SKALE-3213-improve-error-handling

BLSCrypto.cpp

@@ -233,15 +233,16 @@ bool bls_sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
 string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key) {
     auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
     auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
-    auto errMsg = make_shared<vector<char>>(BUF_LEN, 0);
+
+    vector<char> errMsg(BUF_LEN, 0);
 
     strncpy(keyArray->data(), _key, BUF_LEN);
-    *errStatus = -1;
+    *errStatus = 0;
     unsigned int encryptedLen = 0;
 
-    status = trustedEncryptKeyAES(eid, errStatus, errMsg->data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
+    sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
 
-    HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg->data());
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
 
     string result(2 * BUF_LEN, '\0');
 

BLSPrivateKeyShareSGX.cpp

@@ -124,8 +124,8 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
   }
 
 
-  char errMsg[BUF_LEN];
-  memset(errMsg, 0, BUF_LEN);
+  vector<char> errMsg(BUF_LEN, 0);
+
 
   char xStrArg[BUF_LEN];
   char yStrArg[BUF_LEN];
@@ -152,10 +152,10 @@ std::string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
   }
 
   sgx_status_t status =
-      trustedBlsSignMessageAES(eid, &errStatus, errMsg, encryptedKey,
+      trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
                        encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
 
-  HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg );
+  HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data() );
 
 
   int sigLen;

DKGCrypto.cpp

@@ -139,19 +139,8 @@ string gen_dkg_poly(int _t) {
 
     uint32_t enc_len = 0;
 
-    status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
-
-    if (errStatus != 0) {
-        spdlog::debug("trustedGenDkgSecret, status {}", errStatus, " err msg ", errMsg.data());
-        spdlog::debug("in DKGCrypto encr len is {}", enc_len);
-        throw SGXException(-666, errMsg.data());
-    }
-
-    if (status != 0) {
-        spdlog::debug("trustedGenDkgSecret, status {}", status, " err msg ", errMsg.data());
-        spdlog::debug("in DKGCrypto encr len is {}", enc_len);
-        throw SGXException(-666, errMsg.data());
-    }
+    sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     uint64_t length = enc_len;;
 
@@ -180,25 +169,11 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    spdlog::debug("hex_encr_poly length is {}", strlen(encryptedPolyHex));
-    spdlog::debug("enc len {}", encLen);
 
-    status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
-                                       pubShares.data(), t, n);
 
-    if (errStatus != 0) {
-        throw SGXException(-666, errMsg.data());
-    }
-
-    if (status != 0) {
-        throw SGXException(-666, errMsg.data());
-    }
-
-    spdlog::debug("err msg is {}", errMsg.data());
-
-    spdlog::debug("public_shares:");
-    spdlog::debug("{}", pubShares.data());;
-    spdlog::debug("trustedGetPublicShares status: {}", errStatus);
+    sgx_status_t status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
+                                       pubShares.data(), t, n);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     vector <string> g2Strings = splitString(pubShares.data(), ',');
     vector <vector<string>> pubSharesVect;
@@ -211,7 +186,7 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int
 }
 
 string
-trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector <string> &_publicKeys,
+getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector <string> &_publicKeys,
                        int _t,
                        int _n) {
     vector<char> hexEncrKey(BUF_LEN, 0);
@@ -225,11 +200,8 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
-
-    if (status != SGX_SUCCESS || errStatus != 0) {
-        throw SGXException(-666, errMsg1.data());
-    }
+    sgx_status_t status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     string result;
 
@@ -247,12 +219,9 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c
 
         spdlog::debug("pubKeyB is {}", pub_keyB);
 
-        trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
+        sgx_status_t status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
                                           currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
-
-        if (errStatus != 0) {
-            throw SGXException(-666, errMsg1.data());
-        }
+        HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
         spdlog::debug("cur_share is {}", currentShare.data());
 
@@ -272,7 +241,7 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c
 
         SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());
 
-        spdlog::debug("errMsg: {}", errMsg1.data());
+
     }
 
     return result;
@@ -280,7 +249,7 @@ trustedGetSecretShares(const string &_polyName, const char *_encryptedPolyHex, c
 
 bool
 verifyShares(const char *publicShares, const char *encr_sshare, const char *encryptedKeyHex, int t, int n, int ind) {
-    char errMsg[BUF_LEN];
+    vector<char> errMsg(BUF_LEN, 0);
     int errStatus = 0;
 
     uint64_t decKeyLen;
@@ -297,10 +266,9 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
     memset(pshares, 0, 8193);
     strncpy(pshares, publicShares, strlen(publicShares));
 
