SKALE-3067-cleanup-sgx

secure_enclave/secure_enclave.c

@@ -58,9 +58,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #define SAFE_FREE(__X__) if (!__X__) {free(__X__); __X__ = NULL;}
 #define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
-
-
-
 #define STRINGIFY(x) #x
 #define TOSTRING(x) STRINGIFY(x)
 
@@ -84,21 +81,20 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         *errStatus = -1;                          \
         goto clean;}
 
-#define CHECK_STATUS(__STATUS__, __ERRMESSAGE__) if (__STATUS__ != SGX_SUCCESS) { \
+#define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
 snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
 LOG_ERROR(errString); \
 *errStatus = status; \
 goto clean; \
-}
+};
 
 
-#define CHECK_STATUS2(__STATUS__, __ERRMESSAGE__, __PARAM__) if (__STATUS__ != SGX_SUCCESS) { \
-snprintf(errString, BUF_LEN, __ERRMESSAGE__, __PARAM__); \
+#define CHECK_STATUS2(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
+snprintf(errString, BUF_LEN, __ERRMESSAGE__, status); \
 LOG_ERROR(errString); \
 *errStatus = status; \
 goto clean; \
-}
-
+};
 
 void *(*gmp_realloc_func)(void *, size_t, size_t);
 
@@ -171,7 +167,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
     return (void *) nptr;
 }
 
-
 void get_global_random(unsigned char *_randBuff, uint64_t _size) {
 
     char errString[BUF_LEN];
@@ -184,7 +179,6 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
     CHECK_STATE(_size <= 32)
     CHECK_STATE(_randBuff);
 
-
     sgx_sha_state_handle_t shaStateHandle;
 
     CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
@@ -199,15 +193,12 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
 
 void trustedGenerateSEK(int *errStatus, char *errString,
                         uint8_t *encrypted_SEK, uint32_t *enc_len, char *SEK_hex) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encrypted_SEK);
     CHECK_STATE(SEK_hex);
 
-    CHECK_STATE(encrypted_SEK);
-    CHECK_STATE(SEK_hex);
-
 
     SAFE_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);;
 
@@ -222,7 +213,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 
     sgx_status_t status = sgx_seal_data(0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen,
                                         (sgx_sealed_data_t *) encrypted_SEK);
-    CHECK_STATUS(status, "seal SEK failed");
+    CHECK_STATUS("seal SEK failed");
 
     *enc_len = sealedLen;
 
@@ -232,7 +223,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 }
 
 void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
     CHECK_STATE(encrypted_SEK);
     SAFE_CHAR_BUF(aes_key_hex, BUF_LEN);
@@ -240,21 +231,20 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
     sgx_status_t status = sgx_unseal_data(
             (const sgx_sealed_data_t *) encrypted_SEK, NULL, 0, aes_key_hex, &encr_len);
 
-    CHECK_STATUS2(status,  "sgx unseal SEK failed with status %d", status );
+    CHECK_STATUS2("sgx unseal SEK failed with status %d");
 
     uint64_t len;
 
     hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
 
     SET_SUCCESS
-
     clean:
     ;
 }
 
 void trustedSetSEK_backup(int *errStatus, char *errString,
                           uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encrypted_SEK);
@@ -267,26 +257,19 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
 
     sgx_status_t status = sgx_seal_data(0, NULL, strlen(SEK_hex) + 1, (uint8_t *) SEK_hex, sealedLen,
                                         (sgx_sealed_data_t *) encrypted_SEK);
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "seal SEK failed with status %d", status);
-        *errStatus = status;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+
+    CHECK_STATUS2("seal SEK failed with status %d")
 
     *enc_len = sealedLen;
 
     SET_SUCCESS
-
     clean:
-
     ;
-
 }
 
 void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
                                 uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encryptedPrivateKey);
@@ -302,7 +285,6 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
 
     point Pkey = point_init();
 
-
     get_global_random(rand_char, 32);
 
     mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char);
@@ -338,28 +320,16 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
     skey_str[ECDSA_SKEY_LEN - 1] = 0;
     snprintf(errString, BUF_LEN, "skey len is %d\n", strlen(skey_str));
 
-    int stat = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
-
-    if (stat != 0) {
-        snprintf(errString, BUF_LEN, "ecdsa private key encryption failed");
-        *errStatus = stat;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    int status = AES_encrypt(skey_str, encryptedPrivateKey, BUF_LEN);
+    CHECK_STATUS("ecdsa private key encryption failed");
 
     *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
 
-    stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
+    status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
 
-    if (stat != 0) {
-        snprintf(errString, BUF_LEN, "ecdsa private key decr failed with status %d", stat);
-        *errStatus = stat;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("ecdsa private key decr failed with status %d");
 
     SET_SUCCESS
-
     clean:
     mpz_clear(seed);
     mpz_clear(skey);
@@ -377,31 +347,19 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
 
     SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
 
-
     mpz_t privateKeyMpz;
     mpz_init(privateKeyMpz);
     point Pkey = point_init();
 
