Merge branch 'develop' into SKALE-3189-fix-build

Dockerfile

 FROM skalenetwork/sgxwallet_base:latest
 
 COPY . /usr/src/sdk
-RUN apt update && apt install -y curl
+RUN apt update && apt install -y curl secure-delete
 WORKDIR /usr/src/sdk
 RUN touch /var/hwmode
 RUN ./autoconf.bash

DockerfileBase

-FROM ubuntu:bionic
+FROM ubuntu:xenial
 
 
 COPY . /usr/src/sdk

DockerfileRelease

@@ -2,7 +2,7 @@ FROM skalenetwork/sgxwallet_base:latest
 
 COPY . /usr/src/sdk
 RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml
-RUN apt update && apt install -y curl
+RUN apt update && apt install -y curl secure-delete
 WORKDIR /usr/src/sdk
 #Test signing key generation
 RUN cd scripts && ./generate_signing_key.bash

DockerfileSimulation

 FROM skalenetwork/sgxwallet_base:latest
 
 
-RUN apt update &&  apt install -y curl
+RUN apt update &&  apt install -y curl secure-delete
 
 RUN ccache -sz
 

Makefile.am

@@ -102,7 +102,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in
    -l:libbls.a -l:libleveldb.a \
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
    -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
-    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
+    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs
 
 
 testw_SOURCES=testw.cpp $(COMMON_SRC)

SEKManager.cpp

@@ -37,213 +37,246 @@
 #include "ServerDataChecker.h"
 #include "third_party/spdlog/spdlog.h"
 
+using namespace std;
+
+#define BACKUP_PATH "./sgx_data/sgxwallet_backup_key.txt"
+
+
 bool case_insensitive_match(string s1, string s2) {
-  //convert s1 and s2 into lower case strings
-  transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
-  transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
-  return s1.compare(s2);
+    //convert s1 and s2 into lower case strings
+    transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
+    transform(s2.begin(), s2.end(), s2.begin(), ::tolower);
+    return s1.compare(s2);
 }
 
 void create_test_key() {
-  int errStatus =  0;
-  vector<char> errMsg(1024,0);
-  uint32_t enc_len;
+    int errStatus = 0;
+    vector<char> errMsg(1024, 0);
+    uint32_t enc_len;
 
-  uint8_t encrypted_key[BUF_LEN];
-  memset(encrypted_key, 0, BUF_LEN);
+    uint8_t encrypted_key[BUF_LEN];
+    memset(encrypted_key, 0, BUF_LEN);
 
-  std::string key = TEST_VALUE;
+    string key = TEST_VALUE;
 
-  status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
-  if ( status != SGX_SUCCESS ) {
-    std::cerr << "encrypt test key failed with status " << status << std::endl;
-    throw SGXException(status, errMsg.data()) ;
-  }
+    status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+    if (status != SGX_SUCCESS) {
+        cerr << "encrypt test key failed with status " << status << endl;
+        throw SGXException(status, errMsg.data());
+    }
 
-  if ( errStatus != 0 ) {
-    std::cerr << "encrypt test key failed with status " << errStatus << std::endl;
-    throw SGXException(errStatus, errMsg.data()) ;
-  }
+    if (errStatus != 0) {
+        cerr << "encrypt test key failed with status " << errStatus << endl;
+        throw SGXException(errStatus, errMsg.data());
+    }
 
-  vector<char> hexEncrKey(2 * enc_len + 1, 0);
+    vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
-  carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
+    carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
 
-  uint64_t test_len;
-  vector<uint8_t>test_encr_key(1024, 0);
-  if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
-    std::cerr << "wrong encrypted test key" << std::endl;
-  }
+    uint64_t test_len;
+    vector <uint8_t> test_encr_key(1024, 0);
+    if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
+        cerr << "wrong encrypted test key" << endl;
+    }
 
-  LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
+    LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data());
 }
 