-    sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg, pshares, encr_sshare, encr_key, decKeyLen, t,
+    sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
                                               ind, &result);
-
-    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     if (result == 2) {
         throw SGXException(INVALID_HEX, "Invalid public shares");
@@ -310,9 +278,8 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
 }
 
 bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *encryptedKeyHex) {
-    spdlog::debug("ENTER createBLSShare");
 
-    char errMsg[BUF_LEN];
+    vector<char> errMsg(BUF_LEN,0);
     int errStatus = 0;
 
     uint64_t decKeyLen;
@@ -326,10 +293,10 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
 
     uint32_t enc_bls_len = 0;
 
-    sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg, s_shares, encr_key, decKeyLen, encr_bls_key,
+    sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
                                                  &enc_bls_len);
 
-    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     char hexBLSKey[2 * BUF_LEN];
 
@@ -342,8 +309,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
 }
 
 vector <string> getBLSPubKey(const char *encryptedKeyHex) {
-    char errMsg1[BUF_LEN];
-
+    vector<char> errMsg1(BUF_LEN, 0);
     int errStatus = 0;
 
     uint64_t decKeyLen;
@@ -354,11 +320,11 @@ vector <string> getBLSPubKey(const char *encryptedKeyHex) {
 
     char pubKey[320];
 
-    trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1, encrKey, decKeyLen, pubKey);
+    sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     vector <string> pubKeyVect = splitString(pubKey, ':');
 
-    spdlog::debug("errMsg1 is {}", errMsg1);
     spdlog::debug("pub key is ");
     for (int i = 0; i < 4; i++)
         spdlog::debug("{}", pubKeyVect.at(i));
@@ -436,11 +402,8 @@ string decryptDHKey(const string &polyName, int ind) {
 
     char DHKey[ECDSA_SKEY_LEN];
 
-    trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
-
-    if (errStatus != 0) {
-        throw SGXException(errStatus, "decrypt key failed in enclave");
-    }
+    sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     return DHKey;
 }

DKGCrypto.h

@@ -37,7 +37,7 @@ vector <vector<string>> get_verif_vect(const char* encryptedPolyHex, int t, int
 
 vector<string> splitString(const char* coeffs, const char symbol);
 
-string trustedGetSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
+string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
 
 bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
 

ECDSACrypto.cpp

@@ -56,14 +56,12 @@ vector <string> genECDSAKey() {
 
     uint32_t enc_len = 0;
 
-    status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
+    sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
                                         errMsg.data(), encr_pr_key.data(), &enc_len,
                                         pub_key_x.data(), pub_key_y.data());
 
-    if (status != SGX_SUCCESS || errStatus != 0) {
-        spdlog::error("RPCException thrown with status {}", status);
-        throw SGXException(status, errMsg.data());
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
+
     vector <string> keys(3);
 
     vector<char> hexEncrKey(BUF_LEN * 2, 0);
@@ -99,18 +97,11 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
+    sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
                                          errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
 
-    if (errStatus != 0) {
-        spdlog::error("failed to get ECDSA public key {}", status);
-        throw SGXException(-666, errMsg.data());
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
 
-    if (status != SGX_SUCCESS) {
-        spdlog::error("failed to get ECDSA public key {}", status);
-        throw SGXException(666, "failed to get ECDSA public key");
-    }
     string pubKey = string(pubKeyX.data()) + string(pubKeyY.data());
 
     if (pubKey.size() != 128) {
@@ -182,22 +173,16 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    status = trustedEcdsaSignAES(eid, &errStatus,
+    sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus,
             errMsg.data(), encryptedKey.data(), decLen, hashHex,
                                  signatureR.data(),
                                  signatureS.data(), &signatureV, base);
 
-    if (errStatus != 0) {
-        spdlog::error("failed to sign {}", errStatus);
-        throw SGXException(666, errMsg.data());
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
-    if (status != SGX_SUCCESS) {
-        spdlog::error("failed to sign in enclave {}", status);
-        throw SGXException(666, "failed to sign");
-    }
 
     signatureVector.at(0) = to_string(signatureV);
+
     if (base == 16) {
         signatureVector.at(1) = "0x" + string(signatureR.data());
         signatureVector.at(2) = "0x" + string(signatureS.data());

SEKManager.cpp

@@ -59,16 +59,9 @@ void create_test_key() {
 
     string key = TEST_VALUE;
 
-    status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
-    if (status != SGX_SUCCESS) {
-        cerr << "encrypt test key failed with status " << status << endl;
-        throw SGXException(status, errMsg.data());
-    }
+    sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
 
-    if (errStatus != 0) {
-        cerr << "encrypt test key failed with status " << errStatus << endl;
-        throw SGXException(errStatus, errMsg.data());
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
@@ -101,24 +94,14 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
 
     uint32_t l = len;
 
-    status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
+    sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
 
-    if (status != SGX_SUCCESS) {
-        spdlog::error("trustedSetSEK_backup failed with error code {}", status);
-        exit(-1);
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
-    if (err_status != 0) {
-        spdlog::error("trustedSetSEK_backup failed with error status {}", status);
-        exit(-1);
-    }
 
     status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
-    if (status != SGX_SUCCESS || err_status != 0) {
-        spdlog::error("Failed to decrypt test key");
-        spdlog::error(errMsg.data());
-        exit(-1);
-    }
+
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
     string test_key = TEST_VALUE;
     if (test_key.compare(decr_key.data()) != 0) {
@@ -142,15 +125,10 @@ void gen_SEK() {
 
     spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
 
-    status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+    sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
 
-    if (status != SGX_SUCCESS) {
-        throw SGXException(status, errMsg.data());
-    }
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
-    if (err_status != 0) {
-        throw SGXException(err_status, errMsg.data());
-    }
 
     if (strnlen(SEK, 33) != 32) {
         throw SGXException(-1, "strnlen(SEK,33) != 32");
@@ -187,7 +165,7 @@ void gen_SEK() {
     create_test_key();
 }
 
-void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
+void setSEK(shared_ptr <string> hex_encrypted_SEK) {
     vector<char> errMsg(1024, 0);
     int err_status = 0;
 
@@ -200,16 +178,10 @@ void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
         throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
     }
 
-    status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
-    if (status != SGX_SUCCESS) {
-        cerr << "RPCException thrown" << endl;
-        throw SGXException(status, errMsg.data());
-    }
+    sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+
+    HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
-    if (err_status != 0) {
-        cerr << "RPCException thrown" << endl;
-        throw SGXException(err_status, errMsg.data());
-    }
 }
 
 #include "experimental/filesystem"
@@ -274,7 +246,7 @@ void initSEK() {
             spdlog::warn("SEK was not created yet. Going to create SEK");
             gen_SEK();
         } else {
-            trustedSetSEK(encrypted_SEK_ptr);
+            setSEK(encrypted_SEK_ptr);
         }
     }
 }

SEKManager.h

@@ -32,7 +32,7 @@
 void gen_SEK();
 
 #ifdef __cplusplus
-void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK);
+void setSEK(std::shared_ptr<std::string> hex_encr_SEK);
 #endif
 
 #ifdef __cplusplus

SGXWalletServer.cpp

@@ -425,7 +425,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
             pubKeysStrs.push_back(_pubKeys[i].asString());
         }
 
-        string s = trustedGetSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
+        string s = getSecretShares(_polyName, encrPoly->c_str(), pubKeysStrs, _t, _n);
         result["secretShare"] = s;
         result["SecretShare"] = s;
     } HANDLE_SGX_EXCEPTION(result)

ServerInit.cpp

@@ -81,7 +81,7 @@ void initEnclave(uint32_t _logLevel) {
 
     spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
 
-    status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
+    sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
                                        &updated, &eid, 0);
 
     if (status != SGX_SUCCESS) {
@@ -97,6 +97,7 @@ void initEnclave(uint32_t _logLevel) {
     spdlog::info("Enclave created and started successfully");
 
     status = trustedEnclaveInit(eid, _logLevel);
+
     if (status != SGX_SUCCESS) {
         spdlog::error("trustedEnclaveInit failed: {}", status);
         exit(1);

VERSION

-1.58.0
+1.58.1
\ No newline at end of file

sgxwallet.c

@@ -37,5 +37,4 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 sgx_launch_token_t token = {0};
 sgx_enclave_id_t eid;
-sgx_status_t status;
 int updated;

sgxwallet.h

@@ -47,7 +47,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 extern sgx_enclave_id_t eid;
 extern int updated;
 extern sgx_launch_token_t token;
-extern sgx_status_t status;
 
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 

testw.cpp

@@ -147,9 +147,10 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes
                                      hex.data(),
                                      signatureR.data(),
                                      signatureS.data(), &signatureV, 16);
+        REQUIRE(status == SGX_SUCCESS);
+        REQUIRE(errStatus == SGX_SUCCESS);
     }
-    REQUIRE(status == SGX_SUCCESS);
-    REQUIRE(errStatus == SGX_SUCCESS);
+
 }
 
 
@@ -691,7 +692,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
 }
 
 TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
-    int errStatus = -1;
+    int errStatus = 0;
     vector<char> errMsg(BUF_LEN, 0);
     uint32_t encLen;
     string key = SAMPLE_AES_KEY;