Merge pull request #25 from skalenetwork/enhancement/SKALE-1795-Fix-SIGILL-in-SGX

Enhancement/skale 1795 fix sigill in sgx

BLSCrypto.cpp

@@ -135,7 +135,7 @@ bool hex2carray2(const char * _hex, uint64_t  *_bin_len,
 bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
     char* _sig) {
 
-  std::cerr << "ENTER SIGN" << std::endl;
+  //std::cerr << "ENTER SIGN" << std::endl;
 
   auto keyStr = std::make_shared<std::string>(_encryptedKeyHex);
 
@@ -152,7 +152,7 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
 
   auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
 
-  std::cerr << "keyShare created" << std::endl;
+  //std::cerr << "keyShare created" << std::endl;
  // {
     auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
  // }
@@ -168,7 +168,7 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
  // auto sig_ptr = std::make_shared<std::string>(test_sig);
  // strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
 
-  std::cerr<< "sig " << _sig <<std::endl;
+  //std::cerr<< "sig " << _sig <<std::endl;
 
   return true;
 

DKGCrypto.cpp

@@ -81,20 +81,26 @@ std::string gen_dkg_poly( int _t){
     uint32_t enc_len = 0;
 
     status = gen_dkg_secret (eid, &err_status, errMsg, encrypted_dkg_secret, &enc_len, _t);
+    if ( err_status != 0){
+        throw RPCException(-666, errMsg ) ;
+    }
 
+    if (DEBUG_PRINT) {
       std::cerr << "gen_dkg_secret, status " << err_status << " err msg " << errMsg << std::endl;
 
       /*   std::cerr << "encr raw poly: " << std::endl;
          for ( int i = 0 ; i < 3050; i++)
            printf(" %d ", encrypted_dkg_secret[i] );*/
 
+      std::cerr << "in DKGCrypto encr len is " << enc_len << std::endl;
+    }
 
     char *hexEncrPoly = (char *) calloc(DKG_MAX_SEALED_LEN * 2 + 1, 1);//(4*BUF_LEN, 1);
 
     carray2Hex(encrypted_dkg_secret, DKG_MAX_SEALED_LEN, hexEncrPoly);
     std::string result(hexEncrPoly);
 
-    std::cerr << "in DKGCrypto encr len is " << enc_len << std::endl;
+
 
     free(errMsg);
     free(encrypted_dkg_secret);
@@ -108,8 +114,11 @@ std::vector <std::vector<std::string>> get_verif_vect(const char* encryptedPolyH
   char* errMsg1 = (char*) calloc(1024,1);
   int err_status = 0;
 
+  if (DEBUG_PRINT) {
     // std::cerr << "got encr poly " << encryptedPolyHex << std::endl;
     std::cerr << "got encr poly size " << strlen(encryptedPolyHex) << std::endl;
+  }
+
   char* public_shares = (char*)calloc(10000, 1);
 
   uint64_t enc_len = 0;
@@ -118,22 +127,28 @@ std::vector <std::vector<std::string>> get_verif_vect(const char* encryptedPolyH
   if (!hex2carray2(encryptedPolyHex, &enc_len, encr_dkg_poly, 6100)){
       throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
   }
+
+  if (DEBUG_PRINT) {
     std::cerr << "enc len " << enc_len << std::endl;
     /*std::cerr << "encr raw poly: " << std::endl;
     for ( int i = 0 ; i < 3050; i++)
       printf(" %d ", encr_dkg_poly[i] );*/
+  }
 
   uint32_t len;
   status = get_public_shares(eid, &err_status, errMsg1, encr_dkg_poly, len, public_shares, t, n);
-  if ( status != 0){
-
+  if ( err_status != 0){
+    throw RPCException(-666, errMsg1 );
   }
+
+  if (DEBUG_PRINT) {
     std::cerr << "err msg " << errMsg1 << std::endl;
 
     std::cerr << "public_shares:" << std::endl;
     std::cerr << public_shares << std::endl;
 
     printf("\nget_public_shares status: %d error %s \n\n", err_status, errMsg1);
+  }
 
