Merge branch 'develop' of https://github.com/skalenetwork/sgxwallet into develop

Conflicts: LevelDB.h

Merge branch 'develop' of https://github.com/skalenetwork/sgxwallet into develop
Conflicts: LevelDB.h
3f465b67 · kladko · 43ccd5ad · 82824ef2 · 3f465b67 · 3f465b67
Unverified Commit 3f465b67 authored Jan 27, 2020 by kladko
57 changed files
--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@@ -20,3 +20,4 @@ jobs:
        run: docker build . --file Dockerfile --tag  skalenetwork/sgxwallet:latest
      - name: push docker image
        run:  docker push skalenetwork/sgxwallet:latest
--- a/.github/workflows/dockerimagesim.yml
+++ b/.github/workflows/dockerimagesim.yml
@@ -18,6 +18,10 @@ jobs:
      run: git submodule update --init --recursive
    - name: Build the Docker image
      run: docker build . --file DockerfileSimulation --tag  skalenetwork/sgxwalletsim:latest
+    - name: run docker image
+      run: docker run -v ${PWD}/sgx_data:/usr/src/sdk/sgx_data -d --network=host skalenetwork/sgxwalletsim:latest
+    - name: sleep and check
+      run: sleep 5; scripts/docker_test.py
    - name: push docker image
      run:  docker push skalenetwork/sgxwalletsim:latest
--- a/.gitignore
+++ b/.gitignore
 # Created by .ignore support plugin (hsz.mobi)
 .idea/
+sgx-gmp/
 gmp-build
 tgmp-build
 install-sh
@@ -13,6 +14,10 @@ secure_enclave.edl
 am--include-marker
 *.o
 aclocal.m4
+missing
+compile
+depcomp
+ltmain.sh
 secure_enclave.signed.so
 sgxgmpmath
 sgxgmppi

--- a/.gitmodules
+++ b/.gitmodules
@@ -16,3 +16,6 @@
 [submodule "sgx-software-enable"]
 	path = sgx-software-enable
 	url = https://github.com/intel/sgx-software-enable
+[submodule "github-markdown-toc"]
+	path = github-markdown-toc
+	url = https://github.com/ekalinin/github-markdown-toc.git
--- a/BLSCrypto.cpp
+++ b/BLSCrypto.cpp
@@ -51,6 +51,7 @@
 #include "RPCException.h"
 #include "spdlog/spdlog.h"
+#include "common.h"
 int char2int(char _input) {
  if (_input >= '0' && _input <= '9')
@@ -135,11 +136,11 @@ bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
 bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
    char* _sig) {
-  //std::cerr << "ENTER SIGN" << std::endl;
+  //cerr << "ENTER SIGN" << endl;
-  auto keyStr = std::make_shared<std::string>(_encryptedKeyHex);
+  auto keyStr = make_shared<string>(_encryptedKeyHex);
-  auto hash = std::make_shared<std::array<uint8_t, 32>>();
+  auto hash = make_shared<array<uint8_t, 32>>();
  uint64_t binLen;
@@ -150,9 +151,9 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
-  auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
+  auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
-  //std::cerr << "keyShare created" << std::endl;
+  //cerr << "keyShare created" << endl;
 // {
    auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
 // }
@@ -161,14 +162,14 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
  strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
-  //std::string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
+  //string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
  //strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
- // std::string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
+ // string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
- // auto sig_ptr = std::make_shared<std::string>(test_sig);
+ // auto sig_ptr = make_shared<string>(test_sig);
 // strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
-  //std::cerr<< "sig " << _sig <<std::endl;
+  //cerr<< "sig " << _sig <<endl;
  return true;
@@ -185,10 +186,12 @@ char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key)
    unsigned int encryptedLen = 0;
-    status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
+    //status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
+    status = encrypt_key_aes(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
    if (DEBUG_PRINT) {
-      spdlog::info("errStatus is {}",*errStatus, " errMsg is ", errMsg );
+      spdlog::info("errStatus is {}",*errStatus);
+      spdlog::info(" errMsg is ", errMsg );
    }
    if (status != SGX_SUCCESS) {
@@ -224,7 +227,8 @@ char *decryptBLSKeyShareFromHex(int *errStatus, char *errMsg, const char *_encry
    char *plaintextKey = (char *) calloc(BUF_LEN, 1);
-    status = decrypt_key(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
+    //status = decrypt_key(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
+     status = decrypt_key_aes(eid, errStatus, errMsg, decoded, decodedLen, plaintextKey);
    if (status != SGX_SUCCESS) {
        return nullptr;

--- a/BLSPrivateKeyShareSGX.cpp
+++ b/BLSPrivateKeyShareSGX.cpp
@@ -21,7 +21,7 @@
  @date 2019
 */
-using namespace std;
 #include "BLSSigShare.h"
 #include "BLSSignature.h"
@@ -33,6 +33,7 @@ using namespace std;
 #include "BLSCrypto.h"
 #include "ServerInit.h"
+#include "common.h"
 #include "BLSPrivateKeyShareSGX.h"

