp
@@ -2,6 +2,8 @@
 
 #include "../Enclave_u.h"
 #include "../lib/toml.hpp"
+#include "../../utils/strencodings.h"
+#include <iostream>
 #include <string>
 #include <pqxx/pqxx>
 
@@ -98,8 +100,64 @@ namespace db_manager {
 
     } // get_sealed_seed
 
+    // Assumes the buffer is large enough. In a real application, ensure buffer safety.
+    void serialize(const chacha20_poly1305_encrypted_data* src, unsigned char* buffer, size_t* serialized_len) {
+        // Copy `data_len`, `nonce`, and `mac` directly
+        size_t offset = 0;
+        memcpy(buffer + offset, &src->data_len, sizeof(src->data_len));
+        offset += sizeof(src->data_len);
+
+        memcpy(buffer + offset, src->nonce, sizeof(src->nonce));
+        offset += sizeof(src->nonce);
+
+        memcpy(buffer + offset, src->mac, sizeof(src->mac));
+        offset += sizeof(src->mac);
+
+        // Now copy dynamic `data`
+        memcpy(buffer + offset, src->data, src->data_len);
+        offset += src->data_len;
+
+        *serialized_len = offset;
+    }
+
+    // Returns a newly allocated structure that must be freed by the caller.
+    bool deserialize(const unsigned char* buffer, size_t serialized_len, chacha20_poly1305_encrypted_data* dest) {
+
+        // chacha20_poly1305_encrypted_data* dest = new chacha20_poly1305_encrypted_data;
+        // if (!dest) return NULL;
+
+        if (!dest) return false;
+
+        size_t offset = 0;
+        memcpy(&dest->data_len, buffer + offset, sizeof(dest->data_len));
+        offset += sizeof(dest->data_len);
+
+        memcpy(dest->nonce, buffer + offset, sizeof(dest->nonce));
+        offset += sizeof(dest->nonce);
+
+        memcpy(dest->mac, buffer + offset, sizeof(dest->mac));
+        offset += sizeof(dest->mac);
+
+        dest->data = new unsigned char[dest->data_len];
+        if (!dest->data) {
+            return false; // NULL;
+        }
+        memcpy(dest->data, buffer + offset, dest->data_len);
+        // offset += dest->data_len; // Not needed unless you're reading more data after this
+
+        // return dest;
+        return true;
+    }
+
+    void print_encrypted_data(const chacha20_poly1305_encrypted_data* data) {
+        std::cout << "data_len: " << data->data_len << std::endl;
+        std::cout << "nonce: " << key_to_string(data->nonce, sizeof(data->nonce)) << std::endl;
+        std::cout << "mac: " << key_to_string(data->mac, sizeof(data->mac)) << std::endl;
+        std::cout << "data: " << key_to_string(data->data, data->data_len) << std::endl;
+    }
+
     bool save_generated_public_key(
-        chacha20_poly1305_encrypted_data& encrypted_data, 
+        const chacha20_poly1305_encrypted_data& encrypted_keypair, 
         unsigned char* server_public_key, size_t server_public_key_size,
         std::string& statechain_id,
         std::string& error_message) {
@@ -126,6 +184,50 @@ namespace db_manager {
                     txn.exec(create_table_query);
                     txn.commit();
 
+
+                    size_t serialized_len = 0;
+
+                    size_t bufferSize = sizeof(encrypted_keypair.data_len) + sizeof(encrypted_keypair.nonce) + sizeof(encrypted_keypair.mac) + encrypted_keypair.data_len;
+                    unsigned char* buffer = (unsigned char*) malloc(bufferSize);
+
+                    if (!buffer) {
+                        error_message = "Failed to allocate memory for serialization!";
+                        return false;
+                    }
+
+                    serialize(&encrypted_keypair, buffer, &serialized_len);
+                    assert(serialized_len == bufferSize);
+
+                    /* auto buffer_hex = key_to_string(buffer, serialized_len);
+
+                    std::cout << "---- " << std::endl;
+                    print_encrypted_data(&encrypted_keypair);
+                    std::cout << "---- " << std::endl;
+                    std::cout << "buffer: " << buffer_hex << std::endl;
+
+                    // chacha20_poly1305_encrypted_data* dest = new chacha20_poly1305_encrypted_keypair;
+                    auto dest = std::make_unique<chacha20_poly1305_encrypted_data>();
+                    bool res = deserialize(buffer, serialized_len, dest.get());
+
+                    std::cout << "---- " << std::endl;
+                    std::cout << "res: " << res << std::endl;
+                    print_encrypted_data(dest.get());
+
+                    free(buffer); */
+
+                    std::basic_string_view<std::byte> sealed_data_view(reinterpret_cast<std::byte*>(buffer), bufferSize);
+                    std::basic_string_view<std::byte> public_key_data_view(reinterpret_cast<std::byte*>(server_public_key), server_public_key_size);
+
+                    std::string insert_query =
+                        "INSERT INTO generated_public_key (sealed_keypair, public_key, statechain_id) VALUES ($1, $2, $3);";
+                    pqxx::work txn2(conn);
+
+                    txn2.exec_params(insert_query, sealed_data_view, public_key_data_view, statechain_id);
+                    txn2.commit();
+
+                    conn.close();
+                    return true;
+
                     return true;
                 } else {
                     error_message = "Failed to connect to the database!";