   std::vector <std::string> G2_strings = SplitString( public_shares, ',');
   std::vector <std::vector <std::string>> pub_shares_vect;
@@ -161,6 +176,9 @@ std::string get_secret_shares(const std::string& polyName, const char* encrypted
   }
 
   status = set_encrypted_dkg_poly(eid, &err_status, errMsg1, encr_dkg_poly);
+  if ( status != SGX_SUCCESS || err_status!=0){
+    throw RPCException(-666, errMsg1 );
+  }
 
   std::string result;
   char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
@@ -172,17 +190,24 @@ std::string get_secret_shares(const std::string& polyName, const char* encrypted
     char cur_share[193];
     char s_shareG2[320];
     std::string pub_keyB = publicKeys.at(i);//publicKeys.substr(128*i, 128*i + 128);
+    if (DEBUG_PRINT) {
       std::cerr << "pub_keyB is " << pub_keyB << std::endl;
+    }
     char pubKeyB[129];
     strncpy(pubKeyB, pub_keyB.c_str(), 128);
     pubKeyB[128] = 0;
     get_encr_sshare(eid, &err_status, errMsg1, encrypted_skey, &dec_len,
                    cur_share, s_shareG2, pubKeyB, t, n, i + 1 );
+    if (err_status != 0){
+      throw RPCException(-666, errMsg1);
+    }
 
     result += cur_share;
 
     //uint32_t enc_len = BUF_LEN;
+    if (DEBUG_PRINT) {
       std::cerr << "dec len is " << dec_len << std::endl;
+    }
     carray2Hex(encrypted_skey, dec_len, hexEncrKey);
 
     std::string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + std::to_string(i) + ":";
@@ -191,14 +216,18 @@ std::string get_secret_shares(const std::string& polyName, const char* encrypted
     writeDataToDB(DHKey_name, hexEncrKey);
 
     std::string shareG2_name = "shareG2_" + polyName + "_" + std::to_string(i) + ":";
+    if (DEBUG_PRINT) {
       std::cerr << "name to write to db is " << shareG2_name << std::endl;
       std::cerr << "s_shareG2: " << s_shareG2 << std::endl;
+    }
     writeDataToDB(shareG2_name, s_shareG2);
 
+    if (DEBUG_PRINT) {
       std::cerr << errMsg1 << std::endl << std::endl;
-    //std::cerr << "iteration " << i <<" result length is " << result.length() << std::endl ;
-    //std::cerr << "iteration " << i <<" share length is " << strlen(cur_share) << std::endl;
-    //std::cerr << "iteration " << i <<" share is " << cur_share << std::endl;
+      // std::cerr << "iteration " << i <<" result length is " << result.length() << std::endl ;
+      // std::cerr << "iteration " << i <<" share length is " << strlen(cur_share) << std::endl;
+      // std::cerr << "iteration " << i <<" share is " << cur_share << std::endl;
+    }
   }
   //result += '\0';
 
@@ -218,31 +247,39 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
     if (!hex2carray(encryptedKeyHex, &dec_key_len, encr_key)){
         throw RPCException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
-    //std::cerr << "encryptedKeyHex " << encryptedKeyHex << std::endl;
-    //std::cerr << "dec_key_len " << dec_key_len << std::endl;
+    int result;
+    if (DEBUG_PRINT) {
+      // std::cerr << "encryptedKeyHex " << encryptedKeyHex << std::endl;
+      // std::cerr << "dec_key_len " << dec_key_len << std::endl;
+
 
-    int result ;
-    //std::cerr << "encr_sshare length is " << strlen(encr_sshare) << std::endl;
-    //std::cerr << "public shares " << publicShares << std::endl;
-    std::cerr << "publicShares length is " << strlen(publicShares) << std::endl;
+      // std::cerr << "encr_sshare length is " << strlen(encr_sshare) << std::endl; std::cerr << "public shares " << publicShares << std::endl;
+      std::cerr << "publicShares length is " << std::char_traits<char>::length(publicShares)<<std::endl; //strlen(publicShares)<< std::endl;
+    }
     char pshares[8193];
     strncpy(pshares, publicShares, strlen(publicShares) + 1);
     //std::cerr << "pshares " << pshares << std::endl;
 
 
     dkg_verification(eid, &err_status, errMsg1, pshares, encr_sshare, encr_key, dec_key_len, t, ind, &result);
+    if (result == 2){
+      throw RPCException(INVALID_HEX, "Invalid public shares");
+    }
 
