SKALE-1762 Add SSL cert to SGX server

BLSCrypto.cpp

@@ -28,6 +28,8 @@
 #include "BLSCrypto.h"
 #include "ServerInit.h"
 
+#include "RPCException.h"
+
 
 
 int char2int(char _input) {
@@ -159,13 +161,16 @@ char *encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key)
 
     status = encrypt_key(eid, errStatus, errMsg, keyArray, encryptedKey, &encryptedLen);
 
+    std::cerr << "errStatus is " << *errStatus << " errMsg is " << errMsg << std::endl;
+
     if (status != SGX_SUCCESS) {
+
         *errStatus = -1;
         return nullptr;
     }
 
     if (*errStatus != 0) {
-        return nullptr;
+        throw RPCException(-666, errMsg);
     }
 
 

DKGCrypto.cpp

@@ -148,15 +148,15 @@ std::string get_secret_shares(const std::string& polyName, const char* encrypted
     carray2Hex(encrypted_skey, dec_len, hexEncrKey);
 
 
-    std::string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + std::to_string(i) + ":";
-    std::cerr << "name to write to db is " << DHKey_name << std::endl;
-    std::cerr << "hexEncrKey: " << hexEncrKey << std::endl;
-    writeDataToDB(DHKey_name, hexEncrKey);
-
-    std::string shareG2_name = "shareG2_" + polyName + "_" + std::to_string(i) + ":";
-    std::cerr << "name to write to db is " << shareG2_name << std::endl;
-    std::cerr << "s_shareG2: " << s_shareG2 << std::endl;
-    writeDataToDB(shareG2_name, s_shareG2);
+//    std::string DHKey_name = "DKG_DH_KEY_" + polyName + "_" + std::to_string(i) + ":";
+//    std::cerr << "name to write to db is " << DHKey_name << std::endl;
+//    std::cerr << "hexEncrKey: " << hexEncrKey << std::endl;
+//    writeDataToDB(DHKey_name, hexEncrKey);
+//
+//    std::string shareG2_name = "shareG2_" + polyName + "_" + std::to_string(i) + ":";
+//    std::cerr << "name to write to db is " << shareG2_name << std::endl;
+//    std::cerr << "s_shareG2: " << s_shareG2 << std::endl;
+//    writeDataToDB(shareG2_name, s_shareG2);
 
     std::cerr << errMsg1 << std::endl << std::endl;
     //std::cerr << "iteration " << i <<" result length is " << result.length() << std::endl ;

ECDSACrypto.cpp

@@ -46,13 +46,15 @@ std::vector<std::string> gen_ecdsa_key(){
 
   mpz_t rand32;
   mpz_init(rand32);
-  mpz_urandomb(rand32, state, 257);
+  mpz_urandomb(rand32, state, 256);
 
   char arr[mpz_sizeinbase (rand32, 16) + 2];
   char * rand_str = mpz_get_str(arr, 16, rand32);
 
   keys.at(2) = rand_str;
 
+  std::cerr << "rand_str length is " << strlen(rand_str) << std::endl;
+
   gmp_randclear(state);
   mpz_clear(rand32);
 

LevelDB.cpp

@@ -119,6 +119,17 @@ void LevelDB::deleteTempNEK(const std::string &_key){
     std::cerr << "key deleted " << _key << std::endl;
 }
 
+void LevelDB::deleteKey(const std::string &_key){
+
+    std::lock_guard<std::recursive_mutex> lock(mutex);
+
+    auto status = db->Delete(writeOptions, Slice(_key));
+
+    throwExceptionOnError(status);
+
+    std::cerr << "key deleted " << _key << std::endl;
+}
+
 
 
 void LevelDB::writeByteArray(const char *_key, size_t _keyLen, const char *value,

LevelDB.h

@@ -64,6 +64,8 @@ public:
 
     void deleteTempNEK (const std::string &_key);
 
+    void deleteKey(const std::string &_key);
+
 public:
 
 