-bool check_SEK(const std::string& SEK) {
-  std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
-  vector<uint8_t> encr_test_key(BUF_LEN, 0);
-  uint64_t len;
-  if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
-    spdlog::error("wrong test key" );
-    exit(-1);
-  }
-
-  vector<char> decr_key(1024,0);
-  vector<char> errMsg(1024,0);
-  int err_status = 0;
-
-  vector<uint8_t> encr_SEK(1024,0);
-
-  uint32_t l = len;
-
-  status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str() );
-  if (status != SGX_SUCCESS) {
-    cerr << "RPCException thrown with status " << status << endl;
-    throw SGXException(status, errMsg.data());
-  }
-
-  if ( err_status != 0 ) {
-    cerr << "RPCException thrown with status " << err_status << endl;
-    throw SGXException(err_status, errMsg.data());
-  }
-
-  status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
-  if (status != SGX_SUCCESS || err_status != 0) {
-    spdlog::error("failed to decrypt test key" );
-    spdlog::error(errMsg.data());
-    exit(-1);
-  }
-
-  std::string test_key = TEST_VALUE;
-  if (test_key.compare(decr_key.data()) != 0) {
-    std::cerr << "decrypted key is " << decr_key.data() << std::endl;
-    spdlog::error("Invalid SEK" );
-    return false;
-  }
-  return true;
+
+shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
+    shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
+    vector <uint8_t> encr_test_key(BUF_LEN, 0);
+    uint64_t len;
+    if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
+        spdlog::error("wrong test key");
+        exit(-1);
+    }
+
+    vector<char> decr_key(1024, 0);
+    vector<char> errMsg(1024, 0);
+    int err_status = 0;
+
+    auto encrypted_SEK = make_shared < vector < uint8_t >> (1024, 0);
+
+    uint32_t l = len;
+
+    status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l, SEK.c_str());
+
+    if (status != SGX_SUCCESS) {
+        spdlog::error("trustedSetSEK_backup failed with error code {}", status);
+        exit(-1);
+    }
+
+    if (err_status != 0) {
+        spdlog::error("trustedSetSEK_backup failed with error status {}", status);
+        exit(-1);
+    }
+
+    status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    if (status != SGX_SUCCESS || err_status != 0) {
+        spdlog::error("Failed to decrypt test key");
+        spdlog::error(errMsg.data());
+        exit(-1);
+    }
+
+    string test_key = TEST_VALUE;
+    if (test_key.compare(decr_key.data()) != 0) {
+        spdlog::error("Invalid SEK");
+        exit(-1);
+    }
+
+    encrypted_SEK->resize(l);
+
+    return encrypted_SEK;
 }
 
 void gen_SEK() {
-  vector<char> errMsg(1024,0);
-  int err_status = 0;
-  vector<uint8_t> encr_SEK(1024, 0);
-  uint32_t enc_len = 0;
+    vector<char> errMsg(1024, 0);
+    int err_status = 0;
+    vector <uint8_t> encrypted_SEK(1024, 0);
+    uint32_t enc_len = 0;
+
+    char SEK[65];
+    memset(SEK, 0, 65);
+
+    spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
+
+    status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+
+    if (status != SGX_SUCCESS) {
+        throw SGXException(status, errMsg.data());
+    }
+
+    if (err_status != 0) {
+        throw SGXException(err_status, errMsg.data());
+    }
+
+    if (strnlen(SEK, 33) != 32) {
+        throw SGXException(-1, "strnlen(SEK,33) != 32");
+    }
+
+    vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
-  char SEK[65];
-  memset(SEK, 0, 65);
+    carray2Hex(encrypted_SEK.data(), enc_len, hexEncrKey.data());
 
-  status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
-  if ( status != SGX_SUCCESS ) {
-    throw SGXException(status, errMsg.data()) ;
-  }
+    ofstream sek_file(BACKUP_PATH);
+    sek_file.clear();
 