+    if (DEBUG_PRINT) {
       std::cerr << "errMsg1: " << errMsg1 << std::endl;
+      std::cerr << "result is " << result << std::endl;
+    }
 
     free(errMsg1);
 
-
-    std::cerr << "result is " << result << std::endl;
     return result;
 }
 
 bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const char * encryptedKeyHex){
+  if (DEBUG_PRINT) {
     std::cerr << "ENTER CreateBLSShare" << std::endl;
+  }
   char* errMsg1 = (char*) calloc(1024,1);
   int err_status = 0;
 
@@ -255,24 +292,24 @@ bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const
 
   uint32_t enc_bls_len = 0;
 
-  std::cerr << "BEFORE create_bls_key IN ENCLAVE " << std::endl;
+  //std::cerr << "BEFORE create_bls_key IN ENCLAVE " << std::endl;
   create_bls_key(eid, &err_status, errMsg1, s_shares, encr_key, dec_key_len, encr_bls_key, &enc_bls_len);
-
-  std::cerr << "AFTER create_bls_key IN ENCLAVE er msg is  " << errMsg1 << std::endl;
+  //std::cerr << "AFTER create_bls_key IN ENCLAVE er msg is  " << errMsg1 << std::endl;
   if ( err_status != 0){
      std::cerr << "ERROR IN ENCLAVE" << std::endl;
-     throw RPCException(ERROR_IN_ENCLAVE, "Something failed in enclave");
-     return false;
+     throw RPCException(ERROR_IN_ENCLAVE, "Create BLS private key failed in enclave");
   }
   else {
     char *hexBLSKey = (char *) calloc(2 * BUF_LEN, 1);
-    std::cerr << "BEFORE carray2Hex" << std::endl;
+    //std::cerr << "BEFORE carray2Hex" << std::endl;
       //std::cerr << "enc_bls_len " << enc_bls_len << std::endl;
     carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey);
-    std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
+   // std::cerr << "BEFORE WRITE BLS KEY TO DB" << std::endl;
     writeDataToDB(BLSKeyName, hexBLSKey);
+    if (DEBUG_PRINT) {
       std::cerr << "hexBLSKey length is " << strlen(hexBLSKey) << std::endl;
       std::cerr << "bls key " << BLSKeyName << " is " << hexBLSKey << std::endl;
+    }
     free(hexBLSKey);
     return true;
   }
@@ -293,13 +330,21 @@ std::vector<std::string> GetBLSPubKey(const char * encryptedKeyHex){
 //      std::cerr << encr_key[i] << " ";
 
     char pub_key[320];
+    if (DEBUG_PRINT) {
       std::cerr << "dec_key_len is " << dec_key_len << std::endl;
+    }
     get_bls_pub_key(eid, &err_status, errMsg1, encr_key, dec_key_len, pub_key);
-    std::cerr << "errMsg1 is " << errMsg1 << std::endl;
+    if ( err_status != 0){
+      throw RPCException(ERROR_IN_ENCLAVE, "Failed to get BLS public key in enclave");
+    }
     std::vector<std::string> pub_key_vect = SplitString(pub_key, ':');
+
+    if (DEBUG_PRINT) {
+      std::cerr << "errMsg1 is " << errMsg1 << std::endl;
       std::cerr << "pub key is" << std::endl;
-    for ( int i = 0; i < 4; i++)
+      for (int i = 0; i < 4; i++)
         std::cerr << pub_key_vect.at(i) << std::endl;
+    }
     return pub_key_vect;
 }
 
