Merge pull request #263 from skalenetwork/develop

new beta

.github/CODEOWNERS

 * @olehnikolaiev @kladkogex
-*.md @cstrangedk
+*.md @skalenetwork/docowners

.github/workflows/dockerimage.yml

 name: Build, test and push SGX container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+      - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+        run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
       - uses: actions/checkout@v1
@@ -15,7 +20,10 @@ jobs:
       - name: build
         run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA}
       - name: deploy docker image
-        if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+        if: |
+          contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+          contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
         run : |
           export BRANCH=${GITHUB_REF##*/}
           echo "Branch $BRANCH"
@@ -27,4 +35,19 @@ jobs:
           export RELEASE=true
           echo "::set-env name=RELEASE::$RELEASE"
           bash ./scripts/build_image.sh Dockerfile sgxwallet
-          bash ./scripts/publish_image.sh sgxwallet
+          bash ./scripts/publish_image.sh sgxwallet
\ No newline at end of file
+        env:
+          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+      - name: Create Release
+        if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+        id: create_release
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ env.VERSION }}
+          release_name: ${{ env.VERSION }}
+          draft: false
+          prerelease: true
+
+

.github/workflows/dockerimagebase.yml

 name: Build base container
 on:
+  workflow_dispatch:
   push:
     tags:
       - build_base*
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
+      ACTIONS_ALLOW_UNSECURE_COMMMANDS: true
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+    - name: Fail, if older Github Actions machine
+      run: cat /proc/cpuinfo | grep avx512
     - name: Login to docker
       run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
     - uses: actions/checkout@v1
@@ -17,17 +21,3 @@ jobs:
       run: git submodule update --init --recursive
     - name: Build the Docker image
       run: docker build . --file DockerfileBase --tag skalenetwork/sgxwallet_base:latest && docker push skalenetwork/sgxwallet_base:latest
-    - name: deploy docker image
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
-      run : |
-        export BRANCH=${GITHUB_REF##*/}
-        echo "Branch $BRANCH"
-        export VERSION=$(cat VERSION)
-        echo "Version $VERSION"
-        export VERSION=$(bash ./scripts/calculate_version.sh $BRANCH $VERSION)
-        echo "::set-env name=VERSION::$VERSION"
-        echo "Version $VERSION"
-        export RELEASE=true
-        echo "::set-env name=RELEASE::$RELEASE"
-        bash ./scripts/build_image.sh DockerfileBase sgxwallet_base
-        bash ./scripts/publish_image.sh sgxwallet_base
\ No newline at end of file

.github/workflows/dockerimageintelsubmission.yml

+name: Build, test and push Intel SGX container
+on:
+  workflow_dispatch:
+  push:
+jobs:
+  build:
+    runs-on: ubuntu-18.04
+    env:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+    steps:
+      - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+        run: cat /proc/cpuinfo | grep avx512
+      - name: Login to docker
+        run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
+      - uses: actions/checkout@v1
+      - name: submodule update
+        run: git submodule update --init --recursive
+      - name: build and deploy docker image
+        if: |
+          contains(github.ref, 'stable')
+        run : |
+          export BRANCH=${GITHUB_REF##*/}
+          echo "Branch $BRANCH"
+          export VERSION=$(cat VERSION)
+          echo "Version $VERSION"
+          export VERSION=$(bash ./scripts/calculate_version.sh $BRANCH $VERSION)
+          echo "::set-env name=VERSION::$VERSION"
+          echo "Version $VERSION"
+          export RELEASE=true
+          echo "::set-env name=RELEASE::$RELEASE"
+          bash ./scripts/build_image.sh DockerfileIntelSubmission sgxwallet_intelsubmission
+          bash ./scripts/publish_image.sh sgxwallet_intelsubmission
+        env:
+          ACTIONS_ALLOW_UNSECURE_COMMANDS: true

.github/workflows/dockerimagerelease.yml

 name: Build, test and push release SGX container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+      - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+        run: cat /proc/cpuinfo | grep avx512
       - name: Login to docker
         run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
       - uses: actions/checkout@v1
       - name: submodule update
         run: git submodule update --init --recursive
-      - name: build
-        run: python3 scripts/docker_build.py Dockerfile sgxwallet ${GITHUB_SHA}
-      - name: deploy docker image
-        if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+      - name: build and deploy docker image
+        if: |
+          contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+          contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
         run : |
           export BRANCH=${GITHUB_REF##*/}
           echo "Branch $BRANCH"
@@ -27,4 +32,6 @@ jobs:
           export RELEASE=true
           echo "::set-env name=RELEASE::$RELEASE"
           bash ./scripts/build_image.sh DockerfileRelease sgxwallet_release
-          bash ./scripts/publish_image.sh sgxwallet_release
+          bash ./scripts/publish_image.sh sgxwallet_release
\ No newline at end of file
+        env:
+          ACTIONS_ALLOW_UNSECURE_COMMANDS: true

.github/workflows/dockerimagesim.yml

 name: Build, test and push sim mode container
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     steps:
+    - name: Fail, if older Github Actions machine. Click "Re-run jobs"
+      run: cat /proc/cpuinfo | grep avx512
     - name: Check that /dev/urandom exists
       run: ls /dev/urandom
     - name: Login to docker
@@ -14,42 +18,29 @@ jobs:
     - uses: actions/checkout@v1
     - name: submodule update
       run: git submodule update --init --recursive
-    - name: build container for release
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
-      run: |
-        export BRANCH=${GITHUB_REF##*/}
-        echo "Branch $BRANCH"
-        export VERSION=$(cat VERSION)
-        echo "Version $VERSION"
-        export VERSION=$(bash ./scripts/calculate_version.sh $BRANCH $VERSION)
-        echo "::set-env name=VERSION::$VERSION"
-        echo "Version $VERSION"
-        bash ./scripts/build_image.sh DockerfileSimulation sgxwallet_sim
     - name: build container for testing
-      run: python3 scripts/docker_build.py DockerfileSimulation sgxwalletsim ${GITHUB_SHA}
+      run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA}
     - name: test
-      run: python3 scripts/docker_test.py DockerfileSimulation sgxwalletsim
-    - name: deploy docker image
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
+      run: python3 scripts/docker_test.py DockerfileSimulation sgxwallet_sim
+    - name: build and deploy docker image
+      if: |
+        contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
+        contains(github.ref, 'master') || contains(github.ref, 'stable') ||
+        contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
       run : |
-        export BRANCH=${GITHUB_REF##*/}
-        echo "Branch $BRANCH"
-        export VERSION=${{env.VERSION}}
-        echo "::set-env name=VERSION::$VERSION"
-        echo "Version $VERSION"
-        export RELEASE=true
-        echo "::set-env name=RELEASE::$RELEASE"
-        bash ./scripts/publish_image.sh sgxwallet_sim
-    - name: Create Release
-      if: contains(github.ref, 'develop') || contains(github.ref, 'beta') || contains(github.ref, 'master') || contains(github.ref, 'stable')
-      id: create_release
-      uses: actions/create-release@latest
+            export BRANCH=${GITHUB_REF##*/}
+            echo "Branch $BRANCH"
+            export VERSION=$(cat VERSION)
+            echo "Version $VERSION"
+            export VERSION=$(bash ./scripts/calculate_version.sh $BRANCH $VERSION)
+            echo "::set-env name=VERSION::$VERSION"
+            echo "Version $VERSION"
+            export RELEASE=true
+            echo "::set-env name=RELEASE::$RELEASE"
+            bash ./scripts/build_image.sh DockerfileSimulation sgxwallet_sim
+            bash ./scripts/publish_image.sh sgxwallet_sim
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        tag_name: ${{ env.VERSION }}
-        release_name: ${{ env.VERSION }}
-        draft: false
-        prerelease: true
+            ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+
 
 

.gitignore

@@ -49,4 +49,6 @@
 /secure_enclave/*.o
 /*.user
 /cert/*.csr
-/cert/*.crt
+/cert/*.crt
\ No newline at end of file
+/jsonrpc/
+/sgx-gmp/

.gitmodules

@@ -16,3 +16,12 @@
 [submodule "sgx-software-enable"]
 	path = sgx-software-enable
 	url = https://github.com/intel/sgx-software-enable
+[submodule "libzmq"]
+	path = libzmq
+	url = https://github.com/zeromq/libzmq.git
+[submodule "cppzmq"]
+	path = cppzmq
+	url = https://github.com/zeromq/cppzmq.git
+[submodule "rapidjson"]
+	path = rapidjson
+	url = https://github.com/Tencent/rapidjson.git

BLSCrypto.cpp

@@ -129,36 +129,6 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,
     return true;
 }
 
-bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, size_t _signerIndex,
-          char *_sig) {
-
-
-    CHECK_STATE(_encryptedKeyHex);
-    CHECK_STATE(_hashHex);
-    CHECK_STATE(_sig);
-
-    auto keyStr = make_shared<string>(_encryptedKeyHex);
-
-    auto hash = make_shared < array < uint8_t,
-    32 >> ();
-
-    uint64_t binLen;
-
-    if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
-        throw SGXException(INVALID_HEX, "Invalid hash");
-    }
-
-    auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
-
-    auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
-
-    auto sigShareStr = sigShare->toString();
-
-    strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
-
-    return true;
-}
-
 bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t _n, char *_sig) {
 
     CHECK_STATE(_encryptedKeyHex);
@@ -170,7 +140,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
     uint64_t binLen;
 
     if (!hex2carray(_hashHex, &binLen, hash->data(), hash->size())) {
-        throw SGXException(INVALID_HEX, "Invalid hash");
+        throw SGXException(SIGN_AES_INVALID_HASH, string(__FUNCTION__) +  ":Invalid hash");
     }
 
     shared_ptr <signatures::Bls> obj;
@@ -214,10 +184,8 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-            status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
-                                              sz, xStrArg, yStrArg, signature);
-    RESTART_END
+    status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
+                                      sz, xStrArg, yStrArg, signature);
 
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
@@ -256,10 +224,8 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-        status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
-                                      &encryptedLen);
-    RESTART_END_POINTER
+    status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
+                               &encryptedLen);
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
 

BLSPrivateKeyShareSGX.cpp

@@ -149,10 +149,8 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-        status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
-                                          encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
-    RESTART_END
+    status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
+                                      encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 

BLSSignReqMessage.cpp

+//
+// Created by kladko on 15.12.20.
+//
+
+#include "BLSSignReqMessage.h"
+#include "SGXWalletServer.hpp"
+
+
+Json::Value BLSSignReqMessage::process() {
+    auto keyName = getStringRapid("kn");
+    auto hash = getStringRapid("mh");
+    auto t = getUint64Rapid("t");
+    auto n = getUint64Rapid("n");
+    return SGXWalletServer::blsSignMessageHashImpl(keyName, hash, t, n);
+}
\ No newline at end of file

BLSSignReqMessage.h

+/*
+  Copyright (C) 2018-2019 SKALE Labs
+
+  This file is part of libBLS.
+
+  libBLS is free software: you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as published
+  by the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  libBLS is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License
+  along with libBLS.  If not, see <https://www.gnu.org/licenses/>.
+
+  @file BLSReqSignMessage.h
+  @author Stan Kladko
+  @date 2020
+*/
+
+#ifndef SGXWALLET_BLSSIGNREQMSG_H
+#define SGXWALLET_BLSSIGNREQMSG_H
+
+#include "ZMQMessage.h"
+
+class BLSSignReqMessage : public ZMQMessage {
+public:
+    BLSSignReqMessage(shared_ptr<rapidjson::Document>& _d) : ZMQMessage(_d) {};
+
+    virtual Json::Value process();
+
+};
+
+
+#endif //SGXWALLET_BLSSIGNREQMSG_H

DKGCrypto.h

@@ -41,12 +41,18 @@ vector<string> splitString(const char* coeffs, const char symbol);
 
 string getSecretShares(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
 
+string getSecretSharesV2(const string& _polyName, const char* _encryptedPolyHex, const vector<string>& _publicKeys, int _t, int _n);
+
 bool verifyShares(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
 
+bool verifySharesV2(const char* publicShares, const char* encr_sshare, const char * encryptedKeyHex, int t, int n, int ind);
+
 string decryptDHKey(const string& polyName, int ind);
 
 bool createBLSShare( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
 
+bool createBLSShareV2( const string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
+
 vector<string> getBLSPubKey(const char * encryptedKeyHex);
 
 vector<string> mult_G2(const string& x);