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-cmake_minimum_required(VERSION 3.12)
+cmake_minimum_required(VERSION 3.15)
-project(sgxd)
+project(sgxwallet)
 set(CMAKE_CXX_STANDARD 14)
 include_directories(.)
-include_directories(libff/libff/algebra/curves/alt_bn128)
-include_directories(libff/libff/algebra/curves/bn128)
-include_directories(libff/libff/algebra/curves/edwards)
-include_directories(libff/libff/algebra/curves/mnt)
-include_directories(libff/libff/algebra/curves/mnt/mnt4)
-include_directories(libff/libff/algebra/curves/mnt/mnt6)
-include_directories(libff/libff/common/default_types)
 include_directories(secure_enclave)
+include_directories(sgx-software-enable)
+include_directories(tgmp-build)
+include_directories(tgmp-build/include)
-add_custom_target(sgxd COMMAND make all
+add_executable(sgxwallet
-        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+        secure_enclave/AESUtils.c
-        SOURCES
+        secure_enclave/AESUtils.h
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_init.hpp
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.cpp
-        libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp
-        libff/libff/algebra/curves/bn128/bn128_g1.cpp
-        libff/libff/algebra/curves/bn128/bn128_g1.hpp
-        libff/libff/algebra/curves/bn128/bn128_g2.cpp
-        libff/libff/algebra/curves/bn128/bn128_g2.hpp
-        libff/libff/algebra/curves/bn128/bn128_gt.cpp
-        libff/libff/algebra/curves/bn128/bn128_gt.hpp
-        libff/libff/algebra/curves/bn128/bn128_init.cpp
-        libff/libff/algebra/curves/bn128/bn128_init.hpp
-        libff/libff/algebra/curves/bn128/bn128_pairing.cpp
-        libff/libff/algebra/curves/bn128/bn128_pairing.hpp
-        libff/libff/algebra/curves/bn128/bn128_pp.cpp
-        libff/libff/algebra/curves/bn128/bn128_pp.hpp
-        libff/libff/algebra/curves/bn128/bn_utils.hpp
-        libff/libff/algebra/curves/bn128/bn_utils.tcc
-        libff/libff/algebra/curves/edwards/edwards_g1.cpp
-        libff/libff/algebra/curves/edwards/edwards_g1.hpp
-        libff/libff/algebra/curves/edwards/edwards_g2.cpp
-        libff/libff/algebra/curves/edwards/edwards_g2.hpp
-        libff/libff/algebra/curves/edwards/edwards_init.cpp
-        libff/libff/algebra/curves/edwards/edwards_init.hpp
-        libff/libff/algebra/curves/edwards/edwards_pairing.cpp
-        libff/libff/algebra/curves/edwards/edwards_pairing.hpp
-        libff/libff/algebra/curves/edwards/edwards_pp.cpp
-        libff/libff/algebra/curves/edwards/edwards_pp.hpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_g1.cpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_g1.hpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_g2.cpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_g2.hpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_init.hpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_pairing.cpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_pairing.hpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_pp.cpp
-        libff/libff/algebra/curves/mnt/mnt4/mnt4_pp.hpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_g1.cpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_g1.hpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_g2.cpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_g2.hpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_init.cpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_init.hpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_pairing.cpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_pairing.hpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_pp.cpp
-        libff/libff/algebra/curves/mnt/mnt6/mnt6_pp.hpp
-        libff/libff/algebra/curves/mnt/mnt46_common.cpp
-        libff/libff/algebra/curves/mnt/mnt46_common.hpp
-        libff/libff/algebra/curves/tests/test_bilinearity.cpp
-        libff/libff/algebra/curves/tests/test_groups.cpp
-        libff/libff/algebra/curves/curve_utils.hpp
-        libff/libff/algebra/curves/curve_utils.tcc
-        libff/libff/algebra/curves/public_params.hpp
-        libff/libff/algebra/exponentiation/exponentiation.hpp
-        libff/libff/algebra/exponentiation/exponentiation.tcc
-        libff/libff/algebra/fields/tests/test_fields.cpp
-        libff/libff/algebra/fields/bigint.hpp
-        libff/libff/algebra/fields/bigint.tcc
-        libff/libff/algebra/fields/field_utils.hpp
-        libff/libff/algebra/fields/field_utils.tcc
-        libff/libff/algebra/fields/fp.hpp
-        libff/libff/algebra/fields/fp.tcc
-        libff/libff/algebra/fields/fp_aux.tcc
-        libff/libff/algebra/scalar_multiplication/multiexp.hpp
-        libff/libff/algebra/scalar_multiplication/multiexp.tcc
-        libff/libff/algebra/scalar_multiplication/multiexp_profile.cpp
-        libff/libff/algebra/scalar_multiplication/wnaf.hpp
-        libff/libff/algebra/scalar_multiplication/wnaf.tcc
-        libff/libff/common/default_types/ec_pp.hpp
-        libff/libff/common/double.cpp
-        libff/libff/common/double.hpp
-        libff/libff/common/profiling.cpp
-        libff/libff/common/profiling.hpp
-        libff/libff/common/rng.hpp
-        libff/libff/common/rng.tcc
-        libff/libff/common/template_utils.hpp
-        libff/libff/common/utils.cpp
-        libff/libff/common/utils.hpp
-        libff/libff/common/utils.tcc
        secure_enclave/BLSEnclave.cpp
        secure_enclave/BLSEnclave.h
+        secure_enclave/curves.c
+        secure_enclave/curves.h
+        secure_enclave/DH_dkg.c
+        secure_enclave/DH_dkg.h
+        secure_enclave/DKGUtils.cpp
+        secure_enclave/DKGUtils.h
+        secure_enclave/domain_parameters.c
+        secure_enclave/domain_parameters.h
+        secure_enclave/enclave_common.h
+        secure_enclave/numbertheory.c
+        secure_enclave/numbertheory.h
+        secure_enclave/point.c
+        secure_enclave/point.h
        secure_enclave/secure_enclave.c
+        secure_enclave/secure_enclave.i
        secure_enclave/secure_enclave_t.c
        secure_enclave/secure_enclave_t.h
-        secure_enclave/DKGUtils.h
+        secure_enclave/signature.c
-        secure_enclave/DKGUtils.cpp
+        secure_enclave/signature.h
+        sgx-software-enable/sgx_capable.h
+        sgx-software-enable/sgx_enable.c
+        tgmp-build/include/sgx_tgmp.h
+        abstractCSRManagerServer.h
+        abstractregserver.h
+        abstractstubserver.h
+        BLSCrypto.cpp
+        BLSCrypto.h
+        BLSPrivateKeyShareSGX.cpp
+        BLSPrivateKeyShareSGX.h
+        catch.hpp
+        cert_util.cpp
+        common.h
        create_enclave.c
        create_enclave.h
+        CSRManagerServer.cpp
+        CSRManagerServer.h
+        DKGCrypto.cpp
+        DKGCrypto.h
+        ECDSACrypto.cpp
+        ECDSACrypto.h
+        LevelDB.cpp
+        LevelDB.h
        oc_alloc.c
+        RPCException.cpp
+        RPCException.h
        secure_enclave_u.c
        secure_enclave_u.h
+        SEKManager.cpp
+        SEKManager.h
+        ServerDataChecker.cpp
+        ServerDataChecker.h
+        ServerInit.cpp
+        ServerInit.h
        sgx_detect.h
        sgx_detect_linux.c
        sgx_stub.c
        sgx_stub.h
        sgx_tgmp.h
+        SGXRegistrationServer.cpp
+        SGXRegistrationServer.h
        sgxwallet.c
-        testw.cpp
+        sgxwallet.h
-        )
+        sgxwallet_common.h
+        SGXWalletServer.cpp
+        SGXWalletServer.h
+        SGXWalletServer.hpp
+        stubclient.cpp
+        stubclient.h
+        testw.cpp)
--- a/CSRManagerServer.cpp
+++ b/CSRManagerServer.cpp
@@ -12,6 +12,7 @@
 #include <jsonrpccpp/server/connectors/httpserver.h>
 #include "spdlog/spdlog.h"
+#include "common.h"
 CSRManagerServer *cs = nullptr;
@@ -22,20 +23,19 @@ CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
    serverVersion_t type):abstractCSRManagerServer(connector, type){}
-Json::Value GetUnsignedCSRsImpl(){
+Json::Value getUnsignedCSRsImpl(){
-  spdlog::info("Enter GetUnsignedCSRsImpl");
+  spdlog::info("Enter getUnsignedCSRsImpl");
  Json::Value result;
  result["status"] = 0;
  result["errorMessage"] = "";
-  //result["hashes"] =;
  try{
-    std::vector<std::string> hashes_vect = csrDb->writeKeysToVector1(MAX_CSR_NUM);
+    vector<string> hashes_vect = LevelDB::getCsrDb()->writeKeysToVector1(MAX_CSR_NUM);
-    for (int i = 0; i < hashes_vect.size(); i++){
+    for (int i = 0; i < (int) hashes_vect.size(); i++){
      result["hashes"][i] = hashes_vect.at(i);
    }
  } catch (RPCException &_e) {
-    std::cerr << " err str " << _e.errString << std::endl;
+    cerr << " err str " << _e.errString << endl;
    result["status"] = _e.status;
    result["errorMessage"] = _e.errString;
@@ -44,7 +44,7 @@ Json::Value GetUnsignedCSRsImpl(){
  return result;
 }
-Json::Value SignByHashImpl(const std::string& hash, int status){
+Json::Value signByHashImpl(const string& hash, int status){
  Json::Value result;
  result["errorMessage"] = "";
@@ -53,46 +53,46 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
      throw RPCException(-111, "Invalid csr status");
    }
-    std::string csr_db_key = "CSR:HASH:" + hash;
+    string csr_db_key = "CSR:HASH:" + hash;
-    std::shared_ptr<std::string> csr_ptr = csrDb->readString(csr_db_key);
+    shared_ptr<string> csr_ptr = LevelDB::getCsrDb()->readString(csr_db_key);
    if (csr_ptr == nullptr){
      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "HASH DOES NOT EXIST IN DB");
    }
    if (status == 0) {
-      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
+      string csr_name = "sgx_data/cert/" + hash + ".csr";
-      std::ofstream outfile(csr_name);
+      ofstream outfile(csr_name);
-      outfile << *csr_ptr << std::endl;
+      outfile << *csr_ptr << endl;
      outfile.close();
      if (access(csr_name.c_str(), F_OK) != 0) {
-        csrDb->deleteKey(csr_db_key);
+        LevelDB::getCsrDb()->deleteKey(csr_db_key);
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }
-      std::string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
+      string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
      if (system(signClientCert.c_str()) == 0) {
        spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
      } else {
        spdlog::info("CLIENT CERTIFICATE GENERATION FAILED");
-        csrDb->deleteKey(csr_db_key);
+        LevelDB::getCsrDb()->deleteKey(csr_db_key);
-        std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+        string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-        csrStatusDb->deleteKey(status_db_key);
+        LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
-        csrStatusDb->writeDataUnique(status_db_key, "-1");
+        LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, "-1");
        throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
        //exit(-1);
      }
    }
-    csrDb->deleteKey(csr_db_key);
+    LevelDB::getCsrDb()->deleteKey(csr_db_key);
-    std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+    string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-    csrStatusDb->deleteKey(status_db_key);
+    LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
-    csrStatusDb->writeDataUnique(status_db_key, std::to_string(status));
+    LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(status));
    result["status"] = status;
  } catch (RPCException &_e) {
-    std::cerr << " err str " << _e.errString << std::endl;
+    cerr << " err str " << _e.errString << endl;
    result["status"] = _e.status;
    result["errorMessage"] = _e.errString;
  }
@@ -101,14 +101,14 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
 }
-Json::Value CSRManagerServer::GetUnsignedCSRs(){
+Json::Value CSRManagerServer::getUnsignedCSRs(){
-  std::lock_guard<std::recursive_mutex> lock(m);
+  lock_guard<recursive_mutex> lock(m);
-  return GetUnsignedCSRsImpl();
+  return getUnsignedCSRsImpl();
 }
-Json::Value CSRManagerServer::SignByHash(const std::string& hash, int status){
+Json::Value CSRManagerServer::signByHash(const string& hash, int status){
-   std::lock_guard<std::recursive_mutex> lock(m);
+   lock_guard<recursive_mutex> lock(m);
-   return SignByHashImpl(hash, status);
+   return signByHashImpl(hash, status);
 }
 int init_csrmanager_server(){