Makefile.am

@@ -28,6 +28,7 @@ include $(top_srcdir)/build-aux/sgx_app.am
 
 SUBDIRS=secure_enclave
 
+
 ## Supply additional flags to edger8r here. 
 ##
 ## SGX_EDGER8R_FLAGS=
@@ -93,7 +94,7 @@ secure_enclave.signed.so: secure_enclave/secure_enclave.signed.so
 sgxwallet_LDADD=-l$(SGX_URTS_LIB) -Lleveldb/build -LlibBLS/build  -LlibBLS/build/libff/libff -l:libbls.a -l:libleveldb.a \
    -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a   -ljsonrpccpp-stub -lpthread -ljsonrpccpp-common \
    -ljsonrpccpp-server -ljsonrpccpp-client -ljsoncpp -lcurl -lprocps intel-sgx-ssl/Linux/package/lib64/libsgx_usgxssl.a \
-   intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a
+   intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a -lboost_system -lboost_filesystem
 
 
 

SGXWalletServer.cpp

@@ -32,6 +32,15 @@
 #include "ServerDataChecker.h"
 
 #include <algorithm>
+#include <stdlib.h>
+
+
+//#if __cplusplus < 201412L
+//#error expecting C++17 standard
+//#endif
+
+#include <boost/filesystem.hpp>
+
 
 bool isStringDec( std::string & str){
   auto res = std::find_if_not(str.begin(), str.end(), [](char c)->bool{
@@ -49,7 +58,25 @@ SGXWalletServer::SGXWalletServer(AbstractServerConnector &connector,
 
 int init_server() {
 
-  hs = new HttpServer(1025);
+  std::string certPath = "cert/SGXServerCertificate.crt";
+  std::string keyPath = "cert/SGXServerCertificate.key";
+
+  if (!boost::filesystem::exists(certPath) ){
+    std::cerr << "NO!!! " << std::endl;
+    std::cerr << "CERTIFICATE IS GOING TO BE CREATED" << std::endl;
+
+    std::string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXServerCertificate\" -e=info@skalelabs.com";
+
+    if (system(genCert.c_str()) == 0){
+       std::cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+    }
+    else{
+      std::cerr << "CERTIFICATE GENERATION FAILED" << std::endl;
+      exit(-1);
+    }
+  }
+
+  hs = new HttpServer(1026, certPath, keyPath);
   s = new SGXWalletServer(*hs,
                       JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 
@@ -61,7 +88,7 @@ int init_server() {
 }
 
 Json::Value
-importBLSKeyShareImpl(int index, const std::string &_keyShare, const std::string &_keyShareName, int n, int t) {
+importBLSKeyShareImpl(const std::string &_keyShare, const std::string &_keyShareName, int n, int t, int index) {
     Json::Value result;
 
     int errStatus = UNKNOWN_ERROR;
@@ -73,9 +100,9 @@ importBLSKeyShareImpl(int index, const std::string &_keyShare, const std::string
     result["encryptedKeyShare"] = "";
 
     try {
-        if ( !checkName(_keyShare, "BLS_KEY")){
-          throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
-        }
+//        if ( !checkName(_keyShare, "BLS_KEY")){
+//          throw RPCException(INVALID_POLY_NAME, "Invalid BLSKey name");
+//        }
         char *encryptedKeyShareHex = encryptBLSKeyShare2Hex(&errStatus, errMsg, _keyShare.c_str());
 
         if (encryptedKeyShareHex == nullptr) {
@@ -174,12 +201,16 @@ Json::Value generateECDSAKeyImpl() {
 
     try {
         keys = gen_ecdsa_key();
+
         if (keys.size() == 0 ) {
             throw RPCException(UNKNOWN_ERROR, "key was not generated");
         }
        // std::cerr << "write encr key" << keys.at(0) << std::endl;
-        std::cerr << "encr key length is" << keys.at(0).length() << std::endl;
+
         std::string keyName = "NEK:" + keys.at(2);
+
+        std::cerr << "keyname length is " << keyName.length() << std::endl;
+        std::cerr <<"key name generated: " << keyName << std::endl;
         //writeECDSAKey(keyName, keys.at(0));
         writeDataToDB(keyName, keys.at(0));
 
@@ -642,10 +673,10 @@ Json::Value SGXWalletServer::ecdsaSignMessageHash(int base, const std::string &_
 
 
 Json::Value
-SGXWalletServer::importBLSKeyShare(int index, const std::string &_keyShare, const std::string &_keyShareName, int n,
-                                   int t) {
+SGXWalletServer::importBLSKeyShare(const std::string &_keyShare, const std::string &_keyShareName, int n,
+                                   int t, int index) {
     lock_guard<recursive_mutex> lock(m);
-    return importBLSKeyShareImpl(index, _keyShare, _keyShareName, n, t);
+    return importBLSKeyShareImpl(_keyShare, _keyShareName, n, t, index );
 }
 
 Json::Value SGXWalletServer::blsSignMessageHash(const std::string &keyShareName, const std::string &messageHash,int n,

SGXWalletServer.hpp

@@ -20,7 +20,7 @@ class SGXWalletServer : public AbstractStubServer {
 public:
     SGXWalletServer(AbstractServerConnector &connector, serverVersion_t type);
 
-    virtual Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t);
+    virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName, int n, int t, int index);
     virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int n, int t, int signerIndex);
 
     virtual Json::Value importECDSAKey(const std::string& key, const std::string& keyName);
@@ -45,7 +45,7 @@ void writeDataToDB(const string & Name, const string &value);
 void writeKeyShare(const string &_keyShareName, const string &value, int index, int n, int t);
 shared_ptr<std::string> readKeyShare(const string& _keyShare);
 
-Json::Value importBLSKeyShareImpl(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t);
+Json::Value importBLSKeyShareImpl(const std::string& keyShare, const std::string& keyShareName, int n, int t, int index);
 Json::Value blsSignMessageHashImpl(const std::string& keyShareName, const std::string& messageHash, int n, int t, int signerIndex);
 
 Json::Value importECDSAKeyImpl(const std::string& key, const std::string& keyName);

ServerDataChecker.cpp

@@ -6,6 +6,8 @@
 #include "ServerDataChecker.h"
 #include <gmp.h>
 
+#include <iostream>
+
 std::vector<std::string> SplitString(const std::string& str, const std::string& delim = ":"){
     std::vector<std::string> tokens;
     size_t prev = 0, pos = 0;
@@ -23,12 +25,15 @@ std::vector<std::string> SplitString(const std::string& str, const std::string&
 bool checkECDSAKeyName(const std::string& keyName) {
   std::vector<std::string> parts = SplitString(keyName);
   if (parts.size() != 2) {
+    std::cerr << "num parts != 2" << std::endl;
     return false;
   }
   if (parts.at(0) != "NEK") {
+      std::cerr << "key doesn't start from NEK" << std::endl;
       return false;
   }
   if ( parts.at(1).length() > 64 || parts.at(1).length() < 1){
+      std::cerr << "wrong key length" << std::endl;
       return false;
   }
 

abstractstubserver.h

@@ -12,7 +12,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
     public:
         AbstractStubServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractStubServer>(conn, type)
         {
-          this->bindAndAddMethod(jsonrpc::Procedure("importBLSKeyShare", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "index",jsonrpc::JSON_INTEGER,"keyShare",jsonrpc::JSON_STRING,"keyShareName",jsonrpc::JSON_STRING,"n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::importBLSKeyShareI);
+          this->bindAndAddMethod(jsonrpc::Procedure("importBLSKeyShare", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"keyShare",jsonrpc::JSON_STRING,"keyShareName",jsonrpc::JSON_STRING,"n",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, "index",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::importBLSKeyShareI);
           this->bindAndAddMethod(jsonrpc::Procedure("blsSignMessageHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "keyShareName",jsonrpc::JSON_STRING,"messageHash",jsonrpc::JSON_STRING,"n",jsonrpc::JSON_INTEGER,"signerIndex",jsonrpc::JSON_INTEGER,"t",jsonrpc::JSON_INTEGER, NULL), &AbstractStubServer::blsSignMessageHashI);
 
           this->bindAndAddMethod(jsonrpc::Procedure("importECDSAKey", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, "key",jsonrpc::JSON_STRING,"keyName",jsonrpc::JSON_STRING, NULL), &AbstractStubServer::importECDSAKeyI);
@@ -33,7 +33,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
 
         inline virtual void importBLSKeyShareI(const Json::Value &request, Json::Value &response)
         {
-            response = this->importBLSKeyShare(request["index"].asInt(), request["keyShare"].asString(), request["keyShareName"].asString(), request["n"].asInt(), request["t"].asInt());
+            response = this->importBLSKeyShare( request["keyShare"].asString(), request["keyShareName"].asString(), request["n"].asInt(), request["t"].asInt(), request["index"].asInt());
         }
         inline virtual void blsSignMessageHashI(const Json::Value &request, Json::Value &response)
         {
@@ -89,7 +89,7 @@ class AbstractStubServer : public jsonrpc::AbstractServer<AbstractStubServer>
           response = this->ComplaintResponse( request["polyName"].asString(), request["ind"].asInt());
         }
 
-        virtual Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t) = 0;
+        virtual Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName, int n, int t, int index) = 0;
         virtual Json::Value blsSignMessageHash(const std::string& keyShareName, const std::string& messageHash, int n, int signerIndex, int t) = 0;
         virtual Json::Value importECDSAKey(const std::string& key, const std::string& keyName) = 0;
         virtual Json::Value generateECDSAKey() = 0;

