Merge branch 'develop' into bug/SKALE-3481-nightly

.github/workflows/dockerimage.yml

 name: Build, test and push SGX container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+      - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+        run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
       - uses: actions/checkout@v1
@@ -15,7 +19,10 @@ jobs:
       - name: build
         run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA}
       - name: deploy docker image
-        if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+        if: |
+          contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+          contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
         run : |
           export BRANCH=${GITHUB_REF##*/}
           echo "Branch $BRANCH"
@@ -27,4 +34,4 @@ jobs:
           export RELEASE=true
           echo "::set-env name=RELEASE::$RELEASE"
           bash ./scripts/build_image.sh Dockerfile sgxwallet
-          bash ./scripts/publish_image.sh sgxwallet
+          bash ./scripts/publish_image.sh sgxwallet
\ No newline at end of file

.github/workflows/dockerimagebase.yml

 name: Build base container
 on:
+  workflow_dispatch:
   push:
     tags:
       - build_base*
@@ -10,6 +11,8 @@ jobs:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+    - name: Fail, if older Github Actions machine
+      run: cat /proc/cpuinfo | grep avx512
     - name: Login to docker
       run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
     - uses: actions/checkout@v1

.github/workflows/dockerimagerelease.yml

 name: Build, test and push release SGX container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
     runs-on: ubuntu-18.04
@@ -7,6 +9,8 @@ jobs:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+      - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+        run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
       - uses: actions/checkout@v1
@@ -15,7 +19,10 @@ jobs:
       - name: build
         run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA}
       - name: deploy docker image
-        if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+        if: |
+          contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+          contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
         run : |
           export BRANCH=${GITHUB_REF##*/}
           echo "Branch $BRANCH"

.github/workflows/dockerimagesim.yml

 name: Build, test and push sim mode container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
     runs-on: ubuntu-18.04
@@ -7,6 +9,8 @@ jobs:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+    - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+      run: cat /proc/cpuinfo | grep avx512
     - name: Check that /dev/urandom exists
       run: ls /dev/urandom
     - name: Login to docker
@@ -15,7 +19,10 @@ jobs:
     - name: submodule update
       run: git submodule update --init --recursive
     - name: build container for release
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+      if: |
+        contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+        contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+        contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
       run: |
         export BRANCH=${GITHUB_REF##*/}
         echo "Branch $BRANCH"
@@ -30,7 +37,10 @@ jobs:
     - name: test
       run: python3 scripts/docker_test.py DockerfileSimulation sgxwalletsim
     - name: deploy docker image
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+      if: |
+            contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+            contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+            contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
       run : |
         export BRANCH=${GITHUB_REF##*/}
         echo "Branch $BRANCH"

.gitmodules

@@ -16,3 +16,7 @@
 [submodule "sgx-software-enable"]
 	path = sgx-software-enable
 	url = https://github.com/intel/sgx-software-enable
+[submodule "secure_enclave/secp256k1-sgx"]
+	path = secure_enclave/secp256k1-sgx
+	url = https://github.com/bl4ck5un/secp256k1-sgx
+	branch = master

DKGCrypto.cpp

@@ -197,7 +197,7 @@ vector <vector<string>> getVerificationVectorMult(const std::string& encryptedPo
 
     vector<vector<string>> result(t);
 
-    for (size_t i = 0; i < t; ++i) {
+    for (int i = 0; i < t; ++i) {
         libff::alt_bn128_G2 current_coefficient;
         current_coefficient.X.c0 = libff::alt_bn128_Fq(verificationVector[i][0].c_str());
         current_coefficient.X.c1 = libff::alt_bn128_Fq(verificationVector[i][1].c_str());
@@ -224,7 +224,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
     CHECK_STATE(_encryptedPolyHex);
 
     vector<char> hexEncrKey(BUF_LEN, 0);
-    vector<char> errMsg1(BUF_LEN, 0);
+    vector<char> errMsg(BUF_LEN, 0);
     vector <uint8_t> encrDKGPoly(BUF_LEN, 0);
     int errStatus = 0;
     uint64_t encLen = 0;
@@ -238,10 +238,6 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
 