DockerfileIntelSubmission

+FROM skalenetwork/sgxwallet_base:latest
+
+COPY . /usr/src/sdk
+WORKDIR /usr/src/sdk
+RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml
+RUN apt update && apt install -y curl secure-delete
+#Test signing key generation
+RUN cd scripts && ./generate_signing_key.bash
+RUN touch /var/hwmode
+RUN ./autoconf.bash
+RUN ./configure --with-sgx-build=release
+RUN bash -c "make -j$(nproc)"
+RUN ccache -sz
+RUN mkdir -p /usr/src/sdk/sgx_data
+COPY docker/start.sh ./
+RUN rm -rf /usr/src/sdk/sgx-sdk-build/
+RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
+ENTRYPOINT ["/usr/src/sdk/start.sh"]

ECDSACrypto.cpp

@@ -59,11 +59,9 @@ vector <string> genECDSAKey() {
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-        status = trustedGenerateEcdsaKey(eid, &errStatus,
-                                   errMsg.data(), encr_pr_key.data(), &enc_len,
-                                   pub_key_x.data(), pub_key_y.data());
-    RESTART_END
+    status = trustedGenerateEcdsaKey(eid, &errStatus,
+                               errMsg.data(), encr_pr_key.data(), &enc_len,
+                               pub_key_x.data(), pub_key_y.data());
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
 
@@ -96,15 +94,13 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
 
     if (!hex2carray(_encryptedKeyHex.c_str(), &enc_len, encrPrKey.data(),
                     BUF_LEN)) {
-        throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
+        throw SGXException(GET_ECDSA_PUB_KEY_INVALID_KEY_HEX, "Invalid encryptedKeyHex");
     }
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-        status = trustedGetPublicEcdsaKey(eid, &errStatus,
-                                             errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
-    RESTART_END
+    status = trustedGetPublicEcdsaKey(eid, &errStatus,
+                                      errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
 
@@ -185,17 +181,15 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
 
     if (!hex2carray(encryptedKeyHex.c_str(), &decLen, encryptedKey.data(),
                     BUF_LEN)) {
-        throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
+        throw SGXException(ECDSA_SIGN_INVALID_KEY_HEX, "Invalid encryptedKeyHex");
     }
 
     sgx_status_t status = SGX_SUCCESS;
 
-    RESTART_BEGIN
-        status = trustedEcdsaSign(eid, &errStatus,
-                            errMsg.data(), encryptedKey.data(), decLen, hashHex,
-                            signatureR.data(),
-                            signatureS.data(), &signatureV, base);
-    RESTART_END
+    status = trustedEcdsaSign(eid, &errStatus,
+                        errMsg.data(), encryptedKey.data(), decLen, hashHex,
+                        signatureR.data(),
+                        signatureS.data(), &signatureV, base);
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
@@ -242,10 +236,9 @@ string encryptECDSAKey(const string& _key) {
     uint64_t enc_len = 0;
 
     sgx_status_t status = SGX_SUCCESS;
-    RESTART_BEGIN
-        status = trustedEncryptKey(eid, &errStatus, errString.data(), key.data(),
-                                   encryptedKey.data(), &enc_len);
-    RESTART_END
+
+    status = trustedEncryptKey(eid, &errStatus, errString.data(), key.data(),
+                               encryptedKey.data(), &enc_len);
 
     if (status != 0) {
         throw SGXException(status, string("Could not encrypt ECDSA key: " + string(errString.begin(), errString.end())).c_str());

ECDSASignReqMessage.cpp

+//
+// Created by kladko on 15.12.20.
+//
+
+
+#include "SGXWalletServer.hpp"
+
+#include "ECDSASignReqMessage.h"
+
+
+
+Json::Value ECDSASignReqMessage::process() {
+    auto base = getUint64Rapid("bs");
+    auto keyName = getStringRapid("kn");
+    auto hash = getStringRapid("mh");
+    return SGXWalletServer::ecdsaSignMessageHashImpl(base, keyName, hash);
+}
\ No newline at end of file

ECDSASignReqMessage.h

+/*
+  Copyright (C) 2018-2019 SKALE Labs
+
+  This file is part of libBLS.
+
+  libBLS is free software: you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as published
+  by the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  libBLS is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License
+  along with libBLS.  If not, see <https://www.gnu.org/licenses/>.
+
+  @file ECDSAReqSignMessage.h
+  @author Stan Kladko
+  @date 2020
+*/
+
+#ifndef SGXWALLET_ECDSASIGNREQMESSAGE_H
+#define SGXWALLET_ECDSASIGNREQMESSAGE_H
+
+#include "ZMQMessage.h"
+
+class ECDSASignReqMessage : public ZMQMessage {
+public:
+
+    ECDSASignReqMessage(shared_ptr <rapidjson::Document> &_d) : ZMQMessage(_d) {};
+
+    virtual Json::Value process();
+
+};
+
+
+#endif //SGXWALLET_ECDSASIGNREQMESSAGE_H

LevelDB.cpp

@@ -27,6 +27,7 @@
 #include <iostream>
 
 #include "leveldb/db.h"
+#include <jsonrpccpp/client.h>
 
 #include "sgxwallet_common.h"
 #include "SGXException.h"
@@ -42,6 +43,14 @@ using namespace leveldb;
 static WriteOptions writeOptions;
 static ReadOptions readOptions;
 
+shared_ptr<string> LevelDB::readNewStyleValue(const string& value) {
+    Json::Value key_data;
+    Json::Reader reader;
+    reader.parse(value.c_str(), key_data);
+
+    return std::make_shared<string>(key_data["value"].asString());
+}
+
 std::shared_ptr<string> LevelDB::readString(const string &_key) {
 
     auto result = std::make_shared<string>();
@@ -56,17 +65,26 @@ std::shared_ptr<string> LevelDB::readString(const string &_key) {
         return nullptr;
     }
 
+    if (result->at(0) == '{') {
+        return readNewStyleValue(*result);
+    }
+
     return result;
 }
 
 void LevelDB::writeString(const string &_key, const string &_value) {
+    Json::Value writerData;
+    writerData["value"] = _value;
+    writerData["timestamp"] = std::to_string(std::time(nullptr));
+
+    Json::FastWriter fastWriter;
+    std::string output = fastWriter.write(writerData);
 
-    auto status = db->Put(writeOptions, Slice(_key), Slice(_value));
+    auto status = db->Put(writeOptions, Slice(_key), Slice(output));
 
     throwExceptionOnError(status);
 }
 
-
 void LevelDB::deleteDHDKGKey(const string &_key) {
 
     string full_key = "DKG_DH_KEY_" + _key;
@@ -94,18 +112,6 @@ void LevelDB::deleteKey(const string &_key) {
 
 }
 
-
-
-void LevelDB::writeByteArray(string &_key, const char *value,
-                             size_t _valueLen) {
-
-    CHECK_STATE(value);
-
-    auto status = db->Put(writeOptions, Slice(_key), Slice(value, _valueLen));
-
-    throwExceptionOnError(status);
-}
-
 void LevelDB::throwExceptionOnError(Status _status) {
     if (_status.IsNotFound())
         return;
@@ -155,15 +161,65 @@ std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
 }
 
 void LevelDB::writeDataUnique(const string & name, const string &value) {
-  auto key = name;
-
   if (readString(name)) {
     spdlog::debug("Name {} already exists", name);
     throw SGXException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
   }
 
-  writeString(key, value);
+  writeString(name, value);
+}
+
+pair<stringstream, uint64_t> LevelDB::getAllKeys() {
+    stringstream keysInfo;
+
+    leveldb::Iterator *it = db->NewIterator(readOptions);
+    uint64_t counter = 0;
+    for (it->SeekToFirst(); it->Valid(); it->Next()) {
+        ++counter;
+        string key = it->key().ToString();
+        string value;
+        if (it->value().ToString()[0] == '{') {
+            // new style keys
+            Json::Value key_data;
+            Json::Reader reader;
+            reader.parse(it->value().ToString().c_str(), key_data);
+
+            string timestamp_to_date_command = "date -d @" + key_data["timestamp"].asString();
+            value = " VALUE: " + key_data["value"].asString() + ", TIMESTAMP: " + exec(timestamp_to_date_command.c_str()) + '\n';
+        } else {
+            // old style keys
+            value = " VALUE: " + it->value().ToString();
+        }
+        keysInfo << "KEY: " << key << ',' << value;
+    }
+
+    return {std::move(keysInfo), counter};
+}
+
+pair<string, uint64_t> LevelDB::getLatestCreatedKey() {
+    leveldb::Iterator *it = db->NewIterator(readOptions);
+
+    int64_t latest_timestamp = 0;
+    string latest_created_key_name = "";
+    for (it->SeekToFirst(); it->Valid(); it->Next()) {
+        if (it->value().ToString()[0] == '{') {
+            // new style keys
+            Json::Value key_data;
+            Json::Reader reader;
+            reader.parse(it->value().ToString().c_str(), key_data);
+
+            if (std::stoi(key_data["timestamp"].asString()) > latest_timestamp) {
+                latest_timestamp = std::stoi(key_data["timestamp"].asString());
+                latest_created_key_name = it->key().ToString();
+            }
+        } else {
+            // old style keys
+            // assuming server has at least one new-style key created
+            continue;
+        }
+    }
 
+    return {latest_created_key_name, latest_timestamp};
 }
 
 
@@ -219,7 +275,7 @@ void LevelDB::initDataFolderAndDBs() {
 
     if (getcwd(cwd, sizeof(cwd)) == NULL) {
         spdlog::error("could not get current workin directory");
-        exit(-1);
+        exit(-2);
     }
 
     sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
@@ -233,7 +289,7 @@ void LevelDB::initDataFolderAndDBs() {
         }
         else{
             spdlog::error("Couldnt create creating sgx_data folder");
-            exit(-1);
+            exit(-3);
         }
     }
 

LevelDB.h

@@ -26,10 +26,12 @@
 #define SGXWALLET_LEVELDB_H
 
 #include <memory>
+#include <sstream>
 #include <string>
 #include <mutex>
 #include <vector>
 #include "common.h"
+
 namespace leveldb {
     class DB;
     class Status;
@@ -55,7 +57,6 @@ class LevelDB {
 
 public:
 
-
     static void initDataFolderAndDBs();
 
     static const shared_ptr<LevelDB> &getLevelDb();
@@ -66,20 +67,17 @@ public:
 
 public:
 
-
     shared_ptr<string> readString(const string& _key);
 
+    shared_ptr<string> readNewStyleValue(const string& value);
 
-    void writeString(const string &key1, const string &value1);
+    pair<stringstream, uint64_t> getAllKeys();
 
-    void writeDataUnique(const string & Name, const string &value);
-
-    void writeByteArray(const char *_key, size_t _keyLen, const char *value,
-                        size_t _valueLen);
+    pair<string, uint64_t> getLatestCreatedKey();
 
+    void writeString(const string &key1, const string &value1);
 
-    void writeByteArray(string& _key, const char *value,
-                        size_t _valueLen);
+    void writeDataUnique(const string & Name, const string &value);
 
     void deleteDHDKGKey (const string &_key);
 
@@ -89,15 +87,10 @@ public:
 
 public:
 
-
     void throwExceptionOnError(leveldb::Status result);
 
-
     LevelDB(string& filename);
 
-
-
-
     class KeyVisitor {
     public:
         virtual void visitDBKey(const char* _data) = 0;

Log.cpp

@@ -52,7 +52,7 @@ level_enum Log::logLevelFromString(string &_s) {
 }
 
 void Log::handleSGXException(Json::Value& _result, SGXException& _e ) {
-    spdlog::error("Responding with JSON error:" +  _e.errString);
-    _result["status"] = _e.status;
-    _result["errorMessage"] = _e.errString;
+    spdlog::error("Responding with JSON error:" +  _e.getErrString());
+    _result["status"] = _e.getStatus();
+    _result["errorMessage"] = _e.getErrString();
 }

Log.h

 /*
+ *
     Copyright (C) 2019-Present SKALE Labs
 
     This file is part of sgxwallet.
@@ -74,26 +75,44 @@ public:
     static void handleSGXException(Json::Value &_result, SGXException &_e);
 };
 
+
+#define COUNT_STATISTICS \
+static uint64_t __COUNT__ = 0; \
+__COUNT__++; \
+if (__COUNT__ % 1000 == 0) { \
+spdlog::info(string(__FUNCTION__) +  " processed " + to_string(__COUNT__) + " requests"); \
+}
+
+
+// if uknown error, the error is 10000 + line number
+
+
 #define INIT_RESULT(__RESULT__)     Json::Value __RESULT__; \
-              int errStatus = UNKNOWN_ERROR; boost::ignore_unused(errStatus); string errMsg(BUF_LEN, '\0');__RESULT__["status"] = UNKNOWN_ERROR; __RESULT__["errorMessage"] = \
-"Server error. Please see server log.";
+              int errStatus = -1 * (10000 + __LINE__); boost::ignore_unused(errStatus); string errMsg(BUF_LEN, '\0');__RESULT__["status"] =  -1 * (10000 + __LINE__); __RESULT__["errorMessage"] = \
+              string(__FUNCTION__); \
+string(__FUNCTION__) + ": server error. Please see server log.";
 