-  if ( err_status != 0 ) {
-    throw SGXException(err_status, errMsg.data()) ;
-  }
+    sek_file << SEK;
 
-  vector<char> hexEncrKey(2 * enc_len + 1, 0);
 
-  carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
+    cout << "ATTENTION! YOUR BACKUP KEY HAS BEEN WRITTEN INTO sgx_data/backup_key.txt \n" <<
+         "PLEASE COPY IT TO THE SAFE PLACE AND THEN DELETE THE FILE MANUALLY BY RUNNING THE FOLLOWING COMMAND:\n" <<
+         "apt-get install secure-delete && srm -vz sgx_data/backup_key.txt" << endl;
 
-  std::ofstream sek_file("backup_key.txt");
-  sek_file.clear();
 
-  cout << "ATTENTION! YOUR BACKUP KEY WILL BE WRITTEN INTO backup_key.txt.\n" <<
-          "PLEASE COPY IT TO THE SAFE PLACE AND THEN DELETE THE FILE MANUALLY BY RUNNING THE FOLLOWING COMMAND:\n" <<
-          "`docker exec -it <SGX_CONTAINER_NAME> bash && apt-get install secure-delete && srm -vz backup_key.txt`" << endl;
-  sek_file << SEK;
+    if (!autoconfirm) {
+        string confirm_str = "I confirm";
+        string buffer;
+        do {
+            cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
+                 << endl;
+            getline(cin, buffer);
+        } while (case_insensitive_match(confirm_str, buffer));
+    }
 
-  if (!autoconfirm) {
-    std::string confirm_str = "I confirm";
-    std::string buffer;
-    do {
-      std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
-                << std::endl;
-      std::getline(std::cin, buffer);
-    } while (case_insensitive_match(confirm_str, buffer));
-  }
 
-  LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
+    LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
 
-  create_test_key();
+    create_test_key();
 }
 
-void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK) {
-  vector<char> errMsg(1024,0);
-  int err_status = 0;
+void trustedSetSEK(shared_ptr <string> hex_encrypted_SEK) {
+    vector<char> errMsg(1024, 0);
+    int err_status = 0;
 
-  uint8_t encr_SEK[BUF_LEN];
-  memset(encr_SEK, 0, BUF_LEN);
+    uint8_t encrypted_SEK[BUF_LEN];
+    memset(encrypted_SEK, 0, BUF_LEN);
 
-  uint64_t len;
+    uint64_t len;
 
-  if (!hex2carray(hex_encr_SEK->c_str(), &len, encr_SEK)) {
-    throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
-  }
+    if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK)) {
+        throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
+    }
 
-  status = trustedSetSEK(eid, &err_status, errMsg.data(), encr_SEK );
-  if ( status != SGX_SUCCESS ) {
-    cerr << "RPCException thrown" << endl;
-    throw SGXException(status, errMsg.data()) ;
-  }
+    status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+    if (status != SGX_SUCCESS) {
+        cerr << "RPCException thrown" << endl;
+        throw SGXException(status, errMsg.data());
+    }
 
-  if ( err_status != 0 ) {
-    cerr << "RPCException thrown" << endl;
-    throw SGXException(err_status, errMsg.data()) ;
-  }
+    if (err_status != 0) {
+        cerr << "RPCException thrown" << endl;
+        throw SGXException(err_status, errMsg.data());
+    }
 }
 