diff --git a/enclave/App/database/db_manager.h b/enclave/App/database/db_manager.h
@@ -13,7 +13,7 @@ namespace db_manager {
     bool get_sealed_seed(char* sealed_secret, size_t sealed_secret_size, std::string& error_message);
 
     bool save_generated_public_key(
-        chacha20_poly1305_encrypted_data& encrypted_data, 
+        const chacha20_poly1305_encrypted_data& encrypted_data, 
         unsigned char* server_public_key, size_t server_public_key_size,
         std::string& statechain_id,
         std::string& error_message);

diff --git a/enclave/Enclave/Enclave.cpp b/enclave/Enclave/Enclave.cpp
@@ -30,12 +30,13 @@ char* data_to_hex(uint8_t* in, size_t insz)
 
 void encrypt_data(
     chacha20_poly1305_encrypted_data *encrypted_data,
+    char* sealed_seed, size_t sealed_seed_len,
     uint8_t* raw_data, size_t raw_data_size)
 {
     unsigned char seed[32];
     memset(seed, 0, 32);
 
-    unseal(encrypted_data->sealed_key, encrypted_data->sealed_key_len, seed, sizeof(seed));
+    unseal(sealed_seed, sealed_seed_len, seed, sizeof(seed));
 
     // Associated data (optional, can be NULL if not used)
     uint8_t *ad = NULL;
@@ -45,11 +46,29 @@ void encrypt_data(
 
     assert(encrypted_data->data_len == raw_data_size);
     crypto_aead_lock(encrypted_data->data, encrypted_data->mac, seed, encrypted_data->nonce, ad, ad_size, raw_data, raw_data_size);
+
+    /* char* seed_hex = data_to_hex(seed, sizeof(seed));
+    ocall_print_string("seed:");
+    ocall_print_string(seed_hex);
+
+    char* mac_hex = data_to_hex(encrypted_data->mac, sizeof(encrypted_data->mac));
+    ocall_print_string("mac:");
+    ocall_print_string(mac_hex);
+
+    char* nonce_hex = data_to_hex(encrypted_data->nonce, sizeof(encrypted_data->nonce));
+    ocall_print_string("nonce:");
+    ocall_print_string(nonce_hex);
+
+    char* encrypted_hex = data_to_hex(encrypted_data->data, encrypted_data->data_len);
+    ocall_print_string("encrypted:");
+    ocall_print_string(encrypted_hex); */
+
 }
 
 sgx_status_t generate_new_keypair2(
     unsigned char *compressed_server_pubkey, 
     size_t compressed_server_pubkey_size, 
+    char* sealed_seed, size_t sealed_seed_len,
     chacha20_poly1305_encrypted_data *encrypted_data)
 {
 
@@ -88,7 +107,7 @@ sgx_status_t generate_new_keypair2(
 
     secp256k1_context_destroy(ctx);
 
-    encrypt_data(encrypted_data, server_keypair.data, sizeof(secp256k1_keypair::data));
+    encrypt_data(encrypted_data, sealed_seed, sealed_seed_len, server_keypair.data, sizeof(secp256k1_keypair::data));
 
     return ret;
 }
@@ -469,7 +488,7 @@ sgx_status_t recover_seed(
 
     uint8_t* shares[threshold];
 
-    uint32_t unsealed_data_size = key_share_data_size;
+    uint32_t unsealed_data_size = (uint32_t) key_share_data_size;
 
     for (size_t i = 0; i < num_key_shares; ++i) {
         shares[i] = new uint8_t[key_share_data_size];

diff --git a/enclave/Enclave/Enclave.edl b/enclave/Enclave/Enclave.edl
@@ -13,15 +13,14 @@ enclave {
         [size=data_len] unsigned char* data;
         unsigned char nonce[24];
         unsigned char mac[16];
-        size_t sealed_key_len;
-        [size=sealed_key_len] char* sealed_key;
     };
 
     trusted {
 
         public sgx_status_t generate_new_keypair2(
             [out, size=compressed_server_pubkey_size] unsigned char *compressed_server_pubkey, 
             size_t compressed_server_pubkey_size, 
+            [in, size=sealed_seed_len] char* sealed_seed, size_t sealed_seed_len,
             [in, out] struct chacha20_poly1305_encrypted_data* encrypted_data);
 
         public sgx_status_t generate_new_keypair(