@@ -310,7 +355,9 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
 
   std::string DH_key_name = polyName + "_" + std::to_string(ind) + ":";
   std::shared_ptr<std::string> hexEncrKey_ptr = readFromDb(DH_key_name, "DKG_DH_KEY_");
+  if (DEBUG_PRINT) {
     std::cerr << "encr DH key is " << hexEncrKey_ptr << std::endl;
+  }
 
   char *hexEncrKey = (char *) calloc(2 * BUF_LEN, 1);
 
@@ -323,7 +370,10 @@ std::string decrypt_DHKey(const std::string& polyName, int ind){
   char DHKey[ECDSA_SKEY_LEN];
 
   decrypt_key(eid, &err_status, errMsg1, encrypted_DHkey, DH_enc_len, DHKey);
-
+  if (err_status != 0){
+    free(hexEncrKey);
+    throw RPCException(ERROR_IN_ENCLAVE, "decrypt key failed in enclave");
+  }
 
   free(errMsg1);
   free(hexEncrKey);

ECDSACrypto.cpp

@@ -31,6 +31,7 @@
 #include <gmp.h>
 #include <random>
 
+
 static std::default_random_engine rand_gen((unsigned int) time(0));
 
 std::string concatPubKeyWith0x(char* pub_key_x, char* pub_key_y){
@@ -54,7 +55,7 @@ std::vector<std::string> gen_ecdsa_key(){
     throw RPCException(-666, errMsg) ;
   }
   std::vector<std::string> keys(3);
-  std::cerr << "account key is " << errMsg << std::endl;
+  //std::cerr << "account key is " << errMsg << std::endl;
   char *hexEncrKey = (char *) calloc(2*BUF_LEN, 1);
   carray2Hex(encr_pr_key, enc_len, hexEncrKey);
   keys.at(0) = hexEncrKey;
@@ -64,7 +65,9 @@ std::vector<std::string> gen_ecdsa_key(){
 
 
   unsigned long seed = rand_gen();
+  if (DEBUG_PRINT) {
     std::cerr << "seed is " << seed << std::endl;
+  }
   gmp_randstate_t state;
   gmp_randinit_default(state);
 
@@ -79,7 +82,7 @@ std::vector<std::string> gen_ecdsa_key(){
 
   keys.at(2) = rand_str;
 
-  std::cerr << "rand_str length is " << strlen(rand_str) << std::endl;
+  //std::cerr << "rand_str length is " << strlen(rand_str) << std::endl;
 
   gmp_randclear(state);
   mpz_clear(rand32);
@@ -106,15 +109,16 @@ std::string get_ecdsa_pubkey(const char* encryptedKeyHex){
   }
 
   status = get_public_ecdsa_key(eid, &err_status, errMsg, encr_pr_key, enc_len, pub_key_x, pub_key_y );
-  if ( err_status != 0){
+  if (err_status != 0){
     throw RPCException(-666, errMsg) ;
   }
   std::string pubKey = std::string(pub_key_x) + std::string(pub_key_y);//concatPubKeyWith0x(pub_key_x, pub_key_y);//
 
-  std:: cerr << "pubkey is " << pubKey << std::endl;
-  std:: cerr << "pubkey length is " << pubKey.length() << std::endl;
-
+  if (DEBUG_PRINT) {
+    std::cerr << "pubkey is " << pubKey << std::endl;
+    std::cerr << "pubkey length is " << pubKey.length() << std::endl;
     std::cerr << "err str " << errMsg << std::endl;
+  }
 
   free(errMsg);
   free(pub_key_x);
@@ -138,19 +142,21 @@ std::vector<std::string> ecdsa_sign_hash(const char* encryptedKeyHex, const char
       throw RPCException(INVALID_HEX, "Invalid encryptedKeyHex");
   }
 
-  std::cerr << "encryptedKeyHex: "<< encryptedKeyHex << std::endl;
-
-  std::cerr << "HASH: "<< hashHex << std::endl;
-
+  if (DEBUG_PRINT) {
+    std::cerr << "encryptedKeyHex: " << encryptedKeyHex << std::endl;
+    std::cerr << "HASH: " << hashHex << std::endl;
     std::cerr << "encrypted len" << dec_len << std::endl;
+  }
 
   status = ecdsa_sign1(eid, &err_status, errMsg, encr_key, ECDSA_ENCR_LEN, (unsigned char*)hashHex, signature_r, signature_s, &signature_v, base );
   if ( err_status != 0){
     throw RPCException(-666, errMsg ) ;
   }
 