+#include "experimental/filesystem"
+
+#include <boost/algorithm/string.hpp>
+
 void enter_SEK() {
-  vector<char> errMsg(1024,0);
-  int err_status = 0;
-  vector<uint8_t> encr_SEK(BUF_LEN, 0);
-  uint32_t enc_len;
-
-  std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
-  if (test_key_ptr == nullptr) {
-    spdlog::error("empty db" );
-    exit(-1);
-  }
-
-  std::string SEK;
-  std::cout << "ENTER BACKUP KEY" << std::endl;
-  std::cin >> SEK;
-  while (!checkHex(SEK, 16) || !check_SEK(SEK)) {
-    std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
-    SEK = "";
-    std::cin >> SEK;
-  }
-
-  status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str());
-  if (status != SGX_SUCCESS) {
-    cerr << "RPCException thrown with status " << status << endl;
-    throw SGXException(status, errMsg.data());
-  }
-
-  if ( err_status != 0 ) {
-    cerr << "RPCException thrown" << endl;
-    throw SGXException(err_status, errMsg.data()) ;
-  }
-
-  vector<char> hexEncrKey(2 * enc_len + 1, 0);
-
-  carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
-
-  LevelDB::getLevelDb() -> deleteKey("SEK");
-  LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
+
+
+    shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
+    if (test_key_ptr == nullptr) {
+        spdlog::error("Error: corrupt or empty LevelDB database");
+        exit(-1);
+    }
+
+
+    if (!experimental::filesystem::is_regular_file(BACKUP_PATH)) {
+        spdlog::error("File does not exist: "  BACKUP_PATH);
+        exit(-1);
+    }
+
+    ifstream sek_file(BACKUP_PATH);
+
+    spdlog::info("Reading backup key from file ...");
+
+    string sek((istreambuf_iterator<char>(sek_file)),
+               istreambuf_iterator<char>());
+
+    boost::trim(sek);
+
+    spdlog::info("Setting backup key ...");
+
+    while (!checkHex(sek, 16)) {
+        spdlog::error("Invalid hex in key");
+        exit(-1);
+    }
+
+    auto encrypted_SEK = check_and_set_SEK(sek);
+
+    vector<char> hexEncrKey(BUF_LEN, 0);
+
+    carray2Hex(encrypted_SEK->data(), encrypted_SEK->size(), hexEncrKey.data());
+
+    spdlog::info("Got sealed storage encryption key.");
+
+    LevelDB::getLevelDb()->deleteKey("SEK");
+
+    spdlog::info("Storing sealed storage encryption key in LevelDB ...");
+
+    LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
+
+    spdlog::info("Stored storage encryption key in LevelDB.");
+
 }
 
 void initSEK() {
-  std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
-  if (enterBackupKey) {
-    enter_SEK();
-  } else {
-      if (encr_SEK_ptr == nullptr) {
-          spdlog::warn("SEK was not created yet. Going to create SEK");
-          gen_SEK();
-      } else {
-          trustedSetSEK(encr_SEK_ptr);
-      }
-  }
+    shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
+    if (enterBackupKey) {
+        enter_SEK();
+    } else {
+        if (encrypted_SEK_ptr == nullptr) {
+            spdlog::warn("SEK was not created yet. Going to create SEK");
+            gen_SEK();
+        } else {
+            trustedSetSEK(encrypted_SEK_ptr);
+        }
+    }
 }
 
 //a002e7ca685d46a32771d16fe2518e58

secure_enclave/Makefile.in

@@ -323,8 +323,7 @@ AM_CFLAGS = @SGX_ENCLAVE_CFLAGS@
 AM_CPPFLAGS = @SGX_ENCLAVE_CPPFLAGS@ -Wall \
 	-Wno-implicit-function-declaration $(TGMP_CPPFLAGS) \
 	-I./third_party/SCIPR -I../third_party/SCIPR \
-	-I../sgx-sdk-build/sgxsdk/include/libcxx \
-	-I../intel-sgx-ssl/Linux/package/include
+	-I../sgx-sdk-build/sgxsdk/include/libcxx
 AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin \
 	-fstack-protector-strong
 AM_LDFLAGS = @SGX_ENCLAVE_LDFLAGS@ $(TGMP_LDFLAGS) -L./tgmp-build/lib \
@@ -344,7 +343,7 @@ secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
                 ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)
 
 secure_enclave_LDADD = @SGX_ENCLAVE_LDADD@
-SGX_EXTRA_TLIBS = -lsgx_tgmp -lsgx_tservice  -lsgx_urts -lsgx_tcxx ../intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a
+SGX_EXTRA_TLIBS = -lsgx_tgmp -lsgx_tservice  -lsgx_urts -lsgx_tcxx 
 all: all-am
 