 #define HANDLE_SGX_EXCEPTION(__RESULT__) \
-    catch (SGXException& _e) { \
-      if (_e.status != 0) {__RESULT__["status"] = _e.status;} else { __RESULT__["status"]  = UNKNOWN_ERROR;}; \
-      __RESULT__["errorMessage"] = _e.errString;                                                              \
-      spdlog::error("JSON call failed {}", __FUNCTION__);                             \
+    catch (const SGXException& _e) { \
+      if (_e.getStatus() != 0) {__RESULT__["status"] = _e.getStatus();} else { __RESULT__["status"]  = -1 * (10000 + __LINE__);}; \
+      auto errStr = __FUNCTION__ + string(" failed:") + _e.getErrString(); \
+      __RESULT__["errorMessage"] = errStr; \
+      spdlog::error(errStr); \
       return __RESULT__; \
-      } catch (exception& _e) { \
-      __RESULT__["errorMessage"] = _e.what(); \
-      spdlog::error("JSON call failed {}", __FUNCTION__);                                   \
+      } catch (const exception& _e) { \
+      __RESULT__["status"]  = -1 * (10000 + __LINE__); \
+      exception_ptr p = current_exception(); \
+      auto errStr = __FUNCTION__ + string(" failed:") + p.__cxa_exception_type()->name() + ":" + _e.what(); \
+      __RESULT__["errorMessage"] = errStr; \
+      spdlog::error(errStr); \
       return __RESULT__; \
-      }\
+      } \
       catch (...) { \
       exception_ptr p = current_exception(); \
-      printf("Exception %s \n", p.__cxa_exception_type()->name()); \
-      __RESULT__["errorMessage"] = "Unknown exception";                                                       \
-      spdlog::error("JSON call failed {}", __FUNCTION__);                                   \
+      auto errStr = __FUNCTION__ + string(" failed:") + p.__cxa_exception_type()->name(); \
+      spdlog::error(errStr); \
+      __RESULT__["errorMessage"] = errStr ; \
+      spdlog::error(errStr); \
       return __RESULT__; \
       }
 

Makefile.am

@@ -45,11 +45,14 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl
 #AM_CPPFLAGS += -g -Og
 
 
-AM_CFLAGS = -DUSER_SPACE -g -Og -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
+AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
 AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)"
 
 
-AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS)  -I.  -I./libBLS/deps/deps_inst/x86_or_x64/include
+AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls\
+    -IlibBLS/libff -IlibBLS -fno-builtin-memset $(GMP_CPPFLAGS)  -I.  \
+    -I./libBLS/deps/deps_inst/x86_or_x64/include -I./libzmq/include -I./cppzmq -I./third_party/zguide \
+    -I./rapidjson/include/rapidjson
 
 ## Additional targets to remove with 'make clean'. You must list
 ## any edger8r generated files here.
@@ -59,19 +62,19 @@ CLEANFILES = $(COMMON_ENCLAVE_SRC) secure_enclave.edl secure_enclave.signed.so
 
 ## The build target
 
-bin_PROGRAMS =  sgxwallet testw cert_util
+bin_PROGRAMS = sgxwallet testw sgx_util
 
 
 ## You can't use $(wildcard ...) with automake so all source files
 ## have to be explicitly listed.
 ## have to be explicitly listed
 
-COMMON_SRC = InvalidStateException.cpp  Exception.cpp InvalidArgumentException.cpp Log.cpp  \
+
+COMMON_SRC = ECDSASignReqMessage.cpp BLSSignReqMessage.cpp ZMQMessage.cpp ZMQServer.cpp ServerWorker.cpp InvalidStateException.cpp  Exception.cpp InvalidArgumentException.cpp Log.cpp  \
              SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp BLSCrypto.cpp \
-             ECDSACrypto.cpp \
              DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp SEKManager.cpp \
              third_party/intel/sgx_stub.c third_party/intel/sgx_detect_linux.c third_party/intel/create_enclave.c third_party/intel/oc_alloc.c \
-             ECDSAImpl.c TestUtils.cpp sgxwallet.c
+             ECDSAImpl.c TestUtils.cpp sgxwallet.c SGXInfoServer.cpp ECDSACrypto.cpp 
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
 
 sgxwallet_SOURCES = sgxwall.cpp $(COMMON_SRC)
@@ -100,8 +103,10 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
 
 sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
    -LlibBLS/build/libff/libff \
+   -Llibzmq/build/lib/ \
    -l:libbls.a -l:libleveldb.a \
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
+   -l:libzmq.a \
    -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
    -lboost_system -lboost_thread -lgnutls -lgcrypt -lidn2 -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs
 
@@ -111,8 +116,12 @@ nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}
 
-cert_util_SOURCES= InvalidStateException.cpp  Exception.cpp InvalidArgumentException.cpp Log.cpp cert_util.cpp stubclient.cpp LevelDB.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp
-cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
+sgx_util_SOURCES= InvalidStateException.cpp  Exception.cpp InvalidArgumentException.cpp Log.cpp sgx_util.cpp stubclient.cpp LevelDB.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp
+
+sgx_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
                    -LlibBLS/build/libff/libff \
+                   -Llibzmq/build/lib/ \
+                   -l:libzmq.a \
                    -l:libbls.a -l:libleveldb.a \
                    -l:libff.a -lgmp  -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lidn2 -lcurl -lssl -lcrypto -lz -lpthread -ldl
+