-  std::cerr << "signature r in  ecdsa_sign_hash "<< signature_r << std::endl;
-  std::cerr << "signature s in  ecdsa_sign_hash "<< signature_s << std::endl;
+  if (DEBUG_PRINT) {
+    std::cerr << "signature r in  ecdsa_sign_hash " << signature_r << std::endl;
+    std::cerr << "signature s in  ecdsa_sign_hash " << signature_s << std::endl;
+  }
 
   if ( status != SGX_SUCCESS){
     std::cerr << "failed to sign " << std::endl;

LevelDB.cpp

@@ -34,6 +34,8 @@
 #include "RPCException.h"
 #include "LevelDB.h"
 
+#include "ServerInit.h"
+
 using namespace leveldb;
 
 
@@ -61,8 +63,9 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
 //    if (result == nullptr) {
 //      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
 //    }
-
-    std::cerr << "key to read from db: " << _key <<std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "key to read from db: " << _key << std::endl;
+    }
 
     throwExceptionOnError(status);
 
@@ -80,7 +83,9 @@ void LevelDB::writeString(const std::string &_key, const std::string &_value) {
 
     throwExceptionOnError(status);
 
-    std::cerr << "written key " << _key << std::endl;//<< " value " << _value << std::endl;
+    if (DEBUG_PRINT) {
+      std::cerr << "written key " << _key  << std::endl;
+    }
 }
 
 
@@ -134,7 +139,9 @@ void LevelDB::deleteKey(const std::string &_key){
 
     throwExceptionOnError(status);
 
+    if (DEBUG_PRINT) {
       std::cerr << "key deleted " << _key << std::endl;
+    }
 }
 
 

SGXRegistrationServer.cpp

@@ -43,6 +43,9 @@
 #include "SGXRegistrationServer.h"
 #include "LevelDB.h"
 
+int DEBUG_PRINT = 0;
+int is_sgx_https = 1;
+
 SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;
 
@@ -139,8 +142,13 @@ Json::Value GetSertificateImpl(const std::string& hash){
           cert = ss.str();
 
           infile.close();
-          std::string remove_crt = "cd cert && rm -rf" + hash + ".crt && rm -rf " + hash + ".csr";
-          system(remove_crt.c_str());
+          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
+          if(system(remove_crt.c_str()) == 0){
+              std::cerr << "cert removed" << std::endl;
+          }
+          else{
+              std::cerr << "cert was not removed" << std::endl;
+          }
 
       }
     }

SGXWalletServer.h

@@ -31,7 +31,8 @@
 #endif
 
 
-EXTERNC int init_server(bool check_certs );
+EXTERNC int init_https_server(bool check_certs );
+EXTERNC int init_http_server();
 
 
 

SGXWalletServer.hpp

@@ -31,6 +31,7 @@
 #include <mutex>
 
 
+
 using namespace jsonrpc;
 using namespace std;
 

ServerDataChecker.cpp

@@ -158,6 +158,10 @@ bool check_n_t ( const int t, const int n){
     return false;
   }
 
+  if (n > 32){
+    return false;
+  }
+
   if ( t < 0 || n < 0){
     return false;
   }

ServerInit.cpp

@@ -55,9 +55,6 @@
 #include <iostream>
 
 
-
-
-
 void init_daemon() {
 
     libff::init_alt_bn128_params();
@@ -126,9 +123,14 @@ void init_all(bool check_cert, bool sign_automatically) {
 
     sgxServerInited = 1;
 
-    init_server(check_cert);
+    if (is_sgx_https) {
+      init_https_server(check_cert);
       init_registration_server(sign_automatically);
       init_csrmanager_server();
+    }
+    else {
+      init_http_server();
+    }
     init_enclave();
     std::cerr << "enclave inited" << std::endl;
     init_daemon();

secure_enclave/DKGUtils.cpp

@@ -107,7 +107,7 @@ std::vector<libff::alt_bn128_Fr> SplitStringToFr(const char* koefs, const char s
     return tokens;
 }
 
-void gen_dkg_poly( char* secret, unsigned _t ){
+int gen_dkg_poly( char* secret, unsigned _t ){
   libff::init_alt_bn128_params();
   std::string result;
   for (size_t i = 0; i < _t; ++i) {
@@ -121,9 +121,11 @@ void gen_dkg_poly( char* secret, unsigned _t ){
   }
   strncpy(secret, result.c_str(), result.length() + 1);
 
-    if (strlen(secret) == 0){
-        throw std::exception();
+  if (strlen(secret) == 0) {
+    return 1;
   }
+
+  return 0;
 }
 
 libff::alt_bn128_Fr PolynomialValue(const std::vector<libff::alt_bn128_Fr>& pol, libff::alt_bn128_Fr point, unsigned _t) {
@@ -149,6 +151,7 @@ void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
   std::string result;
   char symbol = ':';
   std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
+
     for (size_t i = 0; i < _n; ++i) {
     libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(i + 1), _t);
     result += ConvertToString(secret_share);//stringFromFr(secret_share);
@@ -158,12 +161,15 @@ void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
   //strncpy(secret_shares, decrypted_koefs, 3650);
 }
 
-void calc_secret_share(const char* decrypted_koefs, char * s_share,
+int calc_secret_share(const char* decrypted_koefs, char * s_share,
                         unsigned _t, unsigned _n, unsigned ind) {
 
   libff::init_alt_bn128_params();
   char symbol = ':';
   std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
+  if ( poly.size() != _t){
+    return 1;
+  }
 
   libff::alt_bn128_Fr secret_share = PolynomialValue(poly, libff::alt_bn128_Fr(ind), _t);
   std::string cur_share = ConvertToString(secret_share, 16);//stringFromFr(secret_share);
@@ -171,6 +177,7 @@ void calc_secret_share(const char* decrypted_koefs, char * s_share,
   cur_share.insert(0, n_zeroes, '0');
 
   strncpy(s_share, cur_share.c_str(), cur_share.length() + 1);
+  return 0;
 
 }
 
@@ -195,12 +202,15 @@ void calc_secret_shareG2_old(const char* decrypted_koefs, char * s_shareG2,
   //strncpy(s_shareG2, decrypted_koefs, 320);
 }
 
-void calc_secret_shareG2(const char* s_share, char * s_shareG2){
+int calc_secret_shareG2(const char* s_share, char * s_shareG2){
   libff::init_alt_bn128_params();
 
   mpz_t share;
   mpz_init(share);
-  mpz_set_str(share, s_share, 16);
+  if (mpz_set_str(share, s_share, 16) == -1){
+    mpz_clear(share);
+    return 1;
+  }
 
   char arr[mpz_sizeinbase (share, 10) + 2];
   char * share_str = mpz_get_str(arr, 10, share);
@@ -214,15 +224,20 @@ void calc_secret_shareG2(const char* s_share, char * s_shareG2){
   std::string secret_shareG2_str = ConvertG2ToString(secret_shareG2);
 
   strncpy(s_shareG2, secret_shareG2_str.c_str(), secret_shareG2_str.length() + 1);
+
+  return 0;
 }
 
-void calc_public_shares(const char* decrypted_koefs, char * public_shares,
+int calc_public_shares(const char* decrypted_koefs, char * public_shares,
                         unsigned _t) {
   libff::init_alt_bn128_params();
   // calculate for each node a list of public shares
   std::string result;
   char symbol = ':';
   std::vector<libff::alt_bn128_Fr> poly =  SplitStringToFr(decrypted_koefs, symbol);
+  if (poly.size() != _t){
+    return 1;
+  }
   for (size_t i = 0; i < _t; ++i) {
     libff::alt_bn128_G2 pub_share = poly.at(i) * libff::alt_bn128_G2::one() ;
     pub_share.to_affine_coordinates();
@@ -230,6 +245,7 @@ void calc_public_shares(const char* decrypted_koefs, char * public_shares,
     result += pub_share_str + ",";
   }
   strncpy(public_shares, result.c_str(), result.length());
+  return 0;
 }
 
 //extern "C" int __gmpz_set_str (mpz_ptr, const char *, int);
@@ -237,7 +253,10 @@ std::string ConvertHexToDec(std::string hex_str){
   mpz_t dec;
   mpz_init(dec);
 
-  mpz_set_str(dec, hex_str.c_str(), 16);
+  if (mpz_set_str(dec, hex_str.c_str(), 16) == -1){
+    mpz_clear(dec);
+    return "false";
+  }
 
   char arr[mpz_sizeinbase (dec, 10) + 2];
   char * result = mpz_get_str(arr, 10, dec);
@@ -260,11 +279,17 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
     libff::alt_bn128_G2 pub_share;
 
     uint64_t pos0 = share_length * i;
-    pub_share.X.c0 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0, coord_length)).c_str());
-    pub_share.X.c1 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length)).c_str());
-    pub_share.Y.c0 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length)).c_str());
-    pub_share.Y.c1 = libff::alt_bn128_Fq(ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length)).c_str());
-
+    std::string x_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0, coord_length));
+    std::string x_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + coord_length, coord_length));
+    std::string y_c0_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 2 * coord_length, coord_length));
+    std::string y_c1_str = ConvertHexToDec(pub_shares_str.substr(pos0 + 3 * coord_length, coord_length));
+    if (x_c0_str == "false" || x_c1_str == "false" || y_c0_str == "false" || y_c1_str == "false"){
+      return 2;
+    }
+    pub_share.X.c0 = libff::alt_bn128_Fq(x_c0_str.c_str());
+    pub_share.X.c1 = libff::alt_bn128_Fq(x_c1_str.c_str());
+    pub_share.Y.c0 = libff::alt_bn128_Fq(y_c0_str.c_str());
+    pub_share.Y.c1 = libff::alt_bn128_Fq(y_c1_str.c_str());
     pub_share.Z = libff::alt_bn128_Fq2::one();
 
 
@@ -320,17 +345,18 @@ int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int in
 
 }
 
-void calc_bls_public_key(char* skey_hex, char* pub_key){
+int calc_bls_public_key(char* skey_hex, char* pub_key){
   libff::init_alt_bn128_params();
 
   mpz_t skey;
   mpz_init(skey);
-  mpz_set_str(skey, skey_hex, 16);
+  if (mpz_set_str(skey, skey_hex, 16) == -1){
+    return 1;
+  }
 
   char skey_dec[mpz_sizeinbase (skey, 10) + 2];
   char * skey_str = mpz_get_str(skey_dec, 10, skey);
 
-
   libff::alt_bn128_Fr bls_skey(skey_dec);
 
   libff::alt_bn128_G2 public_key = bls_skey * libff::alt_bn128_G2::one();
@@ -339,6 +365,10 @@ void calc_bls_public_key(char* skey_hex, char* pub_key){
   std::string result = ConvertG2ToString(public_key);
 
   strncpy(pub_key, result.c_str(), result.length());
+
+  mpz_clear(skey);
+
+  return 0;
 }
 
 

secure_enclave/DKGUtils.h

@@ -32,24 +32,24 @@
 
 #include <sgx_tgmp.h>
 
-EXTERNC void gen_dkg_poly( char* secret, unsigned _t);
+EXTERNC int gen_dkg_poly( char* secret, unsigned _t);
 
 EXTERNC void calc_secret_shares(const char* decrypted_koefs, char * secret_shares,
                         unsigned _t, unsigned _n);
 
-EXTERNC void calc_secret_share(const char* decrypted_koefs, char * s_share,
+EXTERNC int calc_secret_share(const char* decrypted_koefs, char * s_share,
                                unsigned _t, unsigned _n, unsigned ind);
 
-EXTERNC void calc_public_shares(const char* decrypted_koefs, char * public_shares,
+EXTERNC int calc_public_shares(const char* decrypted_koefs, char * public_shares,
                         unsigned _t);
 