 .SUFFIXES:

secure_enclave/secure_enclave.c

@@ -84,7 +84,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         goto clean;}
 
 #define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
-snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
+LOG_ERROR(__FUNCTION__); \
+snprintf(errString, BUF_LEN, "failed with status %d : %s",  status,  __ERRMESSAGE__); \
 LOG_ERROR(errString); \
 *errStatus = status; \
 goto clean; \
@@ -112,7 +113,17 @@ void free_function(void *, size_t);
 
 unsigned char *globalRandom;
 
+
+#define CALL_ONCE \
+    static volatile bool called = false;\
+    if (called)  { \
+        LOG_ERROR(__FUNCTION__); \
+        LOG_ERROR("This function shouldnt be called twice. Aborting!"); \
+        abort(); \
+    } else {called = true;};
+
 void trustedEnclaveInit(uint32_t _logLevel) {
+    CALL_ONCE
     LOG_INFO(__FUNCTION__);
 
     globalLogLevel_ = _logLevel;
@@ -130,7 +141,7 @@ void trustedEnclaveInit(uint32_t _logLevel) {
 
     globalRandom = calloc(32,1);
 
-    auto ret = sgx_read_rand(globalRandom, 32);
+    int ret = sgx_read_rand(globalRandom, 32);
 
     if(ret != SGX_SUCCESS)
     {
@@ -200,7 +211,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
 }
 
 void get_global_random(unsigned char *_randBuff, uint64_t _size) {
-
     char errString[BUF_LEN];
     int status;
     int *errStatus = &status;
@@ -223,11 +233,13 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
 
 void sealHexSEK(int *errStatus, char *errString,
                         uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+    CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
     CHECK_STATE(encrypted_sek);
     CHECK_STATE(sek_hex);
+    CHECK_STATE(strnlen(sek_hex, 33) == 32)
     
 
     uint64_t plaintextLen = strlen(sek_hex + 1);
@@ -262,15 +274,17 @@ void sealHexSEK(int *errStatus, char *errString,
 
     SET_SUCCESS
     clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
 void trustedGenerateSEK(int *errStatus, char *errString,
                         uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+    CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
+
     CHECK_STATE(encrypted_sek);
     CHECK_STATE(sek_hex);
 
@@ -281,18 +295,19 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
 
-    if (errStatus != 0) {
+    if (*errStatus != 0) {
         LOG_ERROR("sealHexSEK failed");
         goto clean;
     }
 
     SET_SUCCESS
     clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
 void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
+    CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
     CHECK_STATE(encrypted_sek);
@@ -319,12 +334,13 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
 
     SET_SUCCESS
     clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
 void trustedSetSEK_backup(int *errStatus, char *errString,
                           uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) {
+    CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
@@ -336,7 +352,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
 
-    if (errStatus != 0) {
+    if (*errStatus != 0) {
         LOG_ERROR("sealHexSEK failed");
         goto clean;
     }
@@ -344,6 +360,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
     SET_SUCCESS
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -414,6 +431,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
     mpz_clear(seed);
     mpz_clear(skey);
     point_clear(Pkey);
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -480,7 +498,16 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
     mpz_clear(privateKeyMpz);
     point_clear(pKey);
     point_clear(pKey_test);
-    LOG_DEBUG("SGX call completed");
+
+    static uint64_t counter = 0;
+
+    if (counter % 1000 == 0) {
+        LOG_INFO(__FUNCTION__);
+        LOG_INFO("Thousand SGX calls completed");
+    }
+
+    counter++;
+
 }
 
 static uint64_t sigCounter = 0;
@@ -564,6 +591,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
     mpz_clear(privateKeyMpz);
     mpz_clear(msgMpz);
     signature_free(sign);
+    LOG_DEBUG(__FUNCTION__ );
     LOG_DEBUG("SGX call completed");
 }
 
@@ -647,6 +675,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
     SET_SUCCESS
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -730,6 +759,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
     SET_SUCCESS
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -752,6 +782,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
 
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -772,6 +803,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
     SET_SUCCESS
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -836,6 +868,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     clean:
     ;
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -912,6 +945,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
     clean:
 
     mpz_clear(s);
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -1013,6 +1047,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
     mpz_clear(bls_key);
     mpz_clear(sum);
     mpz_clear(q);
+    LOG_INFO(__FUNCTION__ );
     LOG_INFO("SGX call completed");
 }
 
@@ -1039,7 +1074,12 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
     CHECK_STATUS("could not calculate bls public key");
 
     SET_SUCCESS
+    static uint64_t counter = 0;
     clean:
-    ;
-    LOG_DEBUG("SGX call completed");
+    if (counter % 1000 == 0) {
+        LOG_INFO(__FUNCTION__);
+        LOG_INFO("Thousand SGX calls completed");
+    }
+
+    counter++;
 }

sgxwall.cpp

@@ -49,7 +49,7 @@ void SGXWallet::printUsage() {
     cerr << "   -v  Verbose mode: turn on debug output\n";
     cerr << "   -vv Detailed verbose mode: turn on debug and trace outputs\n";
     cerr << "\nBackup, restore, update flags:\n\n";
-    cerr << "   -b  Restore from back up or software update. You will need to type in the backup key. \n";
+    cerr << "   -b  filename Restore from back up or software update. You will need to put backup key into a file in sgx_data dir. \n";
     cerr << "   -y  Do not ask user to acknowledge receipt of the backup key \n";
     cerr << "\nHTTPS flags:\n\n";
     cerr << "   -n  Launch sgxwallet using http. Default is to use https with a selg-signed server cert.  \n";

testw.cpp

@@ -95,6 +95,19 @@ public:
     }
 };
 
+class TestFixtureNoResetFromBackup {
+public:
+    TestFixtureNoResetFromBackup() {
+        setFullOptions(L_INFO, false, true, true );
+        initAll(L_INFO, false, true);
+    }
+
+    ~TestFixtureNoResetFromBackup() {
+        TestUtils::destroyEnclave();
+    }
+};
+
+
 class TestFixtureNoReset {
 public:
     TestFixtureNoReset() {
@@ -107,7 +120,6 @@ public:
     }
 };
 
-
 TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes-key-sig-gen]") {
     vector<char> errMsg(BUF_LEN, 0);
     int errStatus = 0;
@@ -439,7 +451,7 @@ TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") {
 TEST_CASE_METHOD(TestFixture, "Backup Key", "[backup-key]") {
     HttpClient client(RPC_ENDPOINT);
     StubClient c(client, JSONRPC_CLIENT_V2);
-    std::ifstream sek_file("backup_key.txt");
+    std::ifstream sek_file("sgx_data/sgxwallet_backup_key.txt");
     REQUIRE(sek_file.good());
 
     std::string sek;
@@ -721,3 +733,6 @@ TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") {
 
 TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") {
 }
+
+TEST_CASE_METHOD(TestFixtureNoResetFromBackup, "Backup restore", "[backup-restore]") {
+}

testw.py

@@ -29,7 +29,8 @@ username = getpass.getuser()
 topDir = os.getcwd() + "/sgxwallet"
 print("Top directory is:" + topDir)
 testList = ["[first-run]",
-            "[second-run]", 
+            "[second-run]",
+            "[backup-restore]",
             "[cert-sign]",
             "[get-server-status]",
             "[get-server-version]",