-
     int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
-    skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
-
-    if (status != 0) {
-        snprintf(errString, BUF_LEN, "AES_decrypt failed with status %d", status);
-        *errStatus = status;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("AES_decrypt failed with status %d");
 
+    skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
     strncpy(errString, skey, 1024);
 
-    if (mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE) == -1) {
-        snprintf(errString, BUF_LEN, "wrong string to init private key");
-        LOG_ERROR(errString);
-        *errStatus = -10;
-        goto clean;
-    }
+    status = mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE);
 
+    CHECK_STATUS("mpz_set_str failed for private key");
 
     signature_extract_public_key(Pkey, privateKeyMpz, curve);
 
@@ -435,9 +393,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
     strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
 
     SET_SUCCESS
-
     clean:
-
     mpz_clear(privateKeyMpz);
     point_clear(Pkey);
     point_clear(Pkey_test);
@@ -466,12 +422,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 
     int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
 
-    if (status != 0) {
-        *errStatus = status;
-        snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
-        LOG_ERROR(status);
-        goto clean;
-    }
+    CHECK_STATUS2("aes decrypt failed with status %d");
 
     skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
 
@@ -523,8 +474,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 
     *sig_v = sign->v;
 
-    *errStatus = 0;
-
+    SET_SUCCESS
     clean:
 
     mpz_clear(privateKeyMpz);
@@ -544,26 +494,17 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 
     *errStatus = UNKNOWN_ERROR;
 
-    int stat = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
-    if (stat != 0) {
-        *errStatus = stat;
-        snprintf(errString, BUF_LEN, "AES encrypt failed with status %d", stat);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    int status = AES_encrypt(key, encryptedPrivateKey, BUF_LEN);
+
+    CHECK_STATUS2("AES encrypt failed with status %d");
 
     *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
 
     SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
 
-    stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
+    status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
 
-    if (stat != 0) {
-        *errStatus = stat;
-        snprintf(errString, BUF_LEN, "trustedDecryptKey failed with status %d", stat);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("trustedDecryptKey failed with status %d");
 
     uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH);
 
@@ -581,8 +522,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
         goto clean;
     }
 
-    *errStatus = 0;
-
+    SET_SUCCESS
     clean:
     ;
 }
@@ -591,7 +531,6 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
                           uint32_t enc_len, char *key) {
 
     LOG_DEBUG(__FUNCTION__);
-
     INIT_ERROR_STATE
 
     CHECK_STATE(encryptedPrivateKey);
@@ -619,19 +558,15 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
     }
 
     SET_SUCCESS
-
     clean:
     ;
-
 }
 
 void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                               uint32_t enc_len, char *_hashX,
                               char *_hashY, char *signature) {
     LOG_DEBUG(__FUNCTION__);
-
-    *errString = 0;
-    *errStatus = UNKNOWN_ERROR;
+    INIT_ERROR_STATE
 
     CHECK_STATE(encryptedPrivateKey);
     CHECK_STATE(_hashX);
@@ -642,12 +577,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
 
     int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
 
-    if (status != 0) {
-        *errStatus = status;
-        strncpy(errString, "AES decrypt failed", BUF_LEN);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS("AES decrypt failed")
 
     enclave_sign(key, _hashX, _hashY, sig);
 
@@ -661,37 +591,26 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
     }
 
     SET_SUCCESS
-
     clean:
     ;
 }
 
 void
 trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
-    LOG_DEBUG(__FUNCTION__);
-
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encrypted_dkg_secret);
 
     SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH);
 
+    int status = gen_dkg_poly(dkg_secret, _t);
 
-    if (gen_dkg_poly(dkg_secret, _t) != 0) {
-        *errStatus = -1;
-        strncpy(errString, "gen_dkg_poly failed", BUF_LEN);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS("gen_dkg_poly failed")
 
-    int status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
+    status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
 
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "SGX AES encrypt DKG poly failed");
-        LOG_ERROR(errString);
-        *errStatus = status;
-        goto clean;
-    }
+    CHECK_STATUS("SGX AES encrypt DKG poly failed");
 
     *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
 
@@ -699,12 +618,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
 
     status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
                          DKG_BUFER_LENGTH);
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
-        LOG_ERROR(errString);
-        *errStatus = status;
-        goto clean;
-    }
+
+    CHECK_STATUS("aes decrypt dkg poly failed");
 
     if (strcmp(dkg_secret, decr_dkg_secret) != 0) {
         snprintf(errString, BUF_LEN,
@@ -715,7 +630,6 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
     }
 
     SET_SUCCESS
-
     clean:
     ;
 }
@@ -724,23 +638,16 @@ void
 trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
                            uint32_t enc_len,
                            uint8_t *decrypted_dkg_secret) {
-
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
-    LOG_DEBUG(__FUNCTION__);
-
     CHECK_STATE(encrypted_dkg_secret);
     CHECK_STATE(decrypted_dkg_secret);
 
     int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
                              3072);
 