 EXTERNC int Verification ( char * public_shares, mpz_t decr_secret_share, int _t, int ind);
 
-EXTERNC void calc_bls_public_key(char* skey, char* pub_key);
+EXTERNC int calc_bls_public_key(char* skey, char* pub_key);
 
 EXTERNC void calc_secret_shareG2_old(const char* public_shares, char * s_shareG2,
                                  unsigned _t, unsigned ind);
 
-EXTERNC void calc_secret_shareG2(const char* s_share, char * s_shareG2);
+EXTERNC int calc_secret_shareG2(const char* s_share, char * s_shareG2);
 #endif //SGXD_DKGUTILS_H
 

secure_enclave/Makefile.am

@@ -65,7 +65,7 @@ ENCLAVE_KEY=$(ENCLAVE)_private.pem
 
 AM_CPPFLAGS +=  -Wall -Wno-implicit-function-declaration $(TGMP_CPPFLAGS) -I./trusted_libff -I../trusted_libff -I../sgx-sdk-build/sgxsdk/include/libcxx \
               -I../intel-sgx-ssl/Linux/package/include
-AM_CXXFLAGS += -fno-builtin
+AM_CXXFLAGS += -fno-builtin -fstack-protector-strong
 
 
 ## Additional files to remove with 'make clean'. This list needs

secure_enclave/Makefile.in

@@ -333,7 +333,8 @@ AM_CPPFLAGS = @SGX_ENCLAVE_CPPFLAGS@ -Wall \
 	-I./trusted_libff -I../trusted_libff \
 	-I../sgx-sdk-build/sgxsdk/include/libcxx \
 	-I../intel-sgx-ssl/Linux/package/include
-AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin
+AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin \
+	-fstack-protector-strong
 AM_LDFLAGS = @SGX_ENCLAVE_LDFLAGS@ $(TGMP_LDFLAGS) -L./tgmp-build/lib \
 	-L../tgmp-build/lib
 CLEANFILES = $(ENCLAVE).signed.so secure_enclave_t.c \

sgxwallet.c

@@ -40,6 +40,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include <stdbool.h>
 
+
 void usage() {
   fprintf(stderr, "usage: sgxwallet\n");
   exit(1);
@@ -61,12 +62,14 @@ int main(int argc, char *argv[]) {
     exit(1);
   }
 
-  while ((opt = getopt(argc, argv, "csh")) != -1) {
+  while ((opt = getopt(argc, argv, "cshd0")) != -1) {
     switch (opt) {
     case 'h':
       if (strlen(argv[1]) == 2 ) {
         fprintf(stderr, "-c  client certificate will not be checked\n");
         fprintf(stderr, "-s  client certificate will be signed automatically\n");
+        printf(stderr, "-d  turn on debug output\n");
+          printf(stderr, "-0  SGXWalletServer will be launched on http (not https)\n");
         exit(0);
       } else {
         fprintf(stderr, "unknown flag %s\n", argv[1]);
@@ -78,6 +81,12 @@ int main(int argc, char *argv[]) {
     case 's':
       sign_automatically = true;
       break;
+    case 'd':
+      DEBUG_PRINT = 1;
+      break;
+    case '0':
+      is_sgx_https = 0;
+     break;
     case '?': // fprintf(stderr, "unknown flag\n");
       exit(1);
     default:

sgxwallet.h

@@ -39,6 +39,4 @@ extern sgx_status_t status;
 
 #define ENCLAVE_NAME "secure_enclave.signed.so"
 
-
-
 #endif //SGXWALLET_SGXWALLET_H

sgxwallet_common.h

@@ -33,6 +33,9 @@
 
 #include <stdbool.h>
 
+extern int DEBUG_PRINT;
+extern int is_sgx_https;
+
 #define BUF_LEN 1024
 
 #define  MAX_KEY_LENGTH 128
@@ -73,6 +76,7 @@
 
 #define INVALID_ECDSA_KEY_NAME -20
 #define INVALID_HEX -21
+#define INVALID_ECSDA_SIGNATURE -22
 
 #define ERROR_IN_ENCLAVE -33