     READ_LOCK(sgxInitMutex);
 
-    status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
-
-    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
-
     string result;
 
     for (int i = 0; i < _n; i++) {
@@ -259,26 +255,22 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
         spdlog::debug("pubKeyB is {}", pub_keyB);
 
         sgx_status_t status = SGX_SUCCESS;
-        status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
+        status = trustedGetEncryptedSecretShare(eid, &errStatus,
+                                                errMsg.data(),
+                                                encrDKGPoly.data(), encLen,
+                                                encryptedSkey.data(), &decLen,
                                                    currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
                                                    i + 1);
 
-        HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
+        HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
-        spdlog::debug("cur_share is {}", currentShare.data());
 
         result += string(currentShare.data());
 
-        spdlog::debug("dec len is {}", decLen);
         hexEncrKey = carray2Hex(encryptedSkey.data(), decLen);
         string dhKeyName = "DKG_DH_KEY_" + _polyName + "_" + to_string(i) + ":";
 
-        spdlog::debug("hexEncr DH Key: { }", hexEncrKey.data());
-        spdlog::debug("name to write to db is {}", dhKeyName);
-
         string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
-        spdlog::debug("name to write to db is {}", shareG2_name);
-        spdlog::debug("s_shareG2: {}", sShareG2.data());
 
         SGXWalletServer::writeDataToDB(dhKeyName, hexEncrKey.data());
         SGXWalletServer::writeDataToDB(shareG2_name, sShareG2.data());

SEKManager.cpp

@@ -205,11 +205,17 @@ void gen_SEK() {
 
 }
 
-void  reinitEnclave() {
-    // unfortunately process needs to be restarted to reinit enclave
-    // exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the
-    // wallet
-    exit(3);
+
+static std::atomic<int> isSgxWalletExiting(0);
+
+void  safeExit() {
+
+    // this is to make sure exit is only called once if called from multiple threads
+
+    auto previousValue = isSgxWalletExiting.exchange(1);
+
+    if (previousValue != 1)
+        exit(3);
 }
 
 void setSEK(shared_ptr <string> hex_encrypted_SEK) {

SEKManager.h

@@ -47,7 +47,8 @@ EXTERNC void initSEK();
 
 EXTERNC void setSEK();
 
-EXTERNC void reinitEnclave();
+EXTERNC void safeExit();
+
 
 
 

SGXWalletServer.cpp

@@ -111,6 +111,14 @@ void SGXWalletServer::printDB() {
     LevelDB::getLevelDb()->visitKeys(&v, 100000000);
 }
 
+
+#ifdef SGX_HW_SIM
+#define NUM_THREADS 16
+#else
+#define NUM_THREADS 64
+#endif
+
+
 int SGXWalletServer::initHttpsServer(bool _checkCerts) {
     spdlog::info("Entering {}", __FUNCTION__);
     string rootCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
@@ -147,14 +155,9 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
     }
 
 
-    int numThreads = 64;
+    httpServer = make_shared<HttpServer>(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts,
+                                         NUM_THREADS);
 
-#if SGX_MODE == SIM
-   numThreads = 16; 
-#endif
-
-
-    httpServer = make_shared<HttpServer>(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts, numThreads);
     server = make_shared<SGXWalletServer>(*httpServer,
                                           JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 
@@ -169,7 +172,8 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
 
 int SGXWalletServer::initHttpServer() { //without ssl
     spdlog::info("Entering {}", __FUNCTION__);
-    httpServer = make_shared<HttpServer>(BASE_PORT + 3);
+    httpServer = make_shared<HttpServer>(BASE_PORT + 3, "", "", "", false,
+                                         NUM_THREADS);
     server = make_shared<SGXWalletServer>(*httpServer,
                                           JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
     if (!server->StartListening()) {
@@ -275,25 +279,25 @@ Json::Value SGXWalletServer::importECDSAKeyImpl(const string &_keyShare,
     result["encryptedKey"] = "";
 
     try {
-      if (!checkECDSAKeyName(_keyShareName)) {
-          throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
-      }
+        if (!checkECDSAKeyName(_keyShareName)) {
+            throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
+        }
 