--- a/CSRManagerServer.h
+++ b/CSRManagerServer.h
@@ -20,8 +20,8 @@ class CSRManagerServer : public abstractCSRManagerServer {
  CSRManagerServer(AbstractServerConnector &connector, serverVersion_t type);
-  virtual Json::Value GetUnsignedCSRs();
+  virtual Json::Value getUnsignedCSRs();
-  virtual Json::Value SignByHash(const std::string& hash, int status);
+  virtual Json::Value signByHash(const std::string& hash, int status);
 };
 extern int init_csrmanager_server();

--- a/DKGCrypto.cpp
+++ b/DKGCrypto.cpp
--- a/DKGCrypto.h
+++ b/DKGCrypto.h
@@ -39,7 +39,7 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
 std::string decrypt_DHKey(const std::string& polyName, int ind);
-bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const char * encryptedKeyHex);
+bool CreateBLSShare( const std::string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
 std::vector<std::string> GetBLSPubKey(const char * encryptedKeyHex);

--- a/Dockerfile
+++ b/Dockerfile
 FROM skalenetwork/sgxwallet_base:latest
 WORKDIR /usr/src/sdk
+COPY *.cpp ./
+COPY *.h ./
+COPY *.txt ./
+COPY *.c ./
+COPY *.am ./
+COPY *.hpp ./
+COPY *.sh ./
+COPY *.gmp ./
+COPY *.ac ./
+COPY *.json ./
+COPY docker ./docker
+COPY build-aux ./build-aux
+COPY  cert ./cert
+COPY jsonrpc ./jsonrpc
+COPY leveldb ./leveldb
+COPY m4 ./m4
+COPY scripts ./scripts
+COPY secure_enclave ./secure_enclave
+COPY spdlog ./spdlog
 RUN autoreconf -vif
@@ -12,13 +32,8 @@ RUN autoconf
 RUN ./configure
 ### RUN cd libBLS; cmake -H. -Bbuild; cmake --build build -- -j$(nproc);
 RUN make
-RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
-    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
-    make install && \
-    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
-RUN mkdir /sgx_data
+RUN mkdir /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 ENTRYPOINT ["/usr/src/sdk/start.sh"]
--- a/DockerfileBase
+++ b/DockerfileBase
@@ -48,4 +48,10 @@ RUN git clone -b sgx_2.5 --depth 1 https://github.com/intel/linux-sgx && \
 COPY configure.gmp ./
 RUN cd scripts; ./build.py
+RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
+    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
+    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
+    make install && \
+    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
--- a/DockerfileSimulation
+++ b/DockerfileSimulation
 FROM skalenetwork/sgxwallet_base:latest
 WORKDIR /usr/src/sdk
+COPY *.cpp ./
+COPY *.h ./
+COPY *.txt ./
+COPY *.c ./
+COPY *.am ./
+COPY *.hpp ./
+COPY *.sh ./
+COPY *.gmp ./
+COPY *.ac ./
+COPY *.json ./
+COPY docker ./docker
+COPY build-aux ./build-aux
+COPY  cert ./cert
+COPY jsonrpc ./jsonrpc
+COPY leveldb ./leveldb
+COPY m4 ./m4
+COPY scripts ./scripts
+COPY secure_enclave ./secure_enclave
+COPY spdlog ./spdlog
 RUN autoreconf -vif
 RUN libtoolize --force
 RUN aclocal
@@ -10,13 +30,9 @@ RUN autoconf
 RUN ./configure --enable-sgx-simulation
 ### RUN cd libBLS; cmake -H. -Bbuild; cmake --build build -- -j$(nproc);
 RUN make
-RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
-    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
-    make install && \
-    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
-RUN mkdir /sgx_data
+RUN mkdir /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 ENTRYPOINT ["/usr/src/sdk/start.sh"]
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -51,14 +51,23 @@ std::vector<std::string> gen_ecdsa_key(){
  char *pub_key_y = (char *)calloc(1024, 1);
  uint32_t enc_len = 0;
-  status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
+  if ( !is_aes)
+     status = generate_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
+  else status = generate_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, &enc_len, pub_key_x, pub_key_y );
  if ( err_status != 0 ){
    std::cerr << "RPCException thrown" << std::endl;
    throw RPCException(-666, errMsg) ;
  }
  std::vector<std::string> keys(3);
-  //std::cerr << "account key is " << errMsg << std::endl;
+  if (DEBUG_PRINT) {
-  char *hexEncrKey = (char *) calloc(2*BUF_LEN, 1);
+    std::cerr << "account key is " << errMsg << std::endl;
+    std::cerr << "enc_len is " << enc_len << std::endl;
+    std::cerr << "enc_key is "  << std::endl;
+//    for(int i = 0 ; i < 1024; i++)
+//      std::cerr << (int)encr_pr_key[i] << " " ;
+  }
+  char *hexEncrKey = (char *) calloc(BUF_LEN * 2, 1);
  carray2Hex(encr_pr_key, enc_len, hexEncrKey);
  keys.at(0) = hexEncrKey;
  keys.at(1) = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
@@ -69,6 +78,7 @@ std::vector<std::string> gen_ecdsa_key(){
  unsigned long seed = rand_gen();
  if (DEBUG_PRINT) {
    spdlog::info("seed is {}", seed);
+    std::cerr << "strlen is " << strlen(hexEncrKey) << std::endl;
  }
  gmp_randstate_t state;
  gmp_randinit_default(state);
@@ -105,26 +115,32 @@ std::string get_ecdsa_pubkey(const char* encryptedKeyHex){
  char *pub_key_y = (char *)calloc(1024, 1);
  uint64_t enc_len = 0;
-  uint8_t encr_pr_key[BUF_LEN];
+  //uint8_t encr_pr_key[BUF_LEN];
+  uint8_t* encr_pr_key = (uint8_t*)calloc(1024, 1);
  if (!hex2carray(encryptedKeyHex, &enc_len, encr_pr_key)){
    throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
  }
-  status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
+  if ( !is_aes)
+   status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
+  else status = get_public_ecdsa_key_aes(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
  if (err_status != 0){
    throw RPCException(-666, errMsg) ;
  }
  std::string pubKey = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
  if (DEBUG_PRINT) {
+    spdlog::info("enc_len is {}", enc_len);
    spdlog::info("pubkey is {}", pubKey);
    spdlog::info("pubkey length is {}", pubKey.length());
    spdlog::info("err str is {}", errMsg);
+    spdlog::info("err status is {}", err_status);
  }
  free(errMsg);
  free(pub_key_x);
  free(pub_key_y);
+  free(encr_pr_key);
  return pubKey;
 }
@@ -134,12 +150,13 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
  char *errMsg = (char *)calloc(1024, 1);
  int err_status = 0;
-  char* signature_r = (char*)malloc(1024);
+  char* signature_r = (char *)calloc(1024, 1);
-  char* signature_s = (char*)malloc(1024);
+  char* signature_s = (char *)calloc(1024, 1);
  uint8_t signature_v = 0;
  uint64_t dec_len = 0;
-  uint8_t encr_key[BUF_LEN];
+  //uint8_t encr_key[BUF_LEN];
+  uint8_t* encr_key = (uint8_t*)calloc(1024, 1);
  if (!hex2carray(encryptedKeyHex, &dec_len, encr_key)){
      throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
  }
@@ -150,7 +167,9 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
    spdlog::info("encrypted len: {}", dec_len);
  }
-  status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
+  if (!is_aes)
+   status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
+  else status = ecdsa_sign_aes(eid, &err_status, errMsg, encr_key, dec_len, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
  if ( err_status != 0){
    throw RPCException(-666, errMsg ) ;
  }
@@ -176,6 +195,7 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
  free(errMsg);
  free(signature_r);
  free(signature_s);
+  free(encr_key);
  return signature_vect;
 }
\ No newline at end of file
--- a/LevelDB.cpp
+++ b/LevelDB.cpp
@@ -37,24 +37,24 @@
 #include "ServerInit.h"
 #include "spdlog/spdlog.h"
+#include "common.h"
 using namespace leveldb;
 static WriteOptions writeOptions;
 static ReadOptions readOptions;
-LevelDB* levelDb = nullptr;
-LevelDB* csrDb = nullptr;
-LevelDB* csrStatusDb = nullptr;
-std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
+std::shared_ptr<string> LevelDB::readString(const string &_key) {
    std::lock_guard<std::recursive_mutex> lock(mutex);
-    auto result = std::make_shared<std::string>();
+    auto result = std::make_shared<string>();
    if (db == nullptr) {
        throw RPCException(NULL_DATABASE, "Null db");
@@ -75,7 +75,7 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
    return result;
 }