README.md

@@ -51,10 +51,18 @@ Then run sgxwallet using docker-compose
 cd run_sgx_sim; sudo docker-compose up
 ```
 
+Note: you need a machine that supports Intel AVX512 instruction set.  Most modern Intel CPUs support it. To verify you machine supports AVX512, run
+
+
+```
+cat /proc/cpuinfo | grep avx512
+```
+
+
 Note: sgxwallet requires docker-compose for correct operation. You must always use 
 docker-compose and avoid using raw docker tools.
 
-Note: simulation mode is only try try sgxwallet. 
+Note: simulation mode is only to try sgxwallet. 
 In production, you need to run sgxwallet on a server that supports SGX.
 Never run a production sgxserver in simulation mode.  
 

SECURITY.md

@@ -9,3 +9,7 @@ You can report security bugs by emailing us directly at security@skalelabs.com.
 ## Comments on This Policy
 
 If you have suggestions on how this process could be improved, please submit a pull request.
+
+## Bug Reporting Bounty
+
+Please check out the SKALE Network's HackerOne program for any bug bounties related to SGX Wallet: <https://hackerone.com/skale_network>

SEKManager.cpp

@@ -90,7 +90,7 @@ void validate_SEK() {
     if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(),
                     BUF_LEN)) {
         spdlog::error("Corrupt test key is LevelDB");
-        exit(-1);
+        exit(-4);
     }
 
     sgx_status_t status = SGX_SUCCESS;
@@ -108,7 +108,7 @@ void validate_SEK() {
         spdlog::error("Invalid storage key. You need to recover using backup key");
         spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
         spdlog::error("Then run sgxwallet using backup flag");
-        exit(-1);
+        exit(-5);
     }
 }
 
@@ -205,11 +205,17 @@ void gen_SEK() {
 
 }
 
-void  reinitEnclave() {
-    // unfortunately process needs to be restarted to reinit enclave
-    // exiting with error code 3 (SGX_OUT_OF_MEMORY), so docker container can restart the
-    // wallet
-    exit(3);
+
+static std::atomic<int> isSgxWalletExiting(0);
+
+void  safeExit() {
+
+    // this is to make sure exit is only called once if called from multiple threads
+
+    auto previousValue = isSgxWalletExiting.exchange(1);
+
+    if (previousValue != 1)
+        exit(-6);
 }
 
 void setSEK(shared_ptr <string> hex_encrypted_SEK) {
@@ -225,7 +231,7 @@ void setSEK(shared_ptr <string> hex_encrypted_SEK) {
 
     if (!hex2carray(hex_encrypted_SEK->c_str(), &len, encrypted_SEK,
                     BUF_LEN)) {
-        throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
+        throw SGXException(SET_SEK_INVALID_SEK_HEX, "Invalid encrypted SEK Hex");
     }
 
     sgx_status_t status = SGX_SUCCESS;
@@ -250,13 +256,13 @@ void enter_SEK() {
     shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
     if (test_key_ptr == nullptr) {
         spdlog::error("Error: corrupt or empty LevelDB database");
-        exit(-1);
+        exit(-7);
     }
 
 
     if (!experimental::filesystem::is_regular_file(BACKUP_PATH)) {
         spdlog::error("File does not exist: "  BACKUP_PATH);
-        exit(-1);
+        exit(-8);
     }
 
     ifstream sek_file(BACKUP_PATH);
@@ -272,7 +278,7 @@ void enter_SEK() {
 
     while (!checkHex(sek, 16)) {
         spdlog::error("Invalid hex in key");
-        exit(-1);
+        exit(-9);
     }
 
     auto encrypted_SEK = check_and_set_SEK(sek);

SEKManager.h

@@ -47,7 +47,8 @@ EXTERNC void initSEK();
 
 EXTERNC void setSEK();
 
-EXTERNC void reinitEnclave();
+EXTERNC void safeExit();
+
 
 
 

SGXException.h

@@ -27,19 +27,30 @@
 #include <string>
 #include <exception>
 
-class SGXException : public std::exception {
+using namespace std;
+
+class SGXException : public exception {
+
+    const int32_t status;
+    const string errString;
 
 public:
 
-    int32_t status;
-    std::string errString;
+    SGXException(int32_t _status, const string& _errString) : status(_status), errString(_errString) {}
+
+    const string getMessage() const {
+        return "SGXException:status:" + to_string(status) + ":" + errString;
+    }
 
-    SGXException(int32_t _status, const char* _errString) : status(_status), errString(_errString) {}
+    const string& getErrString() const  {
+        return errString;
+    }
 
-    std::string getMessage() {
-        return "SGXException:status:" + std::to_string(status) + ":" + errString;
+    const int32_t getStatus() const {
+        return status;
     }
 
+
 };
 
 #endif //SGXD_RPCEXCEPTION_H

SGXInfoServer.cpp

+/*
+    Copyright (C) 2020-Present SKALE Labs
+
+    This file is part of sgxwallet.
+
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file SGXInfoServer.cpp
+    @author Oleh Nikolaiev
+    @date 2020
+*/
+
+#include <iostream>
+#include <fstream>
+#include <sstream>
+
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+#include <stdio.h>
+
+#include "sgxwallet_common.h"
+
+#include "SGXException.h"
+#include "LevelDB.h"
+
+#include "SGXInfoServer.h"
+#include "LevelDB.h"
+
+#include "Log.h"
+#include "common.h"
+
+shared_ptr <SGXInfoServer> SGXInfoServer::server = nullptr;
+shared_ptr <HttpServer> SGXInfoServer::httpServer = nullptr;
+
+SGXInfoServer::SGXInfoServer(AbstractServerConnector &connector, serverVersion_t type,
+                             uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys)
+        : AbstractInfoServer(connector, type) {
+    logLevel_ = _logLevel;
+    autoSign_ = _autoSign;
+    checkCerts_ = _checkCerts;
+    generateTestKeys_ = _generateTestKeys;
+}
+
+Json::Value SGXInfoServer::getAllKeysInfo() {
+    Json::Value result;
+
+    try {
+        auto allKeysInfo = LevelDB::getLevelDb()->getAllKeys();
+        result["allKeys"] = allKeysInfo.first.str();
+        result["keysNumber"] = std::to_string(allKeysInfo.second);
+    } HANDLE_SGX_EXCEPTION(result)
+
+    RETURN_SUCCESS(result)
+}
+
+Json::Value SGXInfoServer::getLatestCreatedKey() {
+    Json::Value result;
+
+    try {
+        pair<string, uint64_t> key = LevelDB::getLevelDb()->getLatestCreatedKey();
+        result["keyName"] = key.first;
+        result["creationTime"] = std::to_string(key.second);
+    } HANDLE_SGX_EXCEPTION(result)
+
+    RETURN_SUCCESS(result)
+}
+
+Json::Value SGXInfoServer::getServerConfiguration() {
+    Json::Value result;
+
+    try {
+        result["autoConfirm"] = autoconfirm;
+        result["logLevel"] = logLevel_;
+        result["enterBackupKey"] = enterBackupKey;
+        result["useHTTPS"] = useHTTPS;
+        result["autoSign"] = autoSign_;
+        result["checkCerts"] = checkCerts_;
+        result["generateTestKeys"] = generateTestKeys_;
+    } HANDLE_SGX_EXCEPTION(result)
+
+    RETURN_SUCCESS(result)
+}
+
+Json::Value SGXInfoServer::isKeyExist(const string& key) {
+    Json::Value result;
+
+    result["isExists"] = false;
+    try {
+        shared_ptr <string> keyPtr = LevelDB::getLevelDb()->readString(key);
+
+        if (keyPtr != nullptr) {
+            result["IsExist"] = true;
+        }
+    } HANDLE_SGX_EXCEPTION(result)
+
+    RETURN_SUCCESS(result)
+}
+
+int SGXInfoServer::initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys) {
+    httpServer = make_shared<HttpServer>(BASE_PORT + 4);
+    server = make_shared<SGXInfoServer>(*httpServer, JSONRPC_SERVER_V2, _logLevel, _autoSign, _checkCerts, _generateTestKeys); // hybrid server (json-rpc 1.0 & 2.0)
+
+    if (!server->StartListening()) {
+        spdlog::error("Info server could not start listening on port {}", BASE_PORT + 4);
+        exit(-10);
+    } else {
+        spdlog::info("Info server started on port {}", BASE_PORT + 4);
+    }
+
+    return 0;
+}
+
+shared_ptr<SGXInfoServer> SGXInfoServer::getServer() {
+    CHECK_STATE(server);
+    return server;
+}

SGXInfoServer.h

+/*
+    Copyright (C) 2020-Present SKALE Labs
+
+    This file is part of sgxwallet.
+
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file SGXInfoServer.h
+    @author Oleh Nikolaiev
+    @date 2020
+*/
+
+#ifndef SGXINFOSERVER_H
+#define SGXINFOSERVER_H
+
+#include <mutex>
+
+#include "abstractinfoserver.h"
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+using namespace jsonrpc;
+using namespace std;
+
+class SGXInfoServer : public AbstractInfoServer {
+    recursive_mutex m;
+
+    uint32_t logLevel_;
+    bool autoSign_;
+    bool checkCerts_;
+    bool generateTestKeys_;
+
+    static shared_ptr <HttpServer> httpServer;
+
+    static shared_ptr <SGXInfoServer> server;
+
+public:
+
+    static shared_ptr <SGXInfoServer> getServer();
+
+    SGXInfoServer(AbstractServerConnector &connector, serverVersion_t type,
+                  uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys);
+
+    virtual Json::Value getAllKeysInfo();
+
+    virtual Json::Value getLatestCreatedKey();
+
+    virtual Json::Value getServerConfiguration();
+
+    virtual Json::Value isKeyExist(const string& key);
+
+    static int initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys);
+
+};
+
+#endif // SGXINFOSERVER_H

SGXRegistrationServer.cpp

@@ -170,7 +170,7 @@ int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
 
     if (!server->StartListening()) {
         spdlog::error("Registration server could not start listening on port {}", BASE_PORT + 1);
-        exit(-1);
+        exit(-10);
     } else {
         spdlog::info("Registration server started on port {}", BASE_PORT + 1);
     }

SGXWalletServer.hpp

@@ -25,6 +25,9 @@
 #define SGXWALLET_SGXWALLETSERVER_HPP
 
 
+#include "mutex"
+#include "memory"
+
 #include <jsonrpccpp/server/connectors/httpserver.h>
 
 #include "abstractstubserver.h"
@@ -35,9 +38,23 @@ using namespace std;
 #define STRINGIFY(x) #x
 #define TOSTRING(x) STRINGIFY(x)
 
+
+
+
 class SGXWalletServer : public AbstractStubServer {
     static shared_ptr<SGXWalletServer> server;
     static shared_ptr<HttpServer> httpServer;
+
+    static map<string,string> blsRequests;
+    static recursive_mutex blsRequestsLock;
+    static map<string,string> ecdsaRequests;
+    static recursive_mutex ecdsaRequestsLock;
+
+
+
+    static void checkForDuplicate(map <string, string> &_map, recursive_mutex &_m, const string &_key,
+    const string &_value);
+
 public:
     static const char* getVersion() {
         return TOSTRING(SGXWALLET_VERSION);
@@ -91,6 +108,12 @@ public:
 
     virtual Json::Value deleteBlsKey( const std::string& name );
 
+    virtual Json::Value getSecretShareV2(const string &_polyName, const Json::Value &_publicKeys, int t, int n);
+
+    virtual Json::Value dkgVerificationV2(const string &_publicShares, const string &ethKeyName, const string &SecretShare, int t, int n, int index);
+
+    virtual Json::Value createBLSPrivateKeyV2(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+
     static shared_ptr<string> readFromDb(const string &name, const string &prefix = "");
 
     static shared_ptr <string> checkDataFromDb(const string &name, const string &prefix = "");
@@ -143,6 +166,12 @@ public:
 
     static Json::Value deleteBlsKeyImpl(const std::string& name);
 
+    static Json::Value getSecretShareV2Impl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n);
+
+    static Json::Value dkgVerificationV2Impl(const string &_publicShares, const string &_ethKeyName, const string &_secretShare, int _t, int _n, int _index);
+
+    virtual Json::Value createBLSPrivateKeyV2Impl(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
+
     static void printDB();
 
     static int initHttpServer();

ServerInit.cpp

@@ -39,6 +39,8 @@
 #include "third_party/spdlog/spdlog.h"
 #include <gmp.h>
 #include <sgx_urts.h>
+#include <unistd.h>
+
 
 
 #include "BLSPrivateKeyShareSGX.h"
@@ -50,15 +52,46 @@
 #include "LevelDB.h"
 #include "SGXWalletServer.h"
 #include "SGXRegistrationServer.h"
+#include "SGXInfoServer.h"
 #include "SEKManager.h"
 #include "CSRManagerServer.h"
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 #include "SGXException.h"
+#include "ZMQServer.h"
 #include "SGXWalletServer.hpp"
 
 uint32_t enclaveLogLevel = 0;
 
+using namespace std;
+
+void systemHealthCheck() {
+    string ulimit;
+    try {
+        ulimit = exec( "/bin/bash -c \"ulimit -n\"" );
+    } catch ( ... ) {
+        spdlog::error("Execution of '/bin/bash -c ulimit -n' failed");
+        exit(-15);
+    }
+    int noFiles = strtol( ulimit.c_str(), NULL, 10 );
+
+    auto noUlimitCheck = getenv( "NO_ULIMIT_CHECK" ) != nullptr;
+
+    if ( noFiles < 65535 && !noUlimitCheck) {
+        string errStr =
+                "sgxwallet requires setting Linux file descriptor limit to at least 65535 "
+                "You current limit (ulimit -n) is less than 65535. \n Please set it to 65535:"
+                "by editing /etc/systemd/system.conf"
+                "and setting 'DefaultLimitNOFILE=65535'\n"
+                "After that, restart sgxwallet";
+        spdlog::error(errStr);
+        exit(-16);
+    }
+}
+
+static ZMQServer* zmqServer = nullptr;
+atomic<bool> exiting(false);
+
 void initUserSpace() {
 
     libff::inhibit_profiling_counters = true;
@@ -66,6 +99,30 @@ void initUserSpace() {
     libff::init_alt_bn128_params();
 
     LevelDB::initDataFolderAndDBs();
+
+#ifndef SGX_HW_SIM
+    systemHealthCheck();
+#endif
+
+#ifdef EXPERIMENTAL_ZMQ_SERVER
+    zmqServer = new ZMQServer();
+    static std::thread serverThread(std::bind(&ZMQServer::run, zmqServer));
+#endif
+}
+
+void exitZMQServer() {
+#ifdef EXPERIMENTAL_ZMQ_SERVER
+
+    auto doExit = !exiting.exchange(true);
+
+    if (doExit) {
+        spdlog::info("Exiting zmq server ...");
+        delete zmqServer;
+        spdlog::info("Exited zmq server ...");
+        zmqServer = nullptr;
+    }
+
+#endif
 }
 
 uint64_t initEnclave() {
@@ -76,7 +133,7 @@ uint64_t initEnclave() {
     support = get_sgx_support();
     if (!SGX_OK(support)) {
         sgx_support_perror(support);
-        exit(1);
+        exit(-17);
     }
 #endif
 
@@ -107,7 +164,7 @@ uint64_t initEnclave() {
             } else {
                 spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
             }
-            exit(1);
+            exit(-21);
         }
 
         spdlog::info("Enclave created and started successfully");
@@ -127,8 +184,8 @@ uint64_t initEnclave() {
 
 
 
+void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign, bool _generateTestKeys) {
 
-void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
 
     static atomic<bool> sgxServerInited(false);
     static mutex initMutex;
@@ -146,7 +203,7 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
         CHECK_STATE(sgxServerInited != 1)
         sgxServerInited = 1;
 
-        uint64_t  counter = 0;
+        uint64_t counter = 0;
 
         uint64_t initResult = 0;
         while ((initResult = initEnclave()) != 0 && counter < 10){
@@ -168,18 +225,20 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
         } else {
             SGXWalletServer::initHttpServer();
         }
+        SGXInfoServer::initInfoServer(_logLevel, _checkCert, _autoSign, _generateTestKeys);
+
         sgxServerInited = true;
     } catch (SGXException &_e) {
         spdlog::error(_e.getMessage());
-        exit(-1);
+        exit(-18);
     } catch (exception &_e) {
         spdlog::error(_e.what());
-        exit(-1);
+        exit(-19);
     }
     catch (...) {
         exception_ptr p = current_exception();
         printf("Exception %s \n", p.__cxa_exception_type()->name());
         spdlog::error("Unknown exception");
-        exit(-1);
+        exit(-22);
     }
 };

ServerInit.h

@@ -32,12 +32,14 @@
 #define EXTERNC
 #endif
 
-EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign);
+EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign, bool _generateTestKeys);
 
 EXTERNC void initUserSpace();
 
 EXTERNC uint64_t initEnclave();
 
+EXTERNC void exitZMQServer();
+
 
 
 #endif //SGXWALLET_SERVERINIT_H

ServerWorker.cpp

+//
+// Created by kladko on 14.12.20.
+//
+#include "common.h"
+#include <json/writer.h>
+#include "ZMQMessage.h"
+#include "ServerWorker.h"
+
+
+ServerWorker::ServerWorker(zmq::context_t &ctx, int sock_type) : ctx_(ctx),
+                                                                 worker_(ctx_, sock_type) {};
+
+void ServerWorker::work() {
+    worker_.connect("inproc://backend");
+    try {
+        while (true) {
+            zmq::message_t msg;
+            zmq::message_t copied_msg;
+            worker_.recv(&msg);
+
+            vector<uint8_t> msgData(msg.size() + 1, 0);
+
+            memcpy(msgData.data(), msg.data(), msg.size());
+
+            auto parsedMsg = ZMQMessage::parse(msgData);
+
+            CHECK_STATE(parsedMsg);
+
+            auto reply  = parsedMsg->process();
+
+            Json::FastWriter fastWriter;
+            std::string replyStr = fastWriter.write(reply);
+
+            zmq::message_t replyMsg(replyStr.c_str(),replyStr.size() + 1);
+            worker_.send(replyMsg);
+        }
+    }
+    catch (std::exception &e) {
+        spdlog::info("Exiting zmq server worker:{}", e.what());
+        return;
+    } catch (...) {
+        spdlog::error("Error in zmq server worker");
+        return;
+    }
+
+}
+
+

ServerWorker.h

+//
+// Created by kladko on 14.12.20.
+//
+
+#ifndef SGXWALLET_SERVERWORKER_H
+#define SGXWALLET_SERVERWORKER_H
+
+#include <vector>
+#include <thread>
+#include <memory>
+#include <functional>
+#include "abstractstubserver.h"
+
+#include <zmq.hpp>
+#include "zhelpers.hpp"
+#include "third_party/spdlog/spdlog.h"
+#include "document.h"
+
+
+class ServerWorker {
+
+public:
+    ServerWorker(zmq::context_t &ctx, int sock_type );
+
+
+    void work();
+
+
+private:
+    zmq::context_t &ctx_;
+    zmq::socket_t worker_;
+};
+
+
+#endif //SGXWALLET_SERVERWORKER_H

TestUtils.h

@@ -70,15 +70,23 @@ public:
 
     static void sendRPCRequest();
 
+    static void sendRPCRequestV2();
+
     static void destroyEnclave();
 
     static void doDKG(StubClient &c, int n, int t,
                                  vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames,
                                  int schainID, int dkgID);
+
+    static void doDKGV2(StubClient &c, int n, int t,
+                                 vector<string>& _ecdsaKeyNames, vector<string>& _blsKeyNames,
+                                 int schainID, int dkgID);
 };
 
 int sessionKeyRecoverDH(const char *skey_str, const char *sshare, char *common_key);
 
 int xorDecryptDH(char *key, const char *cypher, vector<char>& message);
 
+int xorDecryptDHV2(char *key, const char *cypher, vector<char>& message);
+
 #endif //SGXWALLET_TESTW_H

VERSION

-1.58.6
+1.66.1
\ No newline at end of file

ZMQMessage.cpp

+/*
+    Copyright (C) 2020 SKALE Labs
+
+    This file is part of skale-consensus.
+
+    skale-consensus is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    skale-consensus is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with skale-consensus.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file ZMQMessage.cpp
+    @author Stan Kladko
+    @date 2020
+*/
+
+#include "common.h"
+
+#include "BLSSignReqMessage.h"
+#include "ECDSASignReqMessage.h"
+#include "ZMQMessage.h"
+
+
+
+uint64_t ZMQMessage::getUint64Rapid(const char *_name) {
+    CHECK_STATE(_name);
+    CHECK_STATE(d->HasMember(_name));
+    const rapidjson::Value& a = (*d)[_name];
+    CHECK_STATE(a.IsUint64());
+    return a.GetUint64();
+};
+
+string ZMQMessage::getStringRapid(const char *_name) {
+    CHECK_STATE(_name);
+    CHECK_STATE(d->HasMember(_name));
+    CHECK_STATE((*d)[_name].IsString());
+    return (*d)[_name].GetString();
+};
+
+shared_ptr<ZMQMessage> ZMQMessage::parse(vector<uint8_t>& _msg) {
+
+    CHECK_STATE(_msg.at(_msg.size() - 1) == 0);
+
+    auto d = make_shared<rapidjson::Document>();
+
+    d->Parse((const char*) _msg.data());
+
+    CHECK_STATE(!d->HasParseError());
+    CHECK_STATE(d->IsObject())
+
+    CHECK_STATE(d->HasMember("type"));
+    CHECK_STATE((*d)["type"].IsString());
+    auto type =  (*d)["type"].GetString();
+
+    shared_ptr<ZMQMessage> result;
+
+    if (type == ZMQMessage::BLS_SIGN_REQ) {
+        result = make_shared<BLSSignReqMessage>(d);
+    } else if (type == ZMQMessage::ECDSA_SIGN_REQ) {
+        result = make_shared<ECDSASignReqMessage>(d);
+    } else {
+        throw SGXException(-301, "Incorrect zmq message type: " + string(type));
+    }
+
+    return result;
+
+}

ZMQMessage.h

+/*
+    Copyright (C) 2018-2019 SKALE Labs
+
+    This file is part of skale-consensus.
+
+    skale-consensus is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    skale-consensus is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with skale-consensus.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file ZMQMessage.h
+    @author Stan Kladko
+    @date 2018
+*/
+
+#pragma once
+
+
+#include <memory>
+#include <vector>
+#include "abstractstubserver.h"
+
+
+#include "document.h"
+#include "SGXException.h"
+
+using namespace std;
+
+class ZMQMessage {
+
+    shared_ptr<rapidjson::Document> d;
+
+    static constexpr const char *BLS_SIGN_REQ = "BLSSignReq";
+    static constexpr const char *BLS_SIGN_RSP = "BLSSignRsp";
+    static constexpr const char *ECDSA_SIGN_REQ = "ECDSASignReq";
+    static constexpr const char *ECDSA_SIGN_RSP = "ECDSASignRsp";
+
+protected:
+
+
+public:
+
+    explicit ZMQMessage(shared_ptr<rapidjson::Document> &_d) : d(_d) {
+    };
+
+    string getStringRapid(const char *_name);
+
+    uint64_t getUint64Rapid(const char *_name);
+
+    static shared_ptr<ZMQMessage> parse(vector<uint8_t> &_msg);
+
+    virtual Json::Value process() = 0;
+
+};
\ No newline at end of file

cert_util.cpp → ZMQServer.cpp

@@ -16,65 +16,73 @@
     You should have received a copy of the GNU Affero General Public License
     along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
 
-    @file cert_util.cpp
+    @file ZMQServer.cpp
     @author Stan Kladko
     @date 2019
 */
 
-#include <iostream>
-#include <cstring>
-#include <jsonrpccpp/client/connectors/httpclient.h>
-#include "stubclient.h"
 
-#include <unistd.h>
 
-int print_hashes(){
-  jsonrpc::HttpClient client("http://localhost:1028");
-  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
-  std::cout << "Client inited" << std::endl;
-  std::cout << c.getUnsignedCSRs() << std::endl;
-  exit(0);
-}
+#include "third_party/spdlog/spdlog.h"
 
-void sign_by_hash(std::string & hash, int status){
-  jsonrpc::HttpClient client("http://localhost:1028");
-  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
-  std::cout << "Client inited" << std::endl;
-  std::cout << c.signByHash(hash, status) << std::endl;
-  exit(0);
-}
+#include "ZMQServer.h"
+#include "sgxwallet_common.h"
+
+using namespace std;
+
+ZMQServer::ZMQServer()
+        : isExitRequested(false), ctx_(1),
+          frontend_(ctx_, ZMQ_ROUTER),
+          backend_(ctx_, ZMQ_DEALER) {}
+
+
+void ZMQServer::run() {
+
+    auto port = BASE_PORT + 4;
+
+    spdlog::info("Starting zmq server ...");
+
+    try {
+        frontend_.bind("tcp://*:" + to_string(BASE_PORT + 4));
+    } catch (...) {
+        spdlog::error("Server task could not bind to port:{}", port);
+        exit(-100);
+    }
 
-int main(int argc, char *argv[]) {
-  int opt;
-
-  if (argc > 1 && strlen(argv[1]) == 1) {
-    fprintf(stderr, "option is too short %s\n", argv[1]);
-    exit(1);
-  }
-
-  if (argc == 1) {
-    std::cout << "You may use following flags:" << std::endl;
-    std::cout << " -p  print all unsigned csr hashes " << std::endl;
-    std::cout << " -s [hash] sign csr by hash" << std::endl;
-    std::cout << " -r [hash] reject csr by hash" << std::endl;
-    exit(0);
-  }
-  std::string hash;
-  while ((opt = getopt(argc, argv, "ps:r:")) != -1) {
-      switch (opt) {
-          case 'p': print_hashes();
-                    break;
-          case 's': hash = optarg;
-                    sign_by_hash(hash, 0);
-                    break;
-          case 'r': hash = optarg;
-                    sign_by_hash(hash, 2);
-                    break;
-          case '?': // fprintf(stderr, "unknown flag\n");
-                    exit(1);
-      }
-  }
-
-  return 0;
+    spdlog::info("Bound port ...");
+
+    try {
+        backend_.bind("inproc://backend");
+    } catch (exception &e) {
+        spdlog::error("Could not bind to zmq backend: {}", e.what());
+        exit(-101);
+    }
+
+
+    spdlog::info("Creating {} zmq server workers ...", kMaxThread);
+
+    try {
+        for (int i = 0; i < kMaxThread; ++i) {
+            worker.push_back(new ServerWorker(ctx_, ZMQ_DEALER));
+            worker_thread.push_back(new std::thread(std::bind(&ServerWorker::work, worker[i])));
+        }
+    } catch (std::exception &e) {
+        spdlog::error("Could not create zmq server workers:{} ", e.what());
+        exit(-102);
+    }
+
+
+    try {
+        zmq::proxy(static_cast<void *>(frontend_), static_cast<void *>(backend_), nullptr);
+    } catch (exception& _e) {
+        spdlog::info("Exiting zmq server {}", _e.what());
+        return;
+    } catch (...) {
+        spdlog::info("Exiting zmq server");
+        return;
+    }
 }
 
+
+
+

ZMQServer.h

+/*
+    Copyright (C) 2019-Present SKALE Labs
+
+    This file is part of sgxwallet.
+
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file ZMQServer.h
+    @author Stan Kladko
+    @date 2020
+*/
+
+
+#ifndef SGXWALLET_ZMQServer_H
+#define SGXWALLET_ZMQServer_H
+
+
+#include <vector>
+#include <thread>
+#include <memory>
+#include <functional>
+#include <atomic>
+
+#include <zmq.hpp>
+#include "zhelpers.hpp"
+
+
+#include "ServerWorker.h"
+
+using namespace std;
+
+
+class ZMQServer {
+public:
+    ZMQServer();
+
+
+    atomic<bool> isExitRequested;
+
+    enum {
+        kMaxThread = 5
+    };
+
+    void run();
+
+private:
+    zmq::context_t ctx_;
+    zmq::socket_t frontend_;
+    zmq::socket_t backend_;
+
+    std::vector<ServerWorker *> worker;
+    std::vector<std::thread *> worker_thread;
+
+};
+
+#endif //SGXWALLET_ZMQServer_H

abstractinfoserver.h

+/*
+    Copyright (C) 2020-Present SKALE Labs
+
+    This file is part of sgxwallet.
+
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file abstractinfoserver.h
+    @author Oleh Nikolaiev
+    @date 2020
+*/
+
+#ifndef ABSTRACTINFOSERVER_H
+#define ABSTRACTINFOSERVER_H
+
+#include <jsonrpccpp/server.h>
+#include <iostream>
+
+class AbstractInfoServer : public jsonrpc::AbstractServer<AbstractInfoServer>
+{
+public:
+  AbstractInfoServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractInfoServer>(conn, type)
+  {
+    this->bindAndAddMethod(jsonrpc::Procedure("getAllKeysInfo", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractInfoServer::getAllKeysInfoI);
+    this->bindAndAddMethod(jsonrpc::Procedure("getLatestCreatedKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractInfoServer::getLatestCreatedKeyI);
+    this->bindAndAddMethod(jsonrpc::Procedure("getServerConfiguration", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &AbstractInfoServer::getServerConfigurationI);
+    this->bindAndAddMethod(jsonrpc::Procedure("isKeyExist", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"keyName",jsonrpc::JSON_STRING, NULL), &AbstractInfoServer::isKeyExistI);
+  }
+
+  inline virtual void getAllKeysInfoI(const Json::Value &request, Json::Value &response)
+  {
+      response = this->getAllKeysInfo();
+  }
+
+  inline virtual void getLatestCreatedKeyI(const Json::Value &request, Json::Value &response)
+  {
+      response = this->getLatestCreatedKey();
+  }
+
+  inline virtual void getServerConfigurationI(const Json::Value &request, Json::Value &response)
+  {
+      response = this->getServerConfiguration();
+  }
+
+  inline virtual void isKeyExistI(const Json::Value &request, Json::Value &response)
+  {
+    response = this->isKeyExist(request["keyName"].asString());
+  }
+
+
+  virtual Json::Value getAllKeysInfo() = 0;
+  virtual Json::Value getLatestCreatedKey() = 0;
+  virtual Json::Value getServerConfiguration() = 0;
+  virtual Json::Value isKeyExist(const std::string& key) = 0;
+
+};
+
+#endif // ABSTRACTINFOSERVER_H

abstractstubserver.h

@@ -58,6 +58,10 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
           this->bindAndAddMethod(jsonrpc::Procedure("getServerStatus", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,  NULL), &AbstractStubServer::getServerStatusI);
           this->bindAndAddMethod(jsonrpc::Procedure("getServerVersion", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,  NULL), &AbstractStubServer::getServerVersionI);
           this->bindAndAddMethod(jsonrpc::Procedure("deleteBlsKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "blsKeyName", jsonrpc::JSON_STRING, NULL), &AbstractStubServer::deleteBlsKeyI);
+
+          this->bindAndAddMethod(jsonrpc::Procedure("getSecretShareV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "polyName",jsonrpc::JSON_STRING,"publicKeys",jsonrpc::JSON_ARRAY, "n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::getSecretShareV2I);
+          this->bindAndAddMethod(jsonrpc::Procedure("dkgVerificationV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "publicShares",jsonrpc::JSON_STRING, "ethKeyName",jsonrpc::JSON_STRING, "secretShare",jsonrpc::JSON_STRING,"t",jsonrpc::JSON_INTEGER, "n",jsonrpc::JSON_INTEGER, "index",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::dkgVerificationV2I);
+          this->bindAndAddMethod(jsonrpc::Procedure("createBLSPrivateKeyV2", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "blsKeyName",jsonrpc::JSON_STRING, "ethKeyName",jsonrpc::JSON_STRING, "polyName", jsonrpc::JSON_STRING, "secretShare",jsonrpc::JSON_STRING,"t", jsonrpc::JSON_INTEGER,"n",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::createBLSPrivateKeyV2I);
         }
 
         inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
@@ -144,6 +148,19 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
             response = this->deleteBlsKey(request["blsKeyName"].asString());
         }
 
+        inline virtual void getSecretShareV2I(const Json::Value &request, Json::Value &response)
+        {
+            response = this->getSecretShareV2(request["polyName"].asString(), request["publicKeys"], request["t"].asInt(),request["n"].asInt());
+        }
+        inline virtual void dkgVerificationV2I(const Json::Value &request, Json::Value &response)
+        {
+            response = this->dkgVerificationV2(request["publicShares"].asString(), request["ethKeyName"].asString(), request["secretShare"].asString(), request["t"].asInt(), request["n"].asInt(), request["index"].asInt());
+        }
+        inline virtual void createBLSPrivateKeyV2I(const Json::Value &request, Json::Value &response)
+        {
+            response = this->createBLSPrivateKeyV2(request["blsKeyName"].asString(), request["ethKeyName"].asString(), request["polyName"].asString(),request["secretShare"].asString(),request["t"].asInt(), request["n"].asInt());
+        }
+
         virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName) = 0;
         virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int t, int n ) = 0;
         virtual Json::Value importECDSAKey(const std::string& keyShare, const std::string& keyShareName) = 0;
@@ -155,8 +172,8 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
         virtual Json::Value getVerificationVector(const std::string& polyName, int t, int n) = 0;
         virtual Json::Value getSecretShare(const std::string& polyName, const Json::Value& publicKeys, int t, int n) = 0;
         virtual Json::Value dkgVerification( const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
-        virtual Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n) = 0;
-        virtual Json::Value getBLSPublicKeyShare(const std::string & blsKeyName) = 0;
+        virtual Json::Value createBLSPrivateKey(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n) = 0;
+        virtual Json::Value getBLSPublicKeyShare(const std::string& blsKeyName) = 0;
         virtual Json::Value calculateAllBLSPublicKeys(const Json::Value& publicShares, int t, int n) = 0;
         virtual Json::Value complaintResponse(const std::string& polyName, int t, int n, int ind) = 0;
         virtual Json::Value multG2(const std::string & x) = 0;
@@ -165,6 +182,10 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
         virtual Json::Value getServerStatus() = 0;
         virtual Json::Value getServerVersion() = 0;
         virtual Json::Value deleteBlsKey(const std::string& name) = 0;
+
+        virtual Json::Value getSecretShareV2(const std::string& polyName, const Json::Value& publicKeys, int t, int n) = 0;
+        virtual Json::Value dkgVerificationV2( const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) = 0;
+        virtual Json::Value createBLSPrivateKeyV2(const std::string& blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n) = 0;
 };
 
 #endif //JSONRPC_CPP_STUB_ABSTRACTSTUBSERVER_H_

common.h

@@ -31,12 +31,14 @@ using namespace std;
 #include <iostream>
 #include <map>
 #include <memory>
+#include <vector>
 
 #include <boost/throw_exception.hpp>
 
 #include <gmp.h>
 #include "secure_enclave/Verify.h"
 #include "InvalidStateException.h"
+#include "SGXException.h"
 
 #define SAFE_FREE(__POINTER__) {if (__POINTER__) {free(__POINTER__); __POINTER__ = NULL;}}
 
@@ -64,7 +66,7 @@ inline void print_stack() {
     // print out all the frames to stderr
     fprintf(stderr, "Error: signal \n");
     backtrace_symbols_fd(array, size, STDERR_FILENO);
-    exit(1);
+    exit(-1);
 }
 
 
@@ -72,7 +74,7 @@ inline void print_stack() {
     if (!(_EXPRESSION_)) { \
         auto __msg__ = std::string("State check failed::") + #_EXPRESSION_ +  " " + std::string(__FILE__) + ":" + std::to_string(__LINE__); \
         print_stack();                                \
-        throw InvalidStateException(__msg__, __CLASS_NAME__);}
+        BOOST_THROW_EXCEPTION(SGXException(-100, string(__CLASS_NAME__) +  ":" + __msg__));}
 
 
 #define HANDLE_TRUSTED_FUNCTION_ERROR(__STATUS__, __ERR_STATUS__, __ERR_MSG__) \
@@ -81,7 +83,7 @@ string __ERR_STRING__ = string("SGX enclave call to ") + \
                    __FUNCTION__  +  " failed with status:" \
                    + to_string(__STATUS__) + \
                    " Err message:" + __ERR_MSG__; \
-BOOST_THROW_EXCEPTION(runtime_error(__ERR_MSG__)); \
+BOOST_THROW_EXCEPTION(SGXException(-102, string(__ERR_MSG__))); \
 }\
 \
 if (__ERR_STATUS__ != 0) {\
@@ -96,20 +98,51 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
 #define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
 #define SAFE_UINT8_BUF(__X__, __Y__)  ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
 
+// Copy from libconsensus
+
+
+
+inline string exec( const char* cmd ) {
+    CHECK_STATE( cmd );
+    std::array< char, 128 > buffer;
+    std::string result;
+    std::unique_ptr< FILE, decltype( &pclose ) > pipe( popen( cmd, "r" ), pclose );
+    if ( !pipe ) {
+        BOOST_THROW_EXCEPTION( std::runtime_error( "popen() failed!" ) );
+    }
+    while ( fgets( buffer.data(), buffer.size(), pipe.get() ) != nullptr ) {
+        result += buffer.data();
+    }
+    return result;
+}
+
 #include <shared_mutex>
 
 extern std::shared_timed_mutex sgxInitMutex;
 extern uint64_t initTime;
 
-#if SGX_MODE == SIM
-#define ENCLAVE_RESTART_PERIOD_S 5
-#else
-#define ENCLAVE_RESTART_PERIOD_S 60 * 10
-#endif
-
+#define LOCK(__X__) std::lock_guard<std::recursive_mutex> __LOCK__(__X__);
 #define READ_LOCK(__X__) std::shared_lock<std::shared_timed_mutex> __LOCK__(__X__);
 #define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);
 
 
+#include <boost/interprocess/sync/interprocess_semaphore.hpp>
+
+// max of 200 threads can call enclave at a time
+extern boost::interprocess::interprocess_semaphore enclaveSemaphore;
+
+class semaphore_guard {
+    boost::interprocess::interprocess_semaphore &sem;
+public:
+    semaphore_guard(boost::interprocess::interprocess_semaphore &_semaphore) : sem(_semaphore) {
+        sem.wait();
+    }
+
+    ~semaphore_guard() {
+        sem.post();
+    }
+};
+
+
 
 #endif //SGXWALLET_COMMON_H

cppzmq @ 18db4568

+Subproject commit 18db4568f9ff1568193d3a496d87bed4bc9ec59e

docs/admin-guide.md

@@ -5,6 +5,7 @@
 -   [Verify that your hardware and software can run SGX](prerequisites.md)
 -   [Enable SGX](enabling-sgx.md)
 -   [Start, stop and upgrade sgxwallet](run-in-hardware-mode.md)
+    -   [Increase max process limit](run-in-hardware-mode.md#increase-max-process-limit)
     -   [Docker Compose configuration](run-in-hardware-mode.md#docker-compose-configuration)
     -   [Run sgxwallet in secure mode](run-in-hardware-mode.md#run-sgxwallet-in-secure-mode)
     -   [Start, stop and upgrade sgxwallet containers](run-in-hardware-mode.md#start-stop-and-upgrade-sgxwallet-containers)

docs/prerequisites.md

@@ -22,7 +22,7 @@ Docker engine is pre-installed on Ubuntu 18.04.  You can re-install it as
 described below
 
 ```bash
-sudo apt-get install -y docker-io
+sudo apt-get install -y docker.io
 ```
 
 To verify a correct installation, run `sudo docker run hello-world`
@@ -55,9 +55,6 @@ curl  -I http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_lis
  If you need to set advanced options, such as outgoing network proxy, edit "/etc/aesmd.conf" file in
  the sgxwallet docker container.  
 
-
- #endif" 
-
 ### Verify SGX support
 
 Install cpuid and libelf-dev packages:

docs/run-in-hardware-mode.md

@@ -2,11 +2,32 @@
 
 # Run in hardware secure mode
 
+-   [Increase max process limit](#increase-max-process-limit)
 -   [Docker Compose configuration](#docker-compose-configuration)
 -   [Run sgxwallet in secure mode](#run-sgxwallet-in-secure-mode)
 -   [Start, stop and upgrade sgxwallet containers](#start-stop-and-upgrade-sgxwallet-containers)
 -   [Logging](#logging)
 
+## Increase max process limit
+
+sgxwallet requires setting Linux ulimit to at least 65535.
+
+To display you current limit, run
+
+```
+ulimit -n
+```
+
+If you current ulimit is less than 65535, please set it to 65535 by editing /etc/systemd/system.conf
+and setting 
+
+```
+DefaultLimitNOFILE=65535
+```  
+
+Then reboot and check ulimit again.
+
+
 ## Docker Compose configuration
 
 Install docker-compose:

jsonrpc/build.sh

@@ -93,7 +93,7 @@ cd ..
 #tar -xzf ./pre_downloaded/libjson-rpc-cpp.tar.gz
 git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive
 cd libjson-rpc-cpp
-git checkout develop
+git checkout hotfix/comment-ssl-certificates
 git pull
 rn -rf build || true
 mkdir -p build

libzmq @ 75dfbae0

+Subproject commit 75dfbae0d1dc65312d2aaad6902911a3214f4819

rapidjson @ 0ccdbf36

+Subproject commit 0ccdbf364c577803e2a751f5aededce935314313

run_sgx/docker-compose.yml

@@ -8,6 +8,7 @@ services:
       - "1027:1027"
       - "1028:1028"
       - "1029:1029"
+      - "1030:1030"
     devices:
       - "/dev/isgx"
       - "/dev/mei0"

run_sgx_sim/docker-compose.yml

@@ -8,6 +8,7 @@ services:
       - "1027:1027"
       - "1028:1028"
       - "1029:1029"
+      - "1030:1030"
     volumes:
       - ./sgx_data:/usr/src/sdk/sgx_data
       -  /dev/urandom:/dev/random

scripts/build_deps.py

@@ -34,14 +34,21 @@ makeExecutable = subprocess.check_output(["which", "make"])
 SCRIPTS_DIR = topDir + "/scripts"
 GMP_DIR = topDir + "/sgx-gmp"
 SGX_SDK_DIR_SSL = topDir + "/sgx-sdk-build/sgxsdk"
+ZMQ_DIR = topDir + "/libzmq"
+ZMQ_BUILD_DIR = ZMQ_DIR + "/build"
+CZMQ_DIR = topDir + "/cppzmq"
+CZMQ_BUILD_DIR = CZMQ_DIR + "/build"
+
 LEVELDB_DIR = topDir + "/leveldb"
 LEVELDB_BUILD_DIR = LEVELDB_DIR + "/build"
 GMP_BUILD_DIR = topDir + "/gmp-build"
 TGMP_BUILD_DIR = topDir + "/tgmp-build"
 SDK_DIR = topDir + "/sgx-sdk-build"
+
+JSON_LIBS_DIR = topDir +  "/jsonrpc"
+
 BLS_DIR = topDir +  "/libBLS"
 BLS_BUILD_DIR = BLS_DIR + "/build"
-JSON_LIBS_DIR = topDir +  "/jsonrpc"
 
 print("Cleaning")
 
@@ -58,17 +65,13 @@ subprocess.call(["rm", "-rf", TGMP_BUILD_DIR])
 subprocess.call(["rm", "-rf", SDK_DIR])
 
 
-assert subprocess.call(["cp", "configure.gmp", GMP_DIR + "/configure"]) == 0
 
 
-print("Build LevelDB");
 
-os.chdir(LEVELDB_DIR)
-assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0
-os.chdir(LEVELDB_BUILD_DIR)
-assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0
 
 
+assert subprocess.call(["cp", "configure.gmp", GMP_DIR + "/configure"]) == 0
+
 
 print("Build LibBLS");
 os.chdir(BLS_DIR + "/deps")
@@ -77,7 +80,23 @@ os.chdir(BLS_DIR)
 assert subprocess.call(["bash", "-c", "cmake -H. -Bbuild"]) == 0
 os.chdir(BLS_DIR + "/build")
 assert subprocess.call(["bash", "-c", "make"]) == 0
- 
+
+
+print("Build ZMQ");
+
+os.chdir(ZMQ_DIR)
+assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0
+os.chdir(ZMQ_BUILD_DIR)
+assert subprocess.call(["bash", "-c", "cmake -DDZMQ_EXPERIMENTAL=1 -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0
+
+
+print("Build LevelDB");
+
+os.chdir(LEVELDB_DIR)
+assert subprocess.call(["bash", "-c", "mkdir -p build"]) == 0
+os.chdir(LEVELDB_BUILD_DIR)
+assert subprocess.call(["bash", "-c", "cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build ."]) == 0
+
 print("Build JSON"); 
 
 os.chdir(JSON_LIBS_DIR)

scripts/build_image.sh

 #!/usr/bin/env bash
 
 set -e
+set -x
 
 DOCKERFILE=$1
 CONTAINER_NAME=$2

scripts/docker_test.py

@@ -29,49 +29,26 @@ topDir = os.getcwd() + "/sgxwallet"
 print("Starting container test")
 print("Top directory is:" + topDir)
 
-DOCKER_FILE_NAME = sys.argv[1];
+DOCKER_FILE_NAME = sys.argv[1]
 IMAGE_NAME = sys.argv[2]
 TAG_POSTFIX = "latest_commit"
 
-FULL_IMAGE_NAME = "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX;
+FULL_IMAGE_NAME = "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX
 
 print("Running tests");
 
-dockerRun = subprocess.run(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-t",
+isNightly = os.environ.get("NIGHTLY_TESTS")
+
+if isNightly :
+    dockerRun = subprocess.run(["docker", "run", "-e", "NIGHTLY_TESTS='1'", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-t",
+                                "-v", "/dev/urandom:/dev/random", "--name", "sgxwallet", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-t"])
+else:
+    dockerRun = subprocess.run(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-t",
                             "-v", "/dev/urandom:/dev/random", "--name", "sgxwallet", "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-t"])
 
 print(dockerRun.stdout)
 print(dockerRun.stderr)
 assert dockerRun.returncode == 0;
 
-
-
-assert subprocess.call(["docker", "rm", "sgxwallet"]) == 0
-assert subprocess.call(["docker", "run", "-v", topDir + "/sgx_data:/usr/src/sdk/sgx_data","-d",
-                        "--name", "sgxwallet",
-                    "--network=host", "skalenetwork/" + IMAGE_NAME +":" + TAG_POSTFIX, "-y"]) == 0
-
-time.sleep(5);
-
-#
-#
-#assert os.path.isdir(topDir + '/sgx_data/sgxwallet.db')
-#assert os.path.isdir(topDir + '/sgx_data/cert_data');
-#assert os.path.isdir(topDir + '/sgx_data/CSR_DB');
-#assert os.path.isdir(topDir + '/sgx_data/CSR_STATUS_DB');
-#assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.crt')
-#assert os.path.isfile(topDir + '/sgx_data/cert_data/SGXServerCert.key')
-#assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.pem')
-#assert os.path.isfile(topDir + '/sgx_data/cert_data/rootCA.key')
-
-#s1 = socket.socket()
-#s2 = socket.socket()
-#s3 = socket.socket()
-#address = '127.0.0.1'
-#s1.connect((address, 1026))
-#s2.connect((address, 1027))
-#s3.connect((address, 1028))
-
-#s1.close()
-#s2.close()
-#s3.close()
+assert subprocess.call(["docker", "rm", "-f", "sgxwallet"]) == 0
+assert subprocess.call(["rm", "-rf", "sgx_data"]) == 0

scripts/publish_image.sh

 #!/usr/bin/env bash
 
 set -e
+set -x
 
 CONTAINER_NAME=$1
 

scripts/sign_enclave.bash

@@ -18,7 +18,7 @@ openssl dgst -sha256 -out ../signed_enclaves/skale_sgx_enclave_signature${ENCLAV
 rm -rf ../signed_enclaves/submission${ENCLAVE_VERSION}
 mkdir -p ../signed_enclaves/submission${ENCLAVE_VERSION}
 
-/opt/intel/sgxsdk/bin/x64/sgx_sign dump -enclave ../signed_enclaves/secure_enclave_signed${ENCLAVE_VERSION}.so -dumpfile ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt -cssfile ../signed_enclaves/submission${ENCLAVE_VERSION}/nodeanstalt_sgxwallet_PUTWHITELISTENTRYIDHERE_sigstruct.bin
+/opt/intel/sgxsdk/bin/x64/sgx_sign dump -enclave ../signed_enclaves/secure_enclave_signed${ENCLAVE_VERSION}.so -dumpfile ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt -cssfile ../signed_enclaves/submission${ENCLAVE_VERSION}/nodeanstalt_sgxwallet_180_sigstruct.bin
 
 tail -n 6 ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt > ../signed_enclaves/submission${ENCLAVE_VERSION}/skale_sgx_enclave_mrsigner${ENCLAVE_VERSION}.txt
 

secure_enclave/DHDkg.c

@@ -161,7 +161,7 @@ int session_key_recover(const char *skey_str, const char *sshare, char *common_k
     point_clear(pub_keyB);
     point_clear(session_key);
 
-    return  ret;
+    return ret;
 }
 
 int xor_encrypt(char *key, char *message, char *cypher) {
@@ -209,6 +209,44 @@ int xor_encrypt(char *key, char *message, char *cypher) {
     return ret;
 }
 
+int xor_encrypt_v2(char *key, char *message, char *cypher) {
+
+    int ret = -1;
+
+    if (!cypher) {
+        LOG_ERROR("xor_encrypt: null cypher");
+        return ret;
+    }
+
+    if (!key) {
+        LOG_ERROR("xor_encrypt: null key");
+        return ret;
+    }
+
+    if (!message) {
+        LOG_ERROR("xor_encrypt: null message");
+        return ret;
+    }
+
+    SAFE_CHAR_BUF(cypher_bin, 33);
+
+    uint64_t msg_length;
+    uint8_t msg_bin[33];
+    if (!hex2carray(message, &msg_length, msg_bin)) {
+        return ret;
+    }
+
+    for (int i = 0; i < 32; i++) {
+        cypher_bin[i] = msg_bin[i] ^ (uint8_t)key[i];
+    }
+
+    carray2Hex((unsigned char*) cypher_bin, 32, cypher);
+
+    ret = 0;
+
+    return ret;
+}
+
 int xor_decrypt(char *key, char *cypher, char *message) {
 
     int ret = -1;
@@ -254,3 +292,66 @@ int xor_decrypt(char *key, char *cypher, char *message) {
 
     return ret;
 }
+
+int xor_decrypt_v2(char *key, char *cypher, char *message) {
+
+    int ret = -1;
+
+    if (!cypher) {
+        LOG_ERROR("xor_encrypt: null cypher");
+        return ret;
+    }
+
+    if (!key) {
+        LOG_ERROR("xor_encrypt: null key");
+        return ret;
+    }
+
+    if (!message) {
+        LOG_ERROR("xor_encrypt: null message");
+        return ret;
+    }
+
+    SAFE_CHAR_BUF(msg_bin,33);
+
+    uint64_t cypher_length;
+
+    SAFE_CHAR_BUF(cypher_bin, 33);
+    if (!hex2carray(cypher, &cypher_length, (uint8_t *) cypher_bin)) {
+        return ret;
+    }
+
+    for (int i = 0; i < 32; i++) {
+        msg_bin[i] = cypher_bin[i] ^ (uint8_t)key[i];
+    }
+
+    carray2Hex((unsigned char*) msg_bin, 32, message);
+
+    ret = 0;
+
+    return ret;
+}
+
+int hash_key(char* key, char* hashed_key) {
+    int ret = -1;
+
+    if (!key) {
+        LOG_ERROR("hash_key: null key");
+        return ret;
+    }
+
+    if (!hashed_key) {
+        LOG_ERROR("hash_key: null hashed_key");
+        return ret;
+    }
+
+    uint8_t key_to_hash[33];
+    uint64_t len;
+    if (!hex2carray(key, &len, key_to_hash)) {
+        return ret;
+    }
+
+    ret = sgx_sha256_msg(key_to_hash, ECDSA_BIN_LEN - 1, (uint8_t*)hashed_key);
+
+    return ret;
+}

secure_enclave/DHDkg.h

@@ -30,6 +30,12 @@ int session_key_recover(const char *skey_str, const char* sshare, char* common_k
 
 int xor_encrypt(char* key, char* message, char* cypher);
 
+int xor_encrypt_v2(char* key, char* message, char* cypher);
+
 int xor_decrypt(char* key, char* cypher, char* message);
 
+int xor_decrypt_v2(char* key, char* cypher, char* message);
+
+int hash_key(char* key, char* hashed_key);
+
 #endif //SGXD_DRIVE_KEY_DKG_H

secure_enclave/EnclaveCommon.cpp

@@ -82,8 +82,8 @@ string *stringFromFq(libff::alt_bn128_Fq *_fq) {
 
     try {
         _fq->as_bigint().to_mpz(t);
-        char *tmp = mpz_get_str(arr, 10, t);
-        ret = new string(tmp);
+        mpz_get_str(arr, 10, t);
+        ret = new string(arr);
     } catch (exception &e) {
         LOG_ERROR(e.what());
         goto clean;
@@ -107,13 +107,13 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
     try {
         _g1->to_affine_coordinates();
 
-        auto sX = stringFromFq(&_g1->X);
+        sX = stringFromFq(&_g1->X);
 
         if (!sX) {
             goto clean;
         }
 
-        auto sY = stringFromFq(&_g1->Y);
+        sY = stringFromFq(&_g1->Y);
 
         if (!sY) {
             goto clean;
@@ -131,8 +131,8 @@ string *stringFromG1(libff::alt_bn128_G1 *_g1) {
 
     clean:
 
-    SAFE_FREE(sX);
-    SAFE_FREE(sY);
+    SAFE_DELETE(sX);
+    SAFE_DELETE(sY);
 
     return ret;
 
@@ -226,7 +226,7 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
     }
 
     try {
-        auto key = keyFromString(_keyString);
+        key = keyFromString(_keyString);
 
         if (!key) {
             LOG_ERROR("Null key");
@@ -243,13 +243,13 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
 
         sign.to_affine_coordinates();
 
-        auto r = stringFromG1(&sign);
+        r = stringFromG1(&sign);
 
         memset(sig, 0, BUF_LEN);
 
         strncpy(sig, r->c_str(), BUF_LEN);
 
-        ret =  true;
+        ret = true;
 
     } catch (exception &e) {
         LOG_ERROR(e.what());

secure_enclave/Makefile.am

@@ -62,7 +62,7 @@ ENCLAVE_KEY=test_insecure_private_key.pem       #$(ENCLAVE)_private.pem
 
 ## Additional Automake flags needed to build the enclave.
 
-AM_CPPFLAGS +=  -Wall -Wno-implicit-function-declaration $(TGMP_CPPFLAGS) -I./third_party/SCIPR -I../third_party/SCIPR -I../sgx-sdk-build/sgxsdk/include/libcxx 
+AM_CPPFLAGS += -O2 -Wall -Wno-implicit-function-declaration $(TGMP_CPPFLAGS) -I./third_party/SCIPR -I../third_party/SCIPR -I../sgx-sdk-build/sgxsdk/include/libcxx 
 AM_CXXFLAGS += -fno-builtin -fstack-protector-strong
 
 

secure_enclave/SIGNED_ENCLAVE_VERSION

-#define SIGNED_ENCLAVE_VERSION "1"
+#define SIGNED_ENCLAVE_VERSION  "2"
\ No newline at end of file

secure_enclave/secure_enclave.config.xml

 <EnclaveConfiguration>
  <ProdID>0</ProdID>
- <ISVSVN>1</ISVSVN>
+ <ISVSVN>2</ISVSVN>
  <StackMaxSize>0x1000000</StackMaxSize>
- <HeapMaxSize>0x100000000</HeapMaxSize>
- <TCSNum>128</TCSNum>
- <TCSMaxNum>128</TCSMaxNum>
- <TCSMinPool>128</TCSMinPool>
+ <HeapMaxSize>0x10000000</HeapMaxSize>
+ <TCSNum>256</TCSNum>
+ <TCSMaxNum>256</TCSMaxNum>
+ <TCSMinPool>256</TCSMinPool>
  <TCSPolicy>0</TCSPolicy>
  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
  <DisableDebug>0</DisableDebug>

secure_enclave/secure_enclave.config.xml.release

 <EnclaveConfiguration>
  <ProdID>0</ProdID>
- <ISVSVN>1</ISVSVN>
+ <ISVSVN>2</ISVSVN>
  <StackMaxSize>0x1000000</StackMaxSize>
- <HeapMaxSize>0x100000000</HeapMaxSize>
- <TCSNum>128</TCSNum>
- <TCSMaxNum>128</TCSMaxNum>
- <TCSMinPool>128</TCSMinPool>
+ <HeapMaxSize>0x10000000</HeapMaxSize>
+ <TCSNum>256</TCSNum>
+ <TCSMaxNum>256</TCSMaxNum>
+ <TCSMinPool>256</TCSMinPool>
  <TCSPolicy>0</TCSPolicy>
  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
  <DisableDebug>1</DisableDebug>

secure_enclave/secure_enclave.config.xml.sim

 <EnclaveConfiguration>
  <ProdID>0</ProdID>
- <ISVSVN>1</ISVSVN>
- <StackMaxSize>0x1000000</StackMaxSize>
- <HeapMaxSize>0x1000000</HeapMaxSize>
- <TCSNum>16</TCSNum>
- <TCSMaxNum>16</TCSMaxNum>
- <TCSMinPool>16</TCSMinPool>
+ <ISVSVN>2</ISVSVN>
+ <StackMaxSize>0x200000</StackMaxSize>
+ <HeapMaxSize>0x200000</HeapMaxSize>
+ <TCSNum>20</TCSNum>
+ <TCSMaxNum>20</TCSMaxNum>
+ <TCSMinPool>20</TCSMinPool>
  <TCSPolicy>0</TCSPolicy>
  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
  <DisableDebug>0</DisableDebug>

secure_enclave/secure_enclave.edl

@@ -88,15 +88,25 @@ enclave {
                                 [out, count = 3072] uint8_t* decrypted_dkg_secret
                                 );
 
-        public void trustedSetEncryptedDkgPoly(
-                                [out] int *errStatus,
-                                [out, count = SMALL_BUF_SIZE] char* err_string,
+        public void trustedGetEncryptedSecretShare(
+                                [out]int *errStatus,
+                                [out, count = SMALL_BUF_SIZE] char *err_string,
                                 [in, count = 3050] uint8_t* encrypted_poly,
-                                uint64_t enc_len);
+                                uint64_t enc_len,
+                                [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
+                                [out] uint64_t* dec_len,
+                                [out, count = 193] char* result_str,
+                                [out, count = 320] char* s_shareG2,
+                                [in, string] char* pub_keyB,
+                                uint8_t _t,
+                                uint8_t _n,
+                                uint8_t ind);
 
-        public void trustedGetEncryptedSecretShare(
+        public void trustedGetEncryptedSecretShareV2(
                                 [out]int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char *err_string,
+                                [in, count = 3050] uint8_t* encrypted_poly,
+                                uint64_t enc_len,
                                 [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
                                 [out] uint64_t* dec_len,
                                 [out, count = 193] char* result_str,
@@ -126,6 +136,17 @@ enclave {
                                 int _ind,
                                 [out] int* result);
 
+        public void trustedDkgVerifyV2(
+                                [out] int *errStatus,
+                                [out, count = SMALL_BUF_SIZE] char* err_string,
+                                [in, string] const char* public_shares,
+                                [in, string] const char* s_share,
+                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
+                                uint64_t key_len,
+                                unsigned _t,
+                                int _ind,
+                                [out] int* result);
+
         public void trustedCreateBlsKey(
                                 [out]int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
@@ -135,6 +156,15 @@ enclave {
                                 [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
                                 [out] uint64_t *enc_bls_key_len);
 
+        public void trustedCreateBlsKeyV2(
+                                [out]int *errStatus,
+                                [out, count = SMALL_BUF_SIZE] char* err_string,
+                                [in, count = 6145] const char* s_shares,
+                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
+                                uint64_t key_len,
+                                [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
+                                [out] uint64_t *enc_bls_key_len);
+
         public void trustedBlsSignMessage (
                                 [out] int *errStatus,
                                 [out, count = TINY_BUF_SIZE] char* err_string,

sgx_util.cpp

+/*
+    Copyright (C) 2019-Present SKALE Labs
+
+    This file is part of sgxwallet.
+
+    sgxwallet is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    sgxwallet is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with sgxwallet.  If not, see <https://www.gnu.org/licenses/>.
+
+    @file sgx_util.cpp
+    @author Stan Kladko
+    @date 2019
+*/
+
+#include <iostream>
+#include <cstring>
+#include <jsonrpccpp/client/connectors/httpclient.h>
+#include "stubclient.h"
+#include "common.h"
+
+#include <unistd.h>
+
+int print_hashes(){
+    jsonrpc::HttpClient client("http://localhost:1028");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Client inited" << std::endl;
+    std::cout << c.getUnsignedCSRs() << std::endl;
+    exit(0);
+}
+
+void sign_by_hash(std::string & hash, int status){
+    jsonrpc::HttpClient client("http://localhost:1028");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Client inited" << std::endl;
+    std::cout << c.signByHash(hash, status) << std::endl;
+    exit(0);
+}
+
+void getNumberOfKeysCreated() {
+    jsonrpc::HttpClient client("http://localhost:1030");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Info client inited" << std::endl;
+    std::cout << c.getAllKeysInfo()["keysNumber"].asString() << std::endl;
+    exit(0);
+}
+
+void getAllKeysInfo() {
+    jsonrpc::HttpClient client("http://localhost:1030");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Info client inited" << std::endl;
+    std::cout << c.getAllKeysInfo()["allKeys"].asString() << std::endl;
+    std::cout << "TOTAL KEYS IN DATABASE: " << c.getAllKeysInfo()["keysNumber"].asString() << std::endl;
+    exit(0);
+}
+
+void getLatestCreatedKey() {
+    jsonrpc::HttpClient client("http://localhost:1030");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Info client inited" << std::endl;
+    Json::Value lastCreatedKey = c.getLatestCreatedKey();
+    std::cout << "Last created key name: " << lastCreatedKey["keyName"] << std::endl;
+    std::string timestamp_to_date_command = "date -d @" + lastCreatedKey["creationTime"].asString();
+    std::cout << "Last created key creation time: " << exec(timestamp_to_date_command.c_str());
+    exit(0);
+}
+
+void getServerConfiguration() {
+    jsonrpc::HttpClient client("http://localhost:1030");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Info client inited" << std::endl;
+    Json::Value response = c.getServerConfiguration();
+    std::cout << "OPTION autoConfirm certificates switched to " << response["autoConfirm"] << '\n';
+    uint32_t logLevel = response["logLevel"].asInt();
+    std::string logLevelStr;
+    switch(logLevel) {
+        case 0:
+            logLevelStr = "trace";
+            break;
+        case 1:
+            logLevelStr = "debug";
+            break;
+        case 2:
+            logLevelStr = "info";
+            break;
+        case 3:
+            logLevelStr = "warning";
+            break;
+        case 4:
+            logLevelStr = "error";
+            break;
+    }
+
+    std::cout << "OPTION logLevel switched to " << logLevelStr << '\n';
+    std::cout << "OPTION enterBackupKey switched to " << response["enterBackupKey"] << '\n';
+    std::cout << "OPTION useHTTPS switched to " << response["useHTTPS"] << '\n';
+    std::cout << "OPTION autoSign certificates switched to " << response["autoSign"] << '\n';
+    std::cout << "OPTION checkCerts switched to " << response["checkCerts"] << '\n';
+    std::cout << "OPTION generateTestKeys switched to " << response["generateTestKeys"] << '\n';
+    exit(0);
+}
+
+void isKeyExists(const std::string& key) {
+    jsonrpc::HttpClient client("http://localhost:1030");
+    StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+    std::cout << "Info client inited" << std::endl;
+    if (c.isKeyExist(key)["IsExist"].asBool()) {
+        std::cout << "Key with name " << key << " presents in server database.\n";
+    } else {
+        std::cout << "Key with name " << key << " does not exist in server's database.\n";
+    }
+    exit(0);
+}
+
+int main(int argc, char *argv[]) {
+  int opt;
+
+  if (argc > 1 && strlen(argv[1]) == 1) {
+    fprintf(stderr, "option is too short %s\n", argv[1]);
+    exit(1);
+  }
+
+  if (argc == 1) {
+    std::cout << "You may use following flags:" << std::endl;
+    std::cout << " -p print all unsigned csr hashes " << std::endl;
+    std::cout << " -s [hash] sign csr by hash" << std::endl;
+    std::cout << " -r [hash] reject csr by hash" << std::endl;
+    std::cout << " -a print all keys" << std::endl;
+    std::cout << " -l print latest created key" << std::endl;
+    std::cout << " -n print number of keys stored in database" << std::endl;
+    std::cout << " -c print server's config" << std::endl;
+    std::cout << " -i [name] check if key with such name presents in database" << std::endl;
+    exit(0);
+  }
+
+  std::string hash;
+  std::string key;
+  while ((opt = getopt(argc, argv, "ps:r:alci:n")) != -1) {
+      switch (opt) {
+          case 'p': print_hashes();
+                    break;
+          case 's': hash = optarg;
+                    sign_by_hash(hash, 0);
+                    break;
+          case 'r': hash = optarg;
+                    sign_by_hash(hash, 2);
+                    break;
+          case 'a':
+                    getAllKeysInfo();
+                    break;
+          case 'l':
+                    getLatestCreatedKey();
+                    break;
+          case 'c':
+                    getServerConfiguration();
+                    break;
+          case 'i': key = optarg;
+                    isKeyExists(key);
+                    break;
+          case 'n':
+                    getNumberOfKeysCreated();
+                    break;
+          case '?': // fprintf(stderr, "unknown flag\n");
+                    exit(1);
+      }
+  }
+
+  return 0;
+}
+

sgxwall.cpp

@@ -34,20 +34,23 @@
 
 #include "TestUtils.h"
 
+#include "ZMQServer.h"
+
 #include "testw.h"
 #include "sgxwall.h"
 #include "sgxwallet.h"
 
+
 void SGXWallet::usage() {
     cerr << "usage: sgxwallet\n";
-    exit(1);
+    exit(-21);
 }
 
 void SGXWallet::printUsage() {
     cerr << "\nAvailable flags:\n";
     cerr << "\nDebug flags:\n\n";
     cerr << "   -v  Verbose mode: turn on debug output\n";
-    cerr << "   -vv Detailed verbose mode: turn on debug and trace outputs\n";
+    cerr << "   -V Detailed verbose mode: turn on debug and trace outputs\n";
     cerr << "\nBackup, restore, update flags:\n\n";
     cerr << "   -b  filename Restore from back up or software update. You will need to put backup key into a file in sgx_data dir. \n";
     cerr << "   -y  Do not ask user to acknowledge receipt of the backup key \n";
@@ -100,14 +103,14 @@ int main(int argc, char *argv[]) {
 
     if (argc > 1 && strlen(argv[1]) == 1) {
         SGXWallet::printUsage();
-        exit(1);
+        exit(-22);
     }
 
     while ((opt = getopt(argc, argv, "cshd0abyvVnT")) != -1) {
         switch (opt) {
             case 'h':
                 SGXWallet::printUsage();
-                exit(0);
+                exit(-24);
             case 'c':
                 checkClientCertOption = false;
                 break;
@@ -144,7 +147,7 @@ int main(int argc, char *argv[]) {
                 break;
             default:
                 SGXWallet::printUsage();
-                exit(1);
+                exit(-23);
                 break;
         }
     }
@@ -171,7 +174,7 @@ int main(int argc, char *argv[]) {
         enclaveLogLevel = L_TRACE;
     }
 
-    initAll(enclaveLogLevel, checkClientCertOption, autoSignClientCertOption);
+    initAll(enclaveLogLevel, checkClientCertOption, autoSignClientCertOption, generateTestKeys);
 
     ifstream is("sgx_data/4node.json");
 
@@ -201,6 +204,8 @@ int main(int argc, char *argv[]) {
         cerr << "Successfully completed generating test keys into sgx_data" << endl;
     }
 
+
+
     while (true) {
         sleep(10);
     }

testw.h

@@ -31,7 +31,7 @@
 #define SAMPLE_KEY_NAME "tmp_NEK:8abc8e8280fb060988b65da4b8cb00779a1e816ec42f8a40ae2daa520e484a01"
 #define SAMPLE_AES_KEY "123456789"
 
-#define SAMPLE_POLY_NAME  "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
+#define SAMPLE_POLY_NAME "POLY:SCHAIN_ID:1:NODE_ID:1:DKG_ID:1"
 #define RPC_ENDPOINT  "http://localhost:1029"
 #define SAMPLE_PUBLIC_KEY_B "c0152c48bf640449236036075d65898fded1e242c00acb45519ad5f788ea7cbf9a5df1559e7fc87932eee5478b1b9023de19df654395574a690843988c3ff475"
 

testw.py

@@ -30,6 +30,8 @@ topDir = os.getcwd() + "/sgxwallet"
 print("Top directory is:" + topDir)
 testList = ["[first-run]",
             "[second-run]",
+            "[many-threads-crypto]",
+            "[many-threads-crypto-v2]",
             "[backup-restore]",
             "[cert-sign]",
             "[get-server-status]",
@@ -44,13 +46,16 @@ testList = ["[first-run]",
             "[bls-key-encrypt]",
             "[dkg-aes-gen]",
             "[dkg-aes-encr-sshares]",
+            "[dkg-aes-encr-sshares-v2]",
             "[dkg-api]",
+            "[dkg-api-v2]",
             "[dkg-bls]",
+            "[dkg-bls-v2]",
             "[dkg-poly-exists]",
             "[dkg-aes-pub-shares]",
-            "[many-threads-crypto]",
             "[aes-encrypt-decrypt]",
-            "[aes-dkg]"
+            "[aes-dkg]",
+            "[aes-dkg-v2]"
             ]