-      string hashTmp = _keyShare;
-      if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
-          hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
-      }
+        string hashTmp = _keyShare;
+        if (hashTmp[0] == '0' && (hashTmp[1] == 'x' || hashTmp[1] == 'X')) {
+            hashTmp.erase(hashTmp.begin(), hashTmp.begin() + 2);
+        }
 
-      if (!checkHex(hashTmp)) {
-          throw SGXException(INVALID_HEX, "Invalid ECDSA key share, please use hex");
-      }
+        if (!checkHex(hashTmp)) {
+            throw SGXException(INVALID_HEX, "Invalid ECDSA key share, please use hex");
+        }
 
-      string encryptedKey = encryptECDSAKey(hashTmp);
+        string encryptedKey = encryptECDSAKey(hashTmp);
 
-      writeDataToDB(_keyShareName, encryptedKey);
+        writeDataToDB(_keyShareName, encryptedKey);
 
-      result["encryptedKey"] = encryptedKey;
-      result["publicKey"] = getECDSAPubKey(encryptedKey);
+        result["encryptedKey"] = encryptedKey;
+        result["publicKey"] = getECDSAPubKey(encryptedKey);
     } HANDLE_SGX_EXCEPTION(result)
 
     RETURN_SUCCESS(result);
@@ -580,7 +584,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
     RETURN_SUCCESS(result);
 }
 
-Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& publicShares, int t, int n) {
+Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value &publicShares, int t, int n) {
     spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
@@ -607,14 +611,14 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu
             }
         }
 
-        vector<string> public_shares(n);
+        vector <string> public_shares(n);
         for (int i = 0; i < n; ++i) {
             public_shares[i] = publicShares[i].asString();
         }
 
-        vector<string> public_keys = calculateAllBlsPublicKeys(public_shares);
+        vector <string> public_keys = calculateAllBlsPublicKeys(public_shares);
 
-        if (public_keys.size() != (uint64_t)n) {
+        if (public_keys.size() != (uint64_t) n) {
             throw SGXException(UNKNOWN_ERROR, "");
         }
 
@@ -654,12 +658,12 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
             }
         }
 
-       for (int i = 0; i < _n; i++) {
+        for (int i = 0; i < _n; i++) {
            string name = _polyName + "_" + to_string(i) + ":";
            LevelDB::getLevelDb()->deleteDHDKGKey(name);
            string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
            LevelDB::getLevelDb()->deleteKey(shareG2_name);
-       }
+        }
         LevelDB::getLevelDb()->deleteKey(_polyName);
 
         string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;
@@ -762,11 +766,11 @@ Json::Value SGXWalletServer::getBLSPublicKeyShare(const string &blsKeyName) {
     return getBLSPublicKeyShareImpl(blsKeyName);
 }
 
-Json::Value SGXWalletServer::calculateAllBLSPublicKeys(const Json::Value& publicShares, int t, int n) {
+Json::Value SGXWalletServer::calculateAllBLSPublicKeys(const Json::Value &publicShares, int t, int n) {
     return calculateAllBLSPublicKeysImpl(publicShares, t, n);
 }
 
-Json::Value SGXWalletServer::importECDSAKey(const std::string& keyShare, const std::string& keyShareName) {
+Json::Value SGXWalletServer::importECDSAKey(const std::string &keyShare, const std::string &keyShareName) {
     return importECDSAKeyImpl(keyShare, keyShareName);
 }
 
@@ -787,7 +791,8 @@ SGXWalletServer::importBLSKeyShare(const string &_keyShare, const string &_keySh
     return importBLSKeyShareImpl(_keyShare, _keyShareName);
 }
 
-Json::Value SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n) {
+Json::Value
+SGXWalletServer::blsSignMessageHash(const string &_keyShareName, const string &_messageHash, int _t, int _n) {
     return blsSignMessageHashImpl(_keyShareName, _messageHash, _t, _n);
 }
 

VERSION

-1.58.6
+1.58.7
\ No newline at end of file

common.h

@@ -101,7 +101,7 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
 extern std::shared_timed_mutex sgxInitMutex;
 extern uint64_t initTime;
 
-#if SGX_MODE == SIM
+#ifdef SGX_HW_SIM
 #define ENCLAVE_RESTART_PERIOD_S 5
 #else
 #define ENCLAVE_RESTART_PERIOD_S 60 * 10

secure_enclave/EnclaveCommon.cpp

@@ -82,8 +82,8 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
 
     try {
         _fq->as_bigint().to_mpz(t);
-        char *tmp = mpz_get_str(arr, 10, t);
-        ret = new string(tmp);
+        mpz_get_str(arr, 10, t);
+        ret = new string(arr);
     } catch (exception &e) {
         LOG_ERROR(e.what());
         goto clean;
@@ -107,13 +107,13 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
     try {
         _g1->to_affine_coordinates();
 
-        auto sX = stringFromFq(&_g1->X);
+        sX = stringFromFq(&_g1->X);
 
         if (!sX) {
             goto clean;
         }
 
-        auto sY = stringFromFq(&_g1->Y);
+        sY = stringFromFq(&_g1->Y);
 
         if (!sY) {
             goto clean;
@@ -131,8 +131,8 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
 
     clean:
 
-    SAFE_FREE(sX);
-    SAFE_FREE(sY);
+    SAFE_DELETE(sX);
+    SAFE_DELETE(sY);
 
     return ret;
 
@@ -226,7 +226,7 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
     }
 
     try {
-        auto key = keyFromString(_keyString);
+        key = keyFromString(_keyString);
 
         if (!key) {
             LOG_ERROR("Null key");
@@ -243,13 +243,13 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
 
         sign.to_affine_coordinates();
 
-        auto r = stringFromG1(&sign);
+        r = stringFromG1(&sign);
 
         memset(sig, 0, BUF_LEN);
 
         strncpy(sig, r->c_str(), BUF_LEN);
 
-        ret =  true;
+        ret = true;
 
     } catch (exception &e) {
         LOG_ERROR(e.what());

secp256k1-sgx @ 5f235e8e

+Subproject commit 5f235e8e9e821cd972c4a57afdfe47a7fe83acd0

secure_enclave/secure_enclave.c

@@ -163,7 +163,7 @@ void trustedEnclaveInit(uint64_t _logLevel) {
     LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!");
 #endif
 
-#if SGX_MODE == SIM
+#ifdef SGX_HW_SIM
     LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE SIMULATION MODE! NEVER USE IN PRODUCTION!");
 #endif
 
@@ -847,10 +847,14 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
     LOG_INFO("SGX call completed");
 }
 
-void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
+
+void trustedGetEncryptedSecretShare(int *errStatus, char *errString,
+                                    uint8_t *_encrypted_poly,  uint64_t _enc_len,
+                                    uint8_t *encrypted_skey, uint64_t *dec_len,
                                        char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
                                        uint8_t ind) {
 
+
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
@@ -864,6 +868,11 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
 
     LOG_DEBUG(__FUNCTION__);
 
+    trustedSetEncryptedDkgPoly(&status, errString, _encrypted_poly, _enc_len);
+
+    CHECK_STATUS2("trustedSetEncryptedDkgPoly failed with status %d ");
+
+
     SAFE_CHAR_BUF(skey, BUF_LEN);
 
     SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
@@ -1118,8 +1127,6 @@ trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKe
     uint8_t type = 0;
     uint8_t exportable = 0;
 
-
-
     int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN,
                              &type, &exportable);
 

secure_enclave/secure_enclave.edl

@@ -88,15 +88,15 @@ enclave {
                                 [out, count = 3072] uint8_t* decrypted_dkg_secret
                                 );
 
-        public void trustedSetEncryptedDkgPoly(
-                                [out] int *errStatus,
-                                [out, count = SMALL_BUF_SIZE] char* err_string,
-                                [in, count = 3050] uint8_t* encrypted_poly,
-                                uint64_t enc_len);
+
+
+
 
         public void trustedGetEncryptedSecretShare(
                                 [out]int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char *err_string,
+                                [in, count = 3050] uint8_t* encrypted_poly,
+                                uint64_t enc_len,
                                 [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
                                 [out] uint64_t* dec_len,
                                 [out, count = 193] char* result_str,

sgxwallet_common.h

@@ -121,8 +121,8 @@ READ_LOCK(sgxInitMutex);
 } \
 if (status != SGX_SUCCESS || errStatus == 3) { \
 spdlog::error(__FUNCTION__);                   \
-spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus);                    \
-reinitEnclave(); \
+spdlog::error("Exiting sgx on status errStatus... {} {}", status, errStatus);                    \
+safeExit(); \
 } \
 } while ((status != SGX_SUCCESS || errStatus == 3) && __ATTEMPTS__ < 2);
 
@@ -133,10 +133,9 @@ reinitEnclave(); \
 if (status != SGX_SUCCESS || *errStatus == 3) { \
 spdlog::error(__FUNCTION__);\
 spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus);                            \
-reinitEnclave(); \
+safeExit(); \
 } \
 } while ((status != SGX_SUCCESS || *errStatus == 3) && __ATTEMPTS__ < 2);
 
 
-
 #endif //SGXWALLET_SGXWALLET_COMMON_H

testw.cpp

@@ -370,20 +370,15 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
     REQUIRE(status == SGX_SUCCESS);
     REQUIRE(errStatus == SGX_SUCCESS);
 
-    uint64_t enc_len = encLen;
-
-    PRINT_SRC_LINE
-    status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
-    REQUIRE(status == SGX_SUCCESS);
-    REQUIRE(errStatus == SGX_SUCCESS);
-
     vector <uint8_t> encrPRDHKey(BUF_LEN, 0);
 
     string pub_keyB = SAMPLE_PUBLIC_KEY_B;
 
     vector<char> s_shareG2(BUF_LEN, 0);
     PRINT_SRC_LINE
-    status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
+    status = trustedGetEncryptedSecretShare(eid, &errStatus,errMsg.data(),
+                                            encryptedDKGSecret.data(), encLen,
+                                            encrPRDHKey.data(), &encLen,
                                                result.data(),
                                                s_shareG2.data(),
                                                (char *) pub_keyB.data(), 2, 2, 1);
@@ -779,8 +774,8 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
     status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
 
     REQUIRE(status == 0);
-    REQUIRE(errStatus == 0);
     REQUIRE(key.compare(decr_key.data()) == 0);
+    REQUIRE(errStatus == 0);
 }
 
 

testw.h

@@ -31,7 +31,7 @@
 #define SAMPLE_KEY_NAME "tmp_NEK:8abc8e8280fb060988b65da4b8cb00779a1e816ec42f8a40ae2daa520e484a01"
 #define SAMPLE_AES_KEY "123456789"
 
-#define SAMPLE_POLY_NAME  "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
+#define SAMPLE_POLY_NAME "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
 #define RPC_ENDPOINT  "http://localhost:1029"
 #define SAMPLE_PUBLIC_KEY_B "c0152c48bf640449236036075d65898fded1e242c00acb45519ad5f788ea7cbf9a5df1559e7fc87932eee5478b1b9023de19df654395574a690843988c3ff475"