-void LevelDB::writeString(const std::string &_key, const std::string &_value) {
+void LevelDB::writeString(const string &_key, const string &_value) {
    std::lock_guard<std::recursive_mutex> lock(mutex);
@@ -90,11 +90,11 @@ void LevelDB::writeString(const std::string &_key, const std::string &_value) {
 }
-void LevelDB::deleteDHDKGKey (const std::string &_key) {
+void LevelDB::deleteDHDKGKey (const string &_key) {
    std::lock_guard<std::recursive_mutex> lock(mutex);
-    std::string full_key = "DKG_DH_KEY_" + _key;
+    string full_key = "DKG_DH_KEY_" + _key;
    auto status = db->Delete(writeOptions, Slice(_key));
@@ -106,11 +106,11 @@ void LevelDB::deleteDHDKGKey (const std::string &_key) {
    }
 }
-void LevelDB::deleteTempNEK(const std::string &_key){
+void LevelDB::deleteTempNEK(const string &_key){
    std::lock_guard<std::recursive_mutex> lock(mutex);
-    std::string prefix = _key.substr(0,8);
+    string prefix = _key.substr(0,8);
    if (prefix != "tmp_NEK:") {
      return;
    }
@@ -122,7 +122,7 @@ void LevelDB::deleteTempNEK(const std::string &_key){
    std::cerr << "key deleted " << _key << std::endl;
 }
-void LevelDB::deleteKey(const std::string &_key){
+void LevelDB::deleteKey(const string &_key){
    std::lock_guard<std::recursive_mutex> lock(mutex);
@@ -149,7 +149,7 @@ void LevelDB::writeByteArray(const char *_key, size_t _keyLen, const char *value
 }
-void LevelDB::writeByteArray(std::string &_key, const char *value,
+void LevelDB::writeByteArray(string &_key, const char *value,
                             size_t _valueLen) {
    std::lock_guard<std::recursive_mutex> lock(mutex);
@@ -188,13 +188,13 @@ uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVi
    return readCounter;
 }
-std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
+std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
  uint64_t readCounter = 0;
-  std::vector<std::string> keys;
+  std::vector<string> keys;
  leveldb::Iterator *it = db->NewIterator(readOptions);
  for (it->SeekToFirst(); it->Valid(); it->Next()) {
-    std::string cur_key(it->key().data(), it->key().size());
+    string cur_key(it->key().data(), it->key().size());
    keys.push_back(cur_key);
   // keys.push_back(it->key().data());
    readCounter++;
@@ -208,7 +208,7 @@ std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
  return keys;
 }
-void LevelDB::writeDataUnique(const std::string & Name, const std::string &value) {
+void LevelDB::writeDataUnique(const string & Name, const string &value) {
  auto key = Name;
@@ -226,7 +226,7 @@ void LevelDB::writeDataUnique(const std::string & Name, const std::string &value
 }
-LevelDB::LevelDB(std::string &filename) {
+LevelDB::LevelDB(string &filename) {
    leveldb::Options options;
@@ -243,9 +243,73 @@ LevelDB::LevelDB(std::string &filename) {
 }
 LevelDB::~LevelDB() {
-    if (db != nullptr)
-        delete db;
 }
+const std::shared_ptr<LevelDB> &LevelDB::getLevelDb() {
+    CHECK_STATE(levelDb)
+    return levelDb;
+}
+const std::shared_ptr<LevelDB> &LevelDB::getCsrDb() {
+    CHECK_STATE(csrDb)
+    return csrDb;
+}
+const std::shared_ptr<LevelDB> &LevelDB::getCsrStatusDb() {
+    CHECK_STATE(csrStatusDb)
+    return csrStatusDb;
+}
+std::shared_ptr<LevelDB> LevelDB::levelDb = nullptr;
+std::shared_ptr<LevelDB> LevelDB::csrDb = nullptr;
+std::shared_ptr<LevelDB> LevelDB::csrStatusDb = nullptr;
+string LevelDB::sgx_data_folder;
+bool LevelDB::isInited = false;
+void LevelDB::initDataFolderAndDBs() {
+    if (isInited)
+        return;
+    char cwd[PATH_MAX];
+    if (getcwd(cwd, sizeof(cwd)) == NULL) {
+        spdlog::error("could not get cwd");
+        exit(-1);
+    }
+    sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
+    struct stat info;
+    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
+        spdlog::info("going to create sgx_data folder");
+        std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
+        if (system(make_sgx_data_folder.c_str()) == 0){
+            spdlog::info("sgx_data folder was created");
+        }
+        else{
+            spdlog::error("creating sgx_data folder failed");
+            exit(-1);
+        }
+    }
+    auto dbName = sgx_data_folder +  WALLETDB_NAME;
+    levelDb = make_shared<LevelDB>(dbName);
+    auto csr_dbname = sgx_data_folder + "CSR_DB";
+    csrDb = make_shared<LevelDB>(csr_dbname);
+    auto csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
+    csrStatusDb = make_shared<LevelDB>(csr_status_dbname);
+}
+const string &LevelDB::getSgxDataFolder() {
+    return sgx_data_folder;
+}
--- a/LevelDB.h
+++ b/LevelDB.h
@@ -29,7 +29,7 @@
 #include <string>
 #include <mutex>
 #include <vector>
+#include "common.h"
 namespace leveldb {
    class DB;
    class Status;
@@ -38,38 +38,54 @@ namespace leveldb {
 class LevelDB {
-    std::recursive_mutex mutex;
+    recursive_mutex mutex;
+    shared_ptr<leveldb::DB> db;
+    static bool isInited;
+    static shared_ptr<LevelDB> levelDb;
+    static shared_ptr<LevelDB> csrDb;
+    static shared_ptr<LevelDB> csrStatusDb;
-    leveldb::DB* db;
+    static string sgx_data_folder;
-    extern LevelDB* levelDb;
-    extern LevelDB* csrDb;
+public:
+    static void initDataFolderAndDBs();
-    extern LevelDB* csrStatusDb;
+    static const shared_ptr<LevelDB> &getLevelDb();
+    static const shared_ptr<LevelDB> &getCsrDb();
+    static const shared_ptr<LevelDB> &getCsrStatusDb();
 public:
-    std::shared_ptr<std::string> readString(const std::string& _key);
+    shared_ptr<string> readString(const string& _key);
-    void writeString(const std::string &key1, const std::string &value1);
+    void writeString(const string &key1, const string &value1);
-    void writeDataUnique(const std::string & Name, const std::string &value);
+    void writeDataUnique(const string & Name, const string &value);
    void writeByteArray(const char *_key, size_t _keyLen, const char *value,
                        size_t _valueLen);
-    void writeByteArray(std::string& _key, const char *value,
+    void writeByteArray(string& _key, const char *value,
                        size_t _valueLen);
-    void deleteDHDKGKey (const std::string &_key);
+    void deleteDHDKGKey (const string &_key);
-    void deleteTempNEK (const std::string &_key);
+    void deleteTempNEK (const string &_key);
-    void deleteKey(const std::string &_key);
+    void deleteKey(const string &_key);
 public:
@@ -77,7 +93,7 @@ public:
    void throwExceptionOnError(leveldb::Status result);
-    LevelDB(std::string& filename);
+    LevelDB(string& filename);
@@ -85,15 +101,17 @@ public:
    class KeyVisitor {
    public:
        virtual void visitDBKey(const char* _data) = 0;
-        virtual void writeDBKeysToVector(const char* _data, std::vector<const char*> & keys_vect) {}
+        virtual void writeDBKeysToVector(const char* _data, vector<const char*> & keys_vect) {}
    };
    uint64_t visitKeys(KeyVisitor* _visitor, uint64_t _maxKeysToVisit);
-    std::vector<std::string> writeKeysToVector1(uint64_t _maxKeysToVisit);
+    vector<string> writeKeysToVector1(uint64_t _maxKeysToVisit);
    virtual ~LevelDB();
+    static const string &getSgxDataFolder();
 };

--- a/Makefile.am
+++ b/Makefile.am
@@ -67,7 +67,7 @@ COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
 sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
-DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp $(COMMON_SRC)
+DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp $(COMMON_SRC)
 nodist_sgxwallet_SOURCES = $(COMMON_ENCLAVE_SRC)
@@ -102,7 +102,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Llevel
 testw_SOURCES=testw.cpp stubclient.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp \
- DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp CSRManagerServer.cpp $(COMMON_SRC)
+ DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SEKManager.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp $(COMMON_SRC)
 nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}

--- a/README.md
+++ b/README.md
--- a/SEKManager.cpp
+++ b/SEKManager.cpp
+/*
+    Copyright (C) 2019-Present SKALE Labs
+    This file is part of sgxwallet.
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+    @file SEKManager.cpp
+    @author Stan Kladko
+    @date 2019
+*/
+#include "SEKManager.h"
+#include "RPCException.h"
+#include "BLSCrypto.h"
+#include "LevelDB.h"
+#include <iostream>
+#include "sgxwallet_common.h"
+#include "common.h"
+#include "sgxwallet.h"
+void generate_SEK(){
+  vector<char> errMsg(1024,0);
+  int err_status = 0;
+  vector<uint8_t> encr_SEK(1024, 0);
+  uint32_t enc_len = 0;
+  status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
+  if ( err_status != 0 ){
+    cerr << "RPCException thrown" << endl;
+    throw RPCException(-666, errMsg.data()) ;
+  }
+  vector<char> hexEncrKey(2*enc_len + 1, 0);
+  carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
+  cerr << "key is " << errMsg.data() << endl;
+  LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
+}
--- a/SEKManager.h
+++ b/SEKManager.h
+/*
+    Copyright (C) 2019-Present SKALE Labs
+    This file is part of sgxwallet.
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+    @file SEKManager.h
+    @author Stan Kladko
+    @date 2019
+*/
+#ifndef SGXD_SEKMANAGER_H
+#define SGXD_SEKMANAGER_H
+void generate_SEK();
+#endif //SGXD_SEKMANAGER_H
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -44,9 +44,11 @@
 #include "LevelDB.h"
 #include "spdlog/spdlog.h"
+#include "common.h"
 int DEBUG_PRINT = 0;
 int is_sgx_https = 1;
+int is_aes = 0;
 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;
@@ -63,30 +65,30 @@ SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
    : AbstractRegServer(connector, type), is_cert_created(false), cert_auto_sign(auto_sign) {}
-Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
+Json::Value signCertificateImpl(const string& csr, bool auto_sign = false){
  Json::Value result;
  result["status"] = 0;
  result["errorMessage"] = "";
  try{
-    spdlog::info("enter SignCertificateImpl");
+    spdlog::info("enter signCertificateImpl");
-    std::string status = "1";
+    string status = "1";
-    std::string hash = cryptlite::sha256::hash_hex(csr);
+    string hash = cryptlite::sha256::hash_hex(csr);
    if ( !auto_sign) {
-      std::string db_key = "CSR:HASH:" + hash;
+      string db_key = "CSR:HASH:" + hash;
-      csrDb->writeDataUnique(db_key, csr);
+      LevelDB::getCsrStatusDb()->writeDataUnique(db_key, csr);
    }
    if (auto_sign) {
-      std::string csr_name = "cert/" + hash + ".csr";
+      string csr_name = "cert/" + hash + ".csr";
-      std::ofstream outfile(csr_name);
+      ofstream outfile(csr_name);
-      outfile << csr << std::endl;
+      outfile << csr << endl;
      outfile.close();
      if (access(csr_name.c_str(), F_OK) != 0) {
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }
-      std::string genCert = "cd cert && ./create_client_cert " + hash;
+      string genCert = "cd cert && ./create_client_cert " + hash;
      if (system(genCert.c_str()) == 0){
          spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -94,8 +96,8 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
      }
      else{
          spdlog::info("CLIENT CERTIFICATE GENERATION FAILED");
-          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FAIL_TO_CREATE_CERTIFICATE));
+          LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FAIL_TO_CREATE_CERTIFICATE));
          throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
          //exit(-1);
      }
@@ -104,11 +106,11 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
    result["result"] = true;
    result["hash"] = hash;
-    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    string db_key = "CSR:HASH:" + hash + "STATUS:";
-    csrStatusDb->writeDataUnique(db_key, status);
+    LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
  } catch (RPCException &_e) {
-    std::cerr << " err str " << _e.errString << std::endl;
+    cerr << " err str " << _e.errString << endl;
    result["status"] = _e.status;
    result["errorMessage"] = _e.errString;
    result["result"] = false;
@@ -117,26 +119,26 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
  return result;
 }
-Json::Value GetSertificateImpl(const std::string& hash){
+Json::Value GetSertificateImpl(const string& hash){
  Json::Value result;
-  std::string cert;
+  string cert;
  try{
-    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    string db_key = "CSR:HASH:" + hash + "STATUS:";
-    std::shared_ptr<string> status_str_ptr = csrStatusDb->readString(db_key);
+    shared_ptr<string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key);
    if (status_str_ptr == nullptr){
       throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
    }
-    int status = std::atoi(status_str_ptr->c_str());
+    int status = atoi(status_str_ptr->c_str());
    if ( status == 0){
-      std::string crt_name = "cert/" + hash + ".crt";
+      string crt_name = "cert/" + hash + ".crt";
      //if (access(crt_name.c_str(), F_OK) == 0){
-        std::ifstream infile(crt_name);
+        ifstream infile(crt_name);
        if (!infile.is_open()) {
-          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-          csrStatusDb->deleteKey(status_db_key);
+          LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
-          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FILE_NOT_FOUND));
+          LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FILE_NOT_FOUND));
          throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
        } else {
          ostringstream ss;
@@ -144,9 +146,9 @@ Json::Value GetSertificateImpl(const std::string& hash){
          cert = ss.str();
          infile.close();
-          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
+          string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
          if(system(remove_crt.c_str()) == 0){
-              //std::cerr << "cert removed" << std::endl;
+              //cerr << "cert removed" << endl;
              spdlog::info(" cert removed ");
          }
@@ -161,7 +163,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
    result["cert"] = cert;
  } catch (RPCException &_e) {
-    std::cerr << " err str " << _e.errString << std::endl;
+    cerr << " err str " << _e.errString << endl;
    result["status"] = _e.status;
    result["errorMessage"] = _e.errString;
  }
@@ -170,13 +172,13 @@ Json::Value GetSertificateImpl(const std::string& hash){
 }
-Json::Value SGXRegistrationServer::SignCertificate(const std::string& csr){
+Json::Value SGXRegistrationServer::signCertificate(const string& csr){
-  spdlog::info("Enter SignCertificate ");
+  spdlog::info("Enter signCertificate ");
  lock_guard<recursive_mutex> lock(m);
-  return SignCertificateImpl(csr, cert_auto_sign);
+  return signCertificateImpl(csr, cert_auto_sign);
 }
-Json::Value SGXRegistrationServer::GetCertificate(const std::string& hash){
+Json::Value SGXRegistrationServer::getCertificate(const string& hash){
  lock_guard<recursive_mutex> lock(m);
  return GetSertificateImpl(hash);
 }
@@ -190,19 +192,19 @@ void SGXRegistrationServer::set_cert_created(bool b){
 int init_registration_server(bool sign_automatically) {
-//  std::string certPath = "cert/SGXCACertificate.crt";
+//  string certPath = "cert/SGXCACertificate.crt";
-//  std::string keyPath = "cert/SGXCACertificate.key";
+//  string keyPath = "cert/SGXCACertificate.key";
 //
 //  if (access(certPath.c_str(), F_OK) != 0){
-//    std::cerr << "CERTIFICATE IS GOING TO BE CREATED" << std::endl;
+//    cerr << "CERTIFICATE IS GOING TO BE CREATED" << endl;
 //
-//    std::string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
+//    string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
 //
 //    if (system(genCert.c_str()) == 0){
-//      std::cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+//      cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << endl;
 //    }
 //    else{
-//      std::cerr << "CERTIFICATE GENERATION FAILED" << std::endl;
+//      cerr << "CERTIFICATE GENERATION FAILED" << endl;
 //      exit(-1);
 //    }
 //  }

--- a/SGXRegistrationServer.h
+++ b/SGXRegistrationServer.h
@@ -44,8 +44,8 @@ public:
  void set_cert_created(bool b);
-  virtual Json::Value SignCertificate(const std::string& csr);
+  virtual Json::Value signCertificate(const std::string& csr);
-  virtual Json::Value GetCertificate(const std::string& hash);
+  virtual Json::Value getCertificate(const std::string& hash);
 };