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
-        LOG_ERROR(errString);
-        *errStatus = status;
-        goto clean;
-    }
+    CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d")
 
     SET_SUCCESS
 
@@ -750,25 +657,19 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
 
 
 void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
-    LOG_DEBUG(__FUNCTION__);
-
+    LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encrypted_poly);
 
     memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
+
     int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
                              DKG_BUFER_LENGTH);
 
-    if (status != SGX_SUCCESS) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
-        LOG_ERROR(errString);
-        goto clean;
-    }
-
-    *errStatus = 0;
+    CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d")
 
+    SET_SUCCESS
     clean:
     ;
 }
@@ -778,12 +679,11 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
                                        uint8_t ind) {
 
     LOG_DEBUG(__FUNCTION__);
+    INIT_ERROR_STATE
 
     uint32_t enc_len;
     int status;
 
-    INIT_ERROR_STATE
-
     CHECK_STATE(encrypted_skey);
     CHECK_STATE(result_str);
     CHECK_STATE(s_shareG2);
@@ -797,24 +697,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
 
-    if (status != 0) {
-        snprintf(errString, BUF_LEN, "trustedGenerateEcdsaKeyAES failed");
-        *errStatus = status;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
 
     status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
 
     skey[ECDSA_SKEY_LEN - 1] = 0;
 
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d",
-                 status);
-        LOG_ERROR(errString);
-        *errStatus = status;
-        goto clean;
-    }
+    CHECK_STATUS2("AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d");
 
     *dec_len = enc_len;
 
@@ -823,19 +712,12 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
 
-    if (calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind) != 0) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "calc secret share failed");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
+    CHECK_STATUS("calc secret share failed")
 
-    if (calc_secret_shareG2(s_share, s_shareG2) != 0) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "invalid decr secret share");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+
+    status = calc_secret_shareG2(s_share, s_shareG2);
+    CHECK_STATUS("invalid decr secret share");
 
     SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
     xor_encrypt(common_key, s_share, cypher);
@@ -853,7 +735,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
                                char *public_shares,
                                unsigned _t, unsigned _n) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
 
     INIT_ERROR_STATE
 
@@ -866,19 +748,10 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
     int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
                              DKG_MAX_SEALED_LEN);
 
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
-        *errStatus = status;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d");
 
-    if (calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "t does not match polynomial in db");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    status = calc_public_shares(decrypted_dkg_secret, public_shares, _t) != 0;
+    CHECK_STATUS("t does not match polynomial in db");
 
     SET_SUCCESS
 
@@ -888,7 +761,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
 
 void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
                          uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
 
     INIT_ERROR_STATE
 
@@ -903,12 +776,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
 
     int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
 
-    if (status != SGX_SUCCESS) {
-        snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
-        *errStatus = status;
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
 
     SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
 
@@ -922,28 +790,24 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
 
     xor_decrypt(common_key, encr_sshare, decr_sshare);
 
-    if (mpz_set_str(s, decr_sshare, 16) == -1) {
-        *errStatus = 1;
-        snprintf(errString, BUF_LEN, "invalid decr secret share");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    status  = mpz_set_str(s, decr_sshare, 16);
+    CHECK_STATUS("invalid decr secret share");
 
     *result = Verification(public_shares, s, _t, _ind);
 
     SET_SUCCESS
-
     clean:
+
     mpz_clear(s);
 }
 
 void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
                             uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
                             uint32_t *enc_bls_key_len) {
-    LOG_DEBUG(__FUNCTION__);
 
-    *errString = 0;
-    *errStatus = UNKNOWN_ERROR;
+    LOG_INFO(__FUNCTION__);
+
+    INIT_ERROR_STATE
 
     CHECK_STATE(s_shares);
     CHECK_STATE(encryptedPrivateKey);
@@ -964,12 +828,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
 
 
     int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
-    if (status != SGX_SUCCESS) {
-        *errStatus = status;
-        snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("aes decrypt failed with status %d");
 
     skey[ECDSA_SKEY_LEN - 1] = 0;
 
@@ -1024,12 +883,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
 
     status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
 
-    if (status != SGX_SUCCESS) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "aes encrypt bls private key failed with status %d ", status);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
 
     *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
 
@@ -1054,21 +908,14 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
     SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
 
     int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
-    if (status != SGX_SUCCESS) {
-        *errStatus = 1;
-        snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
-        LOG_ERROR(errString);
-        goto clean;
-    }
+
+    CHECK_STATUS2("AES decrypt failed %d");
 
     skey_hex[ECDSA_SKEY_LEN - 1] = 0;
 
-    if (calc_bls_public_key(skey_hex, bls_pub_key) != 0) {
-        *errStatus = -1;
-        snprintf(errString, BUF_LEN, "could not calculate bls public key");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    status = calc_bls_public_key(skey_hex, bls_pub_key);
+
+    CHECK_STATUS("could not calculate bls public key");
 
     SET_SUCCESS
     clean: