Merge pull request #25 from skalenetwork/enhancement/SKALE-1795-Fix-SIGILL-in-SGX

Enhancement/skale 1795 fix sigill in sgx

Merge pull request #25 from skalenetwork/enhancement/SKALE-1795-Fix-SIGILL-in-SGX
Enhancement/skale 1795 fix sigill in sgx
ba1019c1 · Sveta Rogova · GitHub · 959991a2 · 9150b644 · ba1019c1
Unverified Commit ba1019c1 authored Jan 17, 2020 by Sveta Rogova Committed by GitHub Jan 17, 2020
19 changed files
--- a/BLSCrypto.cpp
+++ b/BLSCrypto.cpp
@@ -135,7 +135,7 @@ bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
 bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
    char* _sig) {
-  std::cerr << "ENTER SIGN" << std::endl;
+  //std::cerr << "ENTER SIGN" << std::endl;
  auto keyStr = std::make_shared<std::string>(_encryptedKeyHex);
@@ -152,7 +152,7 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
  auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
-  std::cerr << "keyShare created" << std::endl;
+  //std::cerr << "keyShare created" << std::endl;
 // {
    auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
 // }
@@ -168,7 +168,7 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
 // auto sig_ptr = std::make_shared<std::string>(test_sig);
 // strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
-  std::cerr<< "sig " << _sig <<std::endl;
+  //std::cerr<< "sig " << _sig <<std::endl;
  return true;

--- a/DKGCrypto.cpp
+++ b/DKGCrypto.cpp
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -31,6 +31,7 @@
 #include <gmp.h>
 #include <random>
 static std::default_random_engine rand_gen((unsigned int) time(0));
 std::string concatPubKeyWith0x(char* pub_key_x, char* pub_key_y){
@@ -54,7 +55,7 @@ std::vector<std::string> gen_ecdsa_key(){
    throw RPCException(-666, errMsg) ;
  }
  std::vector<std::string> keys(3);
-  std::cerr << "account key is " << errMsg << std::endl;
+  //std::cerr << "account key is " << errMsg << std::endl;
  char *hexEncrKey = (char *) calloc(2*BUF_LEN, 1);
  carray2Hex(encr_pr_key, enc_len, hexEncrKey);
  keys.at(0) = hexEncrKey;
@@ -64,7 +65,9 @@ std::vector<std::string> gen_ecdsa_key(){
  unsigned long seed = rand_gen();
-  std::cerr << "seed is " << seed << std::endl;
+  if (DEBUG_PRINT) {
+    std::cerr << "seed is " << seed << std::endl;
+  }
  gmp_randstate_t state;
  gmp_randinit_default(state);
@@ -79,7 +82,7 @@ std::vector<std::string> gen_ecdsa_key(){
  keys.at(2) = rand_str;
-  std::cerr << "rand_str length is " << strlen(rand_str) << std::endl;
+  //std::cerr << "rand_str length is " << strlen(rand_str) << std::endl;
  gmp_randclear(state);
  mpz_clear(rand32);
@@ -106,15 +109,16 @@ std::string get_ecdsa_pubkey(const char* encryptedKeyHex){
  }
  status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
-  if ( err_status != 0){
+  if (err_status != 0){
    throw RPCException(-666, errMsg) ;
  }
  std::string pubKey = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
-  std:: cerr << "pubkey is " << pubKey << std::endl;
+  if (DEBUG_PRINT) {
-  std:: cerr << "pubkey length is " << pubKey.length() << std::endl;
+    std::cerr << "pubkey is " << pubKey << std::endl;
+    std::cerr << "pubkey length is " << pubKey.length() << std::endl;
-  std::cerr << "err str " << errMsg << std::endl;
+    std::cerr << "err str " << errMsg << std::endl;
+  }
  free(errMsg);
  free(pub_key_x);
@@ -138,19 +142,21 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
      throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
  }
-  std::cerr << "encryptedKeyHex: "<< encryptedKeyHex << std::endl;
+  if (DEBUG_PRINT) {
+    std::cerr << "encryptedKeyHex: " << encryptedKeyHex << std::endl;
-  std::cerr << "HASH: "<< hashHex << std::endl;
+    std::cerr << "HASH: " << hashHex << std::endl;
+    std::cerr << "encrypted len" << dec_len << std::endl;
-  std::cerr << "encrypted len" << dec_len << std::endl;
+  }
  status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
  if ( err_status != 0){
    throw RPCException(-666, errMsg ) ;
  }
-  std::cerr << "signature r in  ecdsa_sign_hash "<< signature_r << std::endl;
+  if (DEBUG_PRINT) {
-  std::cerr << "signature s in  ecdsa_sign_hash "<< signature_s << std::endl;
+    std::cerr << "signature r in  ecdsa_sign_hash " << signature_r << std::endl;
+    std::cerr << "signature s in  ecdsa_sign_hash " << signature_s << std::endl;
+  }
  if ( status != SGX_SUCCESS){
    std::cerr << "failed to sign " << std::endl;

--- a/LevelDB.cpp
+++ b/LevelDB.cpp
@@ -34,6 +34,8 @@
 #include "RPCException.h"
 #include "LevelDB.h"
+#include "ServerInit.h"
 using namespace leveldb;
@@ -61,8 +63,9 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
 //    if (result == nullptr) {
 //      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
 //    }
+    if (DEBUG_PRINT) {
-    std::cerr << "key to read from db: " << _key <<std::endl;
+      std::cerr << "key to read from db: " << _key << std::endl;
+    }
    throwExceptionOnError(status);
@@ -80,7 +83,9 @@ void LevelDB::writeString(const std::string &_key, const std::string &_value) {
    throwExceptionOnError(status);
-    std::cerr << "written key " << _key << std::endl;//<< " value " << _value << std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "written key " << _key  << std::endl;
+    }
 }
@@ -134,7 +139,9 @@ void LevelDB::deleteKey(const std::string &_key){
    throwExceptionOnError(status);
-    std::cerr << "key deleted " << _key << std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "key deleted " << _key << std::endl;
+    }
 }

--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -43,6 +43,9 @@
 #include "SGXRegistrationServer.h"
 #include "LevelDB.h"
+int DEBUG_PRINT = 0;
+int is_sgx_https = 1;
 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;
@@ -139,8 +142,13 @@ Json::Value GetSertificateImpl(const std::string& hash){
          cert = ss.str();
          infile.close();
-          std::string remove_crt = "cd cert && rm -rf" + hash + ".crt && rm -rf " + hash + ".csr";
+          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
-          system(remove_crt.c_str());
+          if(system(remove_crt.c_str()) == 0){
+              std::cerr << "cert removed" << std::endl;
+          }
+          else{
+              std::cerr << "cert was not removed" << std::endl;
+          }
      }
    }

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
--- a/SGXWalletServer.h
+++ b/SGXWalletServer.h
@@ -31,7 +31,8 @@
 #endif
-EXTERNC int init_server(bool check_certs );
+EXTERNC int init_https_server(bool check_certs );
+EXTERNC int init_http_server();

--- a/SGXWalletServer.hpp
+++ b/SGXWalletServer.hpp
@@ -31,6 +31,7 @@
 #include <mutex>
 using namespace jsonrpc;
 using namespace std;

--- a/ServerDataChecker.cpp
+++ b/ServerDataChecker.cpp
@@ -158,6 +158,10 @@ bool check_n_t ( const int t, const int n){
    return false;
  }
+  if (n > 32){
+    return false;
+  }
  if ( t < 0 || n < 0){
    return false;
  }

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -55,9 +55,6 @@
 #include <iostream>
 void init_daemon() {
    libff::init_alt_bn128_params();
@@ -126,9 +123,14 @@ void init_all(bool check_cert, bool sign_automatically) {
    sgxServerInited = 1;
-    init_server(check_cert);
+    if (is_sgx_https) {
-    init_registration_server(sign_automatically);
+      init_https_server(check_cert);
-    init_csrmanager_server();
+      init_registration_server(sign_automatically);
+      init_csrmanager_server();
+    }
+    else {
+      init_http_server();
+    }
    init_enclave();
    std::cerr << "enclave inited" << std::endl;
    init_daemon();

--- a/secure_enclave/DKGUtils.cpp
+++ b/secure_enclave/DKGUtils.cpp
@@ -107,23 +107,25 @@ std::vector<libff::alt_bn128_Fr> SplitStringToFr(const char* koefs, const char s
    return tokens;
 }
-void gen_dkg_poly( char* secret, unsigned _t ){
+int gen_dkg_poly( char* secret, unsigned _t ){
-    libff::init_alt_bn128_params();
+  libff::init_alt_bn128_params();
-    std::string result;
+  std::string result;
-    for (size_t i = 0; i < _t; ++i) {
+  for (size_t i = 0; i < _t; ++i) {
-        libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element();
+     libff::alt_bn128_Fr cur_coef = libff::alt_bn128_Fr::random_element();
-        while (i == _t - 1 && cur_coef == libff::alt_bn128_Fr::zero()) {
-            cur_coef = libff::alt_bn128_Fr::random_element();
-        }
-       result += stringFromFr(cur_coef);
-       result += ":";
-    }
-    strncpy(secret, result.c_str(), result.length() + 1);
-    if (strlen(secret) == 0){
+     while (i == _t - 1 && cur_coef == libff::alt_bn128_Fr::zero()) {
-        throw std::exception();
+       cur_coef = libff::alt_bn128_Fr::random_element();
-    }
+     }
+     result += stringFromFr(cur_coef);
+     result += ":";
+  }
+  strncpy(secret, result.c_str(), result.length() + 1);
+  if (strlen(secret) == 0) {
+    return 1;
+  }
+  return 0;
 }
 libff::alt_bn128_Fr PolynomialValue(const std::vector<libff::alt_bn128_Fr>& pol, libff::alt_bn128_Fr point, unsigned _t) {
@@ -149,6 +151,7 @@ void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
  std::string result;
  char symbol = ':';
  std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
    for (size_t i = 0; i < _n; ++i) {
    libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(i + 1), _t);
    result += ConvertToString(secret_share);//stringFromFr(secret_share);
@@ -158,12 +161,15 @@ void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
  //strncpy(secret_shares, decrypted_koefs, 3650);
 }
-void calc_secret_share(const char* decrypted_koefs, char * s_share,
+int calc_secret_share(const char* decrypted_koefs, char * s_share,
                        unsigned _t, unsigned _n, unsigned ind) {
  libff::init_alt_bn128_params();
  char symbol = ':';
  std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
+  if ( poly.size() != _t){
+    return 1;
+  }
  libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
  std::string cur_share = ConvertToString(secret_share, 16);//stringFromFr(secret_share);
@@ -171,6 +177,7 @@ void calc_secret_share(const char* decrypted_koefs, char * s_share,
  cur_share.insert(0, n_zeroes, '0');
  strncpy(s_share, cur_share.c_str(), cur_share.length() + 1);
+  return 0;
 }
@@ -195,12 +202,15 @@ void calc_secret_shareG2_old(const char* decrypted_koefs, char * s_shareG2,
  //strncpy(s_shareG2, decrypted_koefs, 320);
 }
-void calc_secret_shareG2(const char* s_share, char * s_shareG2){
+int calc_secret_shareG2(const char* s_share, char * s_shareG2){
  libff::init_alt_bn128_params();
  mpz_t share;
  mpz_init(share);
-  mpz_set_str(share, s_share, 16);
+  if (mpz_set_str(share, s_share, 16) == -1){
+    mpz_clear(share);
+    return 1;
+  }
  char arr[mpz_sizeinbase (share, 10) + 2];
  char * share_str = mpz_get_str(arr, 10, share);
@@ -214,15 +224,20 @@ void calc_secret_shareG2(const char* s_share, char * s_shareG2){
  std::string secret_shareG2_str = ConvertG2ToString(secret_shareG2);
  strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
+  return 0;
 }
-void calc_public_shares(const char* decrypted_koefs, char * public_shares,
+int calc_public_shares(const char* decrypted_koefs, char * public_shares,
                        unsigned _t) {
  libff::init_alt_bn128_params();
  // calculate for each node a list of public shares
  std::string result;
  char symbol = ':';
  std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
+  if (poly.size() != _t){
+    return 1;
+  }
  for (size_t i = 0; i < _t; ++i) {
    libff::alt_bn128_G2 pub_share = poly.at(i) * libff::alt_bn128_G2::one() ;
    pub_share.to_affine_coordinates();
@@ -230,6 +245,7 @@ void calc_public_shares(const char* decrypted_koefs, char * public_shares,
    result += pub_share_str + ",";
  }
  strncpy(public_shares, result.c_str(), result.length());
+  return 0;
 }
 //extern "C" int __gmpz_set_str (mpz_ptr, const char *, int);
@@ -237,7 +253,10 @@ std::string ConvertHexToDec(std::string hex_str){
  mpz_t dec;
  mpz_init(dec);
-  mpz_set_str(dec, hex_str.c_str(), 16);
+  if (mpz_set_str(dec, hex_str.c_str(), 16) == -1){
+    mpz_clear(dec);
+    return "false";
+  }
  char arr[mpz_sizeinbase (dec, 10) + 2];
  char * result = mpz_get_str(arr, 10, dec);
@@ -260,11 +279,17 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
    libff::alt_bn128_G2 pub_share;
    uint64_t pos0 = share_length * i;
-    pub_share.X.c0 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0, coord_length)).c_str());
+    std::string x_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0, coord_length));
-    pub_share.X.c1 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length)).c_str());
+    std::string x_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length));
-    pub_share.Y.c0 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length)).c_str());
+    std::string y_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length));
-    pub_share.Y.c1 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length)).c_str());
+    std::string y_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length));
+    if (x_c0_str == "false" || x_c1_str == "false" || y_c0_str == "false" || y_c1_str == "false"){
+      return 2;
+    }
+    pub_share.X.c0 = libff::alt_bn128_Fq(x_c0_str.c_str());
+    pub_share.X.c1 = libff::alt_bn128_Fq(x_c1_str.c_str());
+    pub_share.Y.c0 = libff::alt_bn128_Fq(y_c0_str.c_str());
+    pub_share.Y.c1 = libff::alt_bn128_Fq(y_c1_str.c_str());
    pub_share.Z = libff::alt_bn128_Fq2::one();
@@ -296,7 +321,7 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
  libff::alt_bn128_G2  val2 = sshare * libff::alt_bn128_G2::one();
-    memset(public_shares, 0, strlen(public_shares));
+   memset(public_shares, 0, strlen(public_shares));
   strncpy(public_shares, ConvertToString(val2.X.c0).c_str(), ConvertToString(val2.X.c0).length());
   strncpy(public_shares + ConvertToString(val2.X.c0).length(), ":", 1);
  strncpy(public_shares + ConvertToString(val2.X.c0).length() + 1, ConvertToString(val2.X.c1).c_str(), 77);
@@ -320,17 +345,18 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
 }
-void calc_bls_public_key(char* skey_hex, char* pub_key){
+int calc_bls_public_key(char* skey_hex, char* pub_key){
  libff::init_alt_bn128_params();
  mpz_t skey;
  mpz_init(skey);
-  mpz_set_str(skey, skey_hex, 16);
+  if (mpz_set_str(skey, skey_hex, 16) == -1){
+    return 1;
+  }
  char skey_dec[mpz_sizeinbase (skey, 10) + 2];
  char * skey_str = mpz_get_str(skey_dec, 10, skey);
  libff::alt_bn128_Fr bls_skey(skey_dec);
  libff::alt_bn128_G2 public_key = bls_skey * libff::alt_bn128_G2::one();
@@ -339,6 +365,10 @@ void calc_bls_public_key(char* skey_hex, char* pub_key){
  std::string result = ConvertG2ToString(public_key);
  strncpy(pub_key, result.c_str(), result.length());
+  mpz_clear(skey);
+  return 0;
 }

--- a/secure_enclave/DKGUtils.h
+++ b/secure_enclave/DKGUtils.h
@@ -32,24 +32,24 @@
 #include <sgx_tgmp.h>
-EXTERNC void gen_dkg_poly( char* secret, unsigned _t);
+EXTERNC int gen_dkg_poly( char* secret, unsigned _t);
 EXTERNC void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
                        unsigned _t, unsigned _n);
-EXTERNC void calc_secret_share(const char* decrypted_koefs, char * s_share,
+EXTERNC int calc_secret_share(const char* decrypted_koefs, char * s_share,
                               unsigned _t, unsigned _n, unsigned ind);
-EXTERNC void calc_public_shares(const char* decrypted_koefs, char * public_shares,
+EXTERNC int calc_public_shares(const char* decrypted_koefs, char * public_shares,
                        unsigned _t);
 EXTERNC int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int ind);
-EXTERNC void calc_bls_public_key(char* skey, char* pub_key);
+EXTERNC int calc_bls_public_key(char* skey, char* pub_key);
 EXTERNC void calc_secret_shareG2_old(const char* public_shares, char * s_shareG2,
                                 unsigned _t, unsigned ind);
-EXTERNC void calc_secret_shareG2(const char* s_share, char * s_shareG2);
+EXTERNC int calc_secret_shareG2(const char* s_share, char * s_shareG2);
 #endif //SGXD_DKGUTILS_H
--- a/secure_enclave/Makefile.am
+++ b/secure_enclave/Makefile.am
@@ -65,7 +65,7 @@ ENCLAVE_KEY=$(ENCLAVE)_private.pem
 AM_CPPFLAGS +=  -Wall -Wno-implicit-function-declaration $(TGMP_CPPFLAGS) -I./trusted_libff -I../trusted_libff -I../sgx-sdk-build/sgxsdk/include/libcxx \
              -I../intel-sgx-ssl/Linux/package/include
-AM_CXXFLAGS += -fno-builtin
+AM_CXXFLAGS += -fno-builtin -fstack-protector-strong
 ## Additional files to remove with 'make clean'. This list needs

--- a/secure_enclave/Makefile.in
+++ b/secure_enclave/Makefile.in
@@ -333,7 +333,8 @@ AM_CPPFLAGS = @SGX_ENCLAVE_CPPFLAGS@ -Wall \
 	-I./trusted_libff -I../trusted_libff \
 	-I../sgx-sdk-build/sgxsdk/include/libcxx \
 	-I../intel-sgx-ssl/Linux/package/include
-AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin
+AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin \
+	-fstack-protector-strong
 AM_LDFLAGS = @SGX_ENCLAVE_LDFLAGS@ $(TGMP_LDFLAGS) -L./tgmp-build/lib \
 	-L../tgmp-build/lib
 CLEANFILES = $(ENCLAVE).signed.so secure_enclave_t.c \

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
--- a/sgxwallet.c
+++ b/sgxwallet.c
@@ -40,6 +40,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <stdbool.h>
 void usage() {
  fprintf(stderr, "usage: sgxwallet\n");
  exit(1);
@@ -61,12 +62,14 @@ int main(int argc, char *argv[]) {
    exit(1);
  }
-  while ((opt = getopt(argc, argv, "csh")) != -1) {
+  while ((opt = getopt(argc, argv, "cshd0")) != -1) {
    switch (opt) {
    case 'h':
      if (strlen(argv[1]) == 2 ) {
        fprintf(stderr, "-c  client certificate will not be checked\n");
        fprintf(stderr, "-s  client certificate will be signed automatically\n");
+        printf(stderr, "-d  turn on debug output\n");
+          printf(stderr, "-0  SGXWalletServer will be launched on http (not https)\n");
        exit(0);
      } else {
        fprintf(stderr, "unknown flag %s\n", argv[1]);
@@ -78,6 +81,12 @@ int main(int argc, char *argv[]) {
    case 's':
      sign_automatically = true;
      break;
+    case 'd':
+      DEBUG_PRINT = 1;
+      break;
+    case '0':
+      is_sgx_https = 0;
+     break;
    case '?': // fprintf(stderr, "unknown flag\n");
      exit(1);
    default:

--- a/sgxwallet.h
+++ b/sgxwallet.h
@@ -39,6 +39,4 @@ extern sgx_status_t status;
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 #endif //SGXWALLET_SGXWALLET_H
--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -33,6 +33,9 @@
 #include <stdbool.h>
+extern int DEBUG_PRINT;
+extern int is_sgx_https;
 #define BUF_LEN 1024
 #define  MAX_KEY_LENGTH 128
@@ -73,6 +76,7 @@
 #define INVALID_ECDSA_KEY_NAME -20
 #define INVALID_HEX -21
+#define INVALID_ECSDA_SIGNATURE -22
 #define ERROR_IN_ENCLAVE -33

--- a/testw.cpp
+++ b/testw.cpp