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
--- a/SGXWalletServer.hpp
+++ b/SGXWalletServer.hpp
@@ -56,11 +56,12 @@ public:
    virtual Json::Value generateDKGPoly(const std::string& polyName, int t);
    virtual Json::Value getVerificationVector(const std::string& polyName, int t, int n);
    virtual Json::Value getSecretShare(const std::string& polyName, const Json::Value& publicKeys, int t, int n);
-    virtual Json::Value DKGVerification(const std::string& publicShares, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
+    virtual Json::Value dkgVerification(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index);
-    virtual Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+    virtual Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
-    virtual Json::Value GetBLSPublicKeyShare(const std::string & BLSKeyName);
+    virtual Json::Value getBLSPublicKeyShare(const std::string & blsKeyName);
-    virtual Json::Value ComplaintResponse(const std::string& polyName, int ind);
+    virtual Json::Value complaintResponse(const std::string& polyName, int ind);
-    virtual Json::Value MultG2(const std::string & x);
+    virtual Json::Value multG2(const std::string & x);
+    virtual Json::Value isPolyExists(const std::string& polyName);
    virtual Json::Value getServerStatus();
 };
@@ -83,11 +84,13 @@ Json::Value getPublicECDSAKeyImpl(const std::string& keyName);
 Json::Value generateDKGPolyImpl(const std::string& polyName, int t);
 Json::Value getVerificationVectorImpl(const std::string& polyName, int t, int n);
 Json::Value getSecretShareImpl(const std::string& polyName, const Json::Value& publicKeys, int t, int n);
-Json::Value DKGVerificationImpl(const std::string& publicShares, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
+Json::Value dkgVerificationImpl(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index);
-Json::Value CreateBLSPrivateKeyImpl(const std::string & BLSKeyName, const std::string& EthKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+Json::Value createBLSPrivateKeyImpl(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
-Json::Value GetBLSPublicKeyShareImpl(const std::string & BLSKeyName);
+Json::Value getBLSPublicKeyShareImpl(const std::string & blsKeyName);
-Json::Value ComplaintResponseImpl(const std::string& polyName, int ind);
+Json::Value complaintResponseImpl(const std::string& polyName, int ind);
-Json::Value MultG2Impl(const std::string & x);
+Json::Value multG2Impl(const std::string & x);
+Json::Value isPolyExistsImpl(const std::string& polyName);
 Json::Value getServerStatusImpl();
 #endif //SGXWALLET_SGXWALLETSERVER_HPP
\ No newline at end of file
--- a/ServerDataChecker.cpp
+++ b/ServerDataChecker.cpp
@@ -28,14 +28,15 @@
 #include <iostream>
 #include "spdlog/spdlog.h"
+#include "common.h"
-std::vector<std::string> SplitString(const std::string& str, const std::string& delim = ":"){
+vector<string> SplitString(const string& str, const string& delim = ":"){
-    std::vector<std::string> tokens;
+    vector<string> tokens;
    size_t prev = 0, pos = 0;
    do {
        pos = str.find(delim, prev);
-        if (pos == std::string::npos) pos = str.length();
+        if (pos == string::npos) pos = str.length();
-        std::string token = str.substr(prev, pos-prev);
+        string token = str.substr(prev, pos-prev);
        if (!token.empty()) tokens.push_back(token);
        prev = pos + delim.length();
    } while (pos < str.length() && prev < str.length());
@@ -43,8 +44,8 @@ std::vector<std::string> SplitString(const std::string& str, const std::string&
    return tokens;
 }
-bool checkECDSAKeyName(const std::string& keyName) {
+bool checkECDSAKeyName(const string& keyName) {
-  std::vector<std::string> parts = SplitString(keyName);
+  vector<string> parts = SplitString(keyName);
  if (parts.size() != 2) {
    spdlog::info("ECDSAKeyName num parts != 2");
    return false;
@@ -69,7 +70,7 @@ bool checkECDSAKeyName(const std::string& keyName) {
  return true;
 }
-bool checkHex(const std::string& hex, const uint32_t sizeInBytes){
+bool checkHex(const string& hex, const uint32_t sizeInBytes){
  if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
    return false;
  }
@@ -86,8 +87,8 @@ bool checkHex(const std::string& hex, const uint32_t sizeInBytes){
  return true;
 }
-bool checkName (const std::string& Name, const std::string& prefix){
+bool checkName (const string& Name, const string& prefix){
-    std::vector<std::string> parts = SplitString(Name);
+    vector<string> parts = SplitString(Name);
    if ( parts.size() != 7) {
        spdlog::info("parts.size() != 7");
        return false;

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -52,44 +52,33 @@
 #include "BLSCrypto.h"
 #include "ServerInit.h"
+#include "SEKManager.h"
 #include <iostream>
 #include "spdlog/spdlog.h"
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 //#include <system>
 void init_daemon() {
    libff::init_alt_bn128_params();
-    std::string sgx_data_folder = SGXDATA_FOLDER;
-    struct stat info;
-    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
-      spdlog::info("going to create sgx_data folder");
-      std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
-      if (system(make_sgx_data_folder.c_str()) == 0){
-        spdlog::info("sgx_data folder was created");
-      }
-      else{
-        spdlog::info("creating sgx_data folder failed");
-        exit(-1);
-      }
-    }
-    static std::string dbName = sgx_data_folder +  WALLETDB_NAME;
-    levelDb = new LevelDB(dbName);
-    static std::string csr_dbname = sgx_data_folder + "CSR_DB";
+    LevelDB::initDataFolderAndDBs();
-    csrDb = new LevelDB(csr_dbname);
-    static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
-    csrStatusDb = new LevelDB(csr_status_dbname);
-    std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
+    std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
    if (encr_SEK_ptr == nullptr){
      spdlog::info("SEK was not created yet");
+      generate_SEK();
    }
 }
@@ -100,9 +89,10 @@ void init_enclave() {
    eid = 0;
    updated = 0;
-    unsigned long support;
 #ifndef SGX_HW_SIM
+    unsigned long support;
    support = get_sgx_support();
    if (!SGX_OK(support)) {
        sgx_support_perror(support);
@@ -150,6 +140,8 @@ void init_all(bool check_cert, bool sign_automatically) {
    if (sgxServerInited == 1)
        return;
+    init_daemon();
    sgxServerInited = 1;
    if (is_sgx_https) {
@@ -162,5 +154,5 @@ void init_all(bool check_cert, bool sign_automatically) {
    }
    init_enclave();
    //std::cerr << "enclave inited" << std::endl;
-    init_daemon();
 }
--- a/ServerInit.h
+++ b/ServerInit.h
@@ -31,7 +31,6 @@
 #endif
 EXTERNC void init_all(bool check_cert, bool sign_automatically);
 EXTERNC void init_daemon();

--- a/abstractCSRManagerServer.h
+++ b/abstractCSRManagerServer.h
@@ -12,22 +12,22 @@ class abstractCSRManagerServer : public jsonrpc::AbstractServer<abstractCSRManag
 public:
    abstractCSRManagerServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<abstractCSRManagerServer>(conn, type)
    {
-        this->bindAndAddMethod(jsonrpc::Procedure("GetUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::GetUnsignedCSRsI);
+        this->bindAndAddMethod(jsonrpc::Procedure("getUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::getUnsignedCSRsI);
-        this->bindAndAddMethod(jsonrpc::Procedure("SignByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::SignByHashI);
+        this->bindAndAddMethod(jsonrpc::Procedure("signByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::signByHashI);
    }
-    inline virtual void GetUnsignedCSRsI(const Json::Value &request, Json::Value &response)
+    inline virtual void getUnsignedCSRsI(const Json::Value &request, Json::Value &response)
    {
    (void)request;
-    response = this->GetUnsignedCSRs();
+    response = this->getUnsignedCSRs();
    }
-    inline virtual void SignByHashI(const Json::Value &request, Json::Value &response)
+    inline virtual void signByHashI(const Json::Value &request, Json::Value &response)
    {
-        response = this->SignByHash( request["hash"].asString(), request["status"].asInt());
+        response = this->signByHash( request["hash"].asString(), request["status"].asInt());
    }
-    virtual Json::Value GetUnsignedCSRs() = 0;
+    virtual Json::Value getUnsignedCSRs() = 0;
-    virtual Json::Value SignByHash(const std::string& hash, int status) = 0;
+    virtual Json::Value signByHash(const std::string& hash, int status) = 0;
 };

--- a/abstractregserver.h
+++ b/abstractregserver.h
@@ -32,23 +32,23 @@ class AbstractRegServer : public jsonrpc::AbstractServer<AbstractRegServer>
 public:
  AbstractRegServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractRegServer>(conn, type)
  {
-    this->bindAndAddMethod(jsonrpc::Procedure("SignCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"certificate",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::SignCertificateI);
+    this->bindAndAddMethod(jsonrpc::Procedure("signCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"certificate",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::signCertificateI);
-    this->bindAndAddMethod(jsonrpc::Procedure("GetCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::GetCertificateI);
+    this->bindAndAddMethod(jsonrpc::Procedure("getCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::getCertificateI);
  }
-  inline virtual void SignCertificateI(const Json::Value &request, Json::Value &response)
+  inline virtual void signCertificateI(const Json::Value &request, Json::Value &response)
  {
-      std::cerr << "SignCertificateI in abstr server " << std::endl;
+      std::cerr << "signCertificateI in abstr server " << std::endl;
-      response = this->SignCertificate( request["certificate"].asString());
+      response = this->signCertificate( request["certificate"].asString());
  }
-  inline virtual void GetCertificateI(const Json::Value &request, Json::Value &response)
+  inline virtual void getCertificateI(const Json::Value &request, Json::Value &response)
  {
-    response = this->GetCertificate( request["hash"].asString());
+    response = this->getCertificate( request["hash"].asString());
  }
-  virtual Json::Value SignCertificate(const std::string& cert) = 0;
+  virtual Json::Value signCertificate(const std::string& cert) = 0;
-  virtual Json::Value GetCertificate(const std::string& hash) = 0;
+  virtual Json::Value getCertificate(const std::string& hash) = 0;
 };

--- a/abstractstubserver.h
+++ b/abstractstubserver.h
--- a/aclocal.m4
+++ b/aclocal.m4
--- a/cert_util.cpp
+++ b/cert_util.cpp
@@ -13,7 +13,7 @@ int print_hashes(){
  jsonrpc::HttpClient client("http://localhost:1028");
  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
  std::cout << "Client inited" << std::endl;
-  std::cout << c.GetUnsignedCSRs() << std::endl;
+  std::cout << c.getUnsignedCSRs() << std::endl;
  exit(0);
 }
@@ -21,7 +21,7 @@ void sign_by_hash(std::string & hash, int status){
  jsonrpc::HttpClient client("http://localhost:1028");
  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
  std::cout << "Client inited" << std::endl;
-  std::cout << c.SignByHash(hash, status) << std::endl;
+  std::cout << c.signByHash(hash, status) << std::endl;
  exit(0);
 }

--- a/common.h
+++ b/common.h
+//
+// Created by kladko on 25.01.20.
+//
+#ifndef SGXWALLET_COMMON_H
+#define SGXWALLET_COMMON_H
+using namespace std;
+#include <stdlib.h>
+#include <iostream>
+#include <map>
+#include <memory>
+#define CHECK_ARGUMENT(_EXPRESSION_) \
+    if (!(_EXPRESSION_)) { \
+        auto __msg__ = string("Argument Check failed:") + #_EXPRESSION_ + "\n" + __CLASS_NAME__ + ":" + __FUNCTION__ +  \
+        + " " + string(__FILE__) + ":" + to_string(__LINE__); \
+        throw runtime_error(__msg__);}
+#define CHECK_STATE(_EXPRESSION_) \
+    if (!(_EXPRESSION_)) { \
+        auto __msg__ = string("State check failed::") + #_EXPRESSION_ +  " " + string(__FILE__) + ":" + to_string(__LINE__); \
+        throw runtime_error(__msg__);}
+#endif //SGXWALLET_COMMON_H
--- a/compile
+++ b/compile
-/usr/share/automake-1.16/compile
\ No newline at end of file
--- a/depcomp
+++ b/depcomp
-/usr/share/automake-1.16/depcomp
\ No newline at end of file
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -8,5 +8,5 @@ jhid -d
 pid=$!
 sleep 2
-/usr/src/sdk/sgxwallet $1
+cd /usr/src/sdk; ./sgxwallet $1 $2 $3 $4
--- a/github-markdown-toc @ 83fadb60
+++ b/github-markdown-toc @ 83fadb60
+Subproject commit 83fadb60a7f1607c1c46e868ed2a866bb70b4c76
--- a/install-sh
+++ b/install-sh
-/usr/share/automake-1.16/install-sh
\ No newline at end of file
--- a/missing
+++ b/missing
-/usr/share/automake-1.16/missing
\ No newline at end of file
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,12 @@ services:
      - "/dev/isgx"
      - "/dev/mei0"
    volumes:
-      - ./sgx_data:/sgx_data
+      - ./sgx_data:/usr/src/sdk/sgx_data
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "4"
    restart: unless-stopped
    command: -s

--- a/docker-compose-sim.yml
+++ b/docker-compose-sim.yml
@@ -7,7 +7,12 @@ services:
      - "1027:1027"
      - "1028:1028"
    volumes:
-      - ./sgx_data:/sgx_data
+      - ./sgx_data:/usr/src/sdk/sgx_data
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "4"
    restart: unless-stopped
-    command: -s
+    command: -s -d 
--- a/scripts/docker_test.py
+++ b/scripts/docker_test.py
+#!/usr/bin/env python
+#
+#    @file  docker_test.py
+#    @author Stan Kladko
+#    @date 2020
+#
+import sys
+import os
+import subprocess
+import socket
+assert os.path.isdir('sgx_data/sgxwallet.db')
+assert os.path.isdir('sgx_data/cert_data');
+assert os.path.isdir('sgx_data/CSR_DB');
+assert os.path.isdir('sgx_data/CSR_STATUS_DB');
+assert os.path.isfile('sgx_data/cert_data/SGXServerCert.crt')
+assert os.path.isfile('sgx_data/cert_data/SGXServerCert.key')
+assert os.path.isfile('sgx_data/cert_data/rootCA.pem')
+assert os.path.isfile('sgx_data/cert_data/rootCA.key')
+s1 = socket.socket()
+s2 = socket.socket()
+s3 = socket.socket()
+address = '127.0.0.1'
+s1.connect((address, 1026))
+s2.connect((address, 1027))
+s3.connect((address, 1028))
+s1.close()
+s2.close()
+s3.close()
--- a/secure_enclave/AESUtils.c
+++ b/secure_enclave/AESUtils.c
+//
+// Created by kladko on 1/22/20.
+//
+#include "sgx_trts.h"
+#include "sgx_tcrypto.h"
+#include "stdlib.h"
+#include <string.h>
+#include "AESUtils.h"
+int AES_encrypt(char *message, uint8_t *encr_message){
+    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
+    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
+                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
+                                                     encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
+                                                     NULL, 0,
+                                                     (sgx_aes_gcm_128bit_tag_t *) encr_message);
+    return status;
+}
+int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message){
+  uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
+  sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
+                                                   encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
+                                                   message,
+                                                   encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
+                                                   NULL, 0,
+                                                   (sgx_aes_gcm_128bit_tag_t *)encr_message);
+  return status;
+}
\ No newline at end of file
--- a/secure_enclave/AESUtils.h
+++ b/secure_enclave/AESUtils.h
+//
+// Created by kladko on 1/22/20.
+//
+#ifndef SGXD_AESUTILS_H
+#define SGXD_AESUTILS_H
+sgx_aes_gcm_128bit_key_t AES_key;
+int AES_encrypt(char *message, uint8_t *encr_message);
+int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message);
+#endif //SGXD_AESUTILS_H
--- a/secure_enclave/Makefile.am
+++ b/secure_enclave/Makefile.am
@@ -85,7 +85,7 @@ CLEANFILES+= secure_enclave_t.c secure_enclave_t.h
 secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
 	secure_enclave.c \
-	curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c \
+	curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c AESUtils.c \
    DKGUtils.cpp   BLSEnclave.cpp ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
                ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
                ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)

--- a/secure_enclave/Makefile.in
+++ b/secure_enclave/Makefile.in
@@ -110,7 +110,7 @@ am_secure_enclave_OBJECTS = secure_enclave_t.$(OBJEXT) \
 	secure_enclave.$(OBJEXT) curves.$(OBJEXT) \
 	domain_parameters.$(OBJEXT) numbertheory.$(OBJEXT) \
 	point.$(OBJEXT) signature.$(OBJEXT) DH_dkg.$(OBJEXT) \
-	DKGUtils.$(OBJEXT) BLSEnclave.$(OBJEXT) \
+	AESUtils.$(OBJEXT) DKGUtils.$(OBJEXT) BLSEnclave.$(OBJEXT) \
 	alt_bn128_init.$(OBJEXT) alt_bn128_g2.$(OBJEXT) \
 	alt_bn128_g1.$(OBJEXT) $(am__objects_1) $(am__objects_1)
 secure_enclave_OBJECTS = $(am_secure_enclave_OBJECTS)
@@ -138,7 +138,8 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
+am__depfiles_remade = ./$(DEPDIR)/AESUtils.Po \
+	./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
 	./$(DEPDIR)/DKGUtils.Po ./$(DEPDIR)/alt_bn128_g1.Po \
 	./$(DEPDIR)/alt_bn128_g2.Po ./$(DEPDIR)/alt_bn128_init.Po \
 	./$(DEPDIR)/curves.Po ./$(DEPDIR)/domain_parameters.Po \
@@ -346,7 +347,7 @@ ENCLAVE_CONFIG = $(ENCLAVE).config.xml
 ENCLAVE_KEY = test_insecure_private_key.pem       #$(ENCLAVE)_private.pem
 secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
 	secure_enclave.c \
-	curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c \
+	curves.c domain_parameters.c numbertheory.c point.c signature.c DH_dkg.c AESUtils.c \
    DKGUtils.cpp   BLSEnclave.cpp ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp \
                ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g2.cpp \
                ../trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
@@ -440,6 +441,7 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AESUtils.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@ # am--include-marker
@@ -660,7 +662,8 @@ clean: clean-am
 clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+		-rm -f ./$(DEPDIR)/AESUtils.Po
+	-rm -f ./$(DEPDIR)/BLSEnclave.Po
 	-rm -f ./$(DEPDIR)/DH_dkg.Po
 	-rm -f ./$(DEPDIR)/DKGUtils.Po
 	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po
@@ -720,7 +723,8 @@ install-ps-am:
 installcheck-am:
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+		-rm -f ./$(DEPDIR)/AESUtils.Po
+	-rm -f ./$(DEPDIR)/BLSEnclave.Po
 	-rm -f ./$(DEPDIR)/DH_dkg.Po
 	-rm -f ./$(DEPDIR)/DKGUtils.Po
 	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po

--- a/secure_enclave/enclave_common.h
+++ b/secure_enclave/enclave_common.h
+//
+// Created by kladko on 1/24/20.
+//
+#ifndef SGXD_ENCLAVE_COMMON_H
+#define SGXD_ENCLAVE_COMMON_H
+#define BUF_LEN 1024
+#define  MAX_KEY_LENGTH 128
+#define  MAX_COMPONENT_LENGTH 80
+#define  MAX_COMPONENT_HEX_LENGTH MAX_COMPONENT_LENGTH * 2
+#define  MAX_ENCRYPTED_KEY_LENGTH 1024
+#define  MAX_SIG_LEN 1024
+#define  MAX_ERR_LEN 1024
+#define SHA_256_LEN 32
+#define ADD_ENTROPY_SIZE 32
+#define  DKG_BUFER_LENGTH 2490//3060
+#define  DKG_MAX_SEALED_LEN 3050
+#define SECRET_SHARE_NUM_BYTES 96
+#define ECDSA_SKEY_LEN 65
+#define ECDSA_SKEY_BASE 16
+#define ECDSA_ENCR_LEN 93
+#define ECDSA_BIN_LEN 33
+#define UNKNOWN_ERROR -1
+#define PLAINTEXT_KEY_TOO_LONG -2
+#define UNPADDED_KEY -3
+#define NULL_KEY -4
+#define INCORRECT_STRING_CONVERSION -5
+#define ENCRYPTED_KEY_TOO_LONG -6
+#define SEAL_KEY_FAILED -7
+#endif //SGXD_ENCLAVE_COMMON_H
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
--- a/secure_enclave/secure_enclave.edl
+++ b/secure_enclave/secure_enclave.edl
+#define ECDSA_SKEY_LEN 65
+#define ECDSA_SKEY_BASE 16
+#define ECDSA_ENCR_LEN 93
+#define ECDSA_BIN_LEN 33
 enclave {
 	trusted {
 		include "sgx_tgmp.h"
 		public void tgmp_init();
 		public void e_mpz_add(
@@ -52,20 +59,20 @@ enclave {
 		    [out, count = 1024] char* key );
 		public void bls_sign_message (
-            		    [user_check] int *err_status,
+                                [user_check] int *err_status,
-            		    [out, count = 1024] char* err_string,
+                                [out, count = 1024] char* err_string,
-            		    [in, count = 1024] uint8_t* encrypted_key,
+                                [in, count = 1024] uint8_t* encrypted_key,
-            		    uint32_t enc_len,
+                                uint32_t enc_len,
-            		    [in, count = 1024] char* hashX ,
+                                [in, count = 1024] char* hashX ,
-            		    [in, count = 1024] char* hashY ,
+                                [in, count = 1024] char* hashY ,
-            		    [out, count = 1024] char* signature);
+                                [out, count = 1024] char* signature);
        public void gen_dkg_secret (
-                    	[user_check] int *err_status,
+                                [user_check] int *err_status,
-                    	[out, count = 1024] char* err_string,
+                                [out, count = 1024] char* err_string,
-                    	[out, count = 3050] uint8_t* encrypted_dkg_secret,
+                                [out, count = 3050] uint8_t* encrypted_dkg_secret,
-                    	[user_check] uint32_t * enc_len,
+                                [user_check] uint32_t * enc_len,
-                    	size_t _t);
+                                size_t _t);
        public void decrypt_dkg_secret (
                            	[user_check] int *err_status,
@@ -163,6 +170,72 @@ enclave {
                                [out, count = 1024] char *err_string,
                                [in, count = 1024] uint8_t *encrypted_SEK,
                                [user_check] uint32_t *enc_len);
+         public void generate_ecdsa_key_aes (
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [out, count = ECDSA_ENCR_LEN] uint8_t* encrypted_key,
+                                [user_check] uint32_t *enc_len,
+                                [out, count = 1024] char * pub_key_x,
+                                [out, count = 1024] char * pub_key_y);
+         public void get_public_ecdsa_key_aes(
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 1024] uint8_t* encrypted_key,
+                                uint32_t dec_len,
+                                [out, count = 1024] char * pub_key_x,
+                                [out, count = 1024] char * pub_key_y);
+         public void ecdsa_sign_aes(
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 1024] uint8_t* encrypted_key,
+                                uint32_t enc_len,
+                                [in, count = 1024] unsigned char* hash,
+                                [out, count = 1024] char* sig_r,
+                                [out, count = 1024] char* sig_s,
+                                [user_check] uint8_t* sig_v,
+                                int base);
+         public void encrypt_key_aes (
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 1024] char* key,
+                                [out, count = 1024] uint8_t* encrypted_key,
+                                [user_check] uint32_t *enc_len);
+        public void decrypt_key_aes (
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 1024] uint8_t* encrypted_key,
+                                uint32_t enc_len,
+                                [out, count = 1024] char* key );
+        public void gen_dkg_secret_aes (
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [out, count = 3050] uint8_t* encrypted_dkg_secret,
+                                [user_check] uint32_t * enc_len,
+                                        size_t _t);
+        public void decrypt_dkg_secret_aes (
+                                [user_check] int *err_status,
+                                [out, count = 1024] char* err_string,
+                                [in, count = 3050] uint8_t* encrypted_dkg_secret,
+                                [out, count = 2490] uint8_t* decrypted_dkg_secret,
+                                [user_check] uint32_t* dec_len);
+        public void set_encrypted_dkg_poly_aes( [user_check] int *err_status,
+                              [out, count = 1024] char* err_string,
+                              [in, count = 3050] uint8_t* encrypted_poly,
+                              [user_check] uint64_t* enc_len);
 	};

--- a/sgx_enable
+++ b/sgx_enable
--- a/sgxwallet.c
+++ b/sgxwallet.c
@@ -62,7 +62,7 @@ int main(int argc, char *argv[]) {
    exit(1);
  }
-  while ((opt = getopt(argc, argv, "cshd0")) != -1) {
+  while ((opt = getopt(argc, argv, "cshd0a")) != -1) {
    switch (opt) {
    case 'h':
      if (strlen(argv[1]) == 2 ) {
@@ -87,6 +87,8 @@ int main(int argc, char *argv[]) {
    case '0':
      is_sgx_https = 0;
     break;
+    case 'a':
+      is_aes = 1;
    case '?': // fprintf(stderr, "unknown flag\n");
      exit(1);
    default:

--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -37,6 +37,7 @@
 extern int DEBUG_PRINT;
 extern int is_sgx_https;
+extern int is_aes;
 #define BUF_LEN 1024
@@ -57,7 +58,7 @@ extern int is_sgx_https;
 #define ECDSA_SKEY_LEN 65
 #define ECDSA_SKEY_BASE 16
-#define ECDSA_ENCR_LEN 625
+#define ECDSA_ENCR_LEN 93
 #define ECDSA_BIN_LEN 33
 #define UNKNOWN_ERROR -1

--- a/spec.json
+++ b/spec.json
--- a/stubclient.cpp
+++ b/stubclient.cpp
-/*
+//
-    Copyright (C) 2019-Present SKALE Labs
+// Created by kladko on 9/23/19.
+//
-    This file is part of sgxwallet.
-    sgxwallet is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-    sgxwallet is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-    You should have received a copy of the GNU Affero General Public License
-    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
-    @file stubclient.cpp
-    @author Stan Kladko
-    @date 2019
-*/
 #include <iostream>

--- a/stubclient.h
+++ b/stubclient.h
--- a/testw.cpp
+++ b/testw.cpp