cert/self-signed-tls

+#!/bin/bash
+
+# Directories
+cur=$(pwd)
+tmp=$(mktemp -d)
+scriptName=$(basename "$0")
+
+# Certificate Variables
+OUTPATH="./"
+VERBOSE=0
+DURATION=3650 # 10 years
+
+safeExit() {
+  if [ -d "$tmp" ]; then
+    if [ $VERBOSE -eq 1 ]; then
+      echo "Removing temporary directory '${tmp}'"
+    fi
+    rm -rf "$tmp"
+  fi
+
+  trap - INT TERM EXIT
+  exit
+}
+
+# Help Screen
+help() {
+  echo -n "${scriptName} [OPTIONS] -c=US --state=California
+
+Generate self-signed TLS certificate using OpenSSL
+
+ Options:
+  -c|--country         Country Name (2 letter code)
+  -s|--state           State or Province Name (full name)
+  -l|--locality        Locality Name (eg, city)
+  -o|--organization    Organization Name (eg, company)
+  -u|--unit            Organizational Unit Name (eg, section)
+  -n|--common-name     Common Name (e.g. server FQDN or YOUR name)
+  -e|--email           Email Address
+  -p|--path            Path to output generated keys
+  -d|--duration        Validity duration of the certificate (in days)
+  -h|--help            Display this help and exit
+  -v|--verbose         Verbose output
+"
+}
+
+# Test output path is valid
+testPath() {
+  if [ ! -d $OUTPATH ]; then
+    echo "The specified directory \"${OUTPATH}\" does not exist"
+    exit 1
+  fi
+}
+
+# Process Arguments
+while [ "$1" != "" ]; do
+  PARAM=$(echo "$1" | awk -F= '{print $1}')
+  VALUE=$(echo "$1" | awk -F= '{print $2}')
+  case $PARAM in
+    -h|--help) help; safeExit ;;
+    -c|--country) C=$VALUE ;;
+    -s|--state) ST=$VALUE ;;
+    -l|--locality) L=$VALUE ;;
+    -o|--organization) O=$VALUE ;;
+    -u|--unit) OU=$VALUE ;;
+    -n|--common-name) CN=$VALUE ;;
+    -e|--email) emailAddress=$VALUE ;;
+    -p|--path) OUTPATH=$VALUE; testPath ;;
+	-d|--duration) DURATION=$VALUE ;;
+    -v|--verbose) VERBOSE=1 ;;
+    *) echo "ERROR: unknown parameter \"$PARAM\""; help; exit 1 ;;
+  esac
+  shift
+done
+
+# Prompt for variables that were not provided in arguments
+checkVariables() {
+  # Country
+  if [ -z "$C" ]; then
+    echo -n "Country Name (2 letter code) [AU]:"
+    read -r C
+  fi
+
+  # State
+  if [ -z "$ST" ]; then
+    echo -n "State or Province Name (full name) [Some-State]:"
+    read -r ST
+  fi
+
+  # Locality
+  if [ -z "$L" ]; then
+    echo -n "Locality Name (eg, city) []:"
+    read -r L
+  fi
+
+  # Organization
+  if [ -z "$O" ]; then
+    echo -n "Organization Name (eg, company) [Internet Widgits Pty Ltd]:"
+    read -r O
+  fi
+
+  # Organizational Unit
+  if [ -z "$OU" ]; then
+    echo -n "Organizational Unit Name (eg, section) []:"
+    read -r OU
+  fi
+
+  # Common Name
+  if [ -z "$CN" ]; then
+    echo -n "Common Name (e.g. server FQDN or YOUR name) []:"
+    read -r CN
+  fi
+
+  # Email Address
+  if [ -z "$emailAddress" ]; then
+    echo -n "Email Address []:"
+    read -r emailAddress
+  fi
+}
+
+# Show variable values
+showVals() {
+  echo "Country: ${C}";
+  echo "State: ${ST}";
+  echo "Locality: ${L}";
+  echo "Organization: ${O}";
+  echo "Organization Unit: ${OU}";
+  echo "Common Name: ${CN}";
+  echo "Email: ${emailAddress}";
+  echo "Output Path: ${OUTPATH}";
+  echo "Certificate Duration (Days): ${DURATION}";
+  echo "Verbose: ${VERBOSE}";
+}
+
+# Init
+init() {
+  cd "$tmp" || exit
+  pwd
+}
+
+# Cleanup
+cleanup() {
+  echo "Cleaning up"
+  cd "$cur" || exit
+  rm -rf "$tmp"
+}
+
+buildCsrCnf() {
+cat << EOF > "${tmp}/tmp.csr.cnf"
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+
+[dn]
+C=${C}
+ST=${ST}
+L=${L}
+O=${O}
+OU=${OU}
+CN=${CN}
+emailAddress=${emailAddress}
+EOF
+}
+
+buildExtCnf() {
+cat << EOF > "${tmp}/v3.ext"
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ${CN}
+EOF
+}
+
+# Build TLS Certificate
+build() {
+  # Santizie domain name for file name
+  FILENAME=${CN/\*\./}
+  # Generate CA key & crt
+  openssl genrsa -out "${tmp}/tmp.key" 2048
+  openssl req -x509 -new -nodes -key "${tmp}/tmp.key" -sha256 -days "${DURATION}" -out "${OUTPATH}${FILENAME}_CA.pem" -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${emailAddress}"
+
+  # CSR Configuration
+  buildCsrCnf
+
+  # Create v3.ext configuration file
+  buildExtCnf
+
+  # Server key
+  openssl req -new -sha256 -nodes -out "${OUTPATH}${FILENAME}.csr" -newkey rsa:2048 -keyout "${OUTPATH}${FILENAME}.key" -config <( cat "${tmp}/tmp.csr.cnf" )
+
+  # Server certificate
+  openssl x509 -req -in "${OUTPATH}${FILENAME}.csr" -CA "${OUTPATH}${FILENAME}_CA.pem" -CAkey "${tmp}/tmp.key" -CAcreateserial -out "${OUTPATH}${FILENAME}.crt" -days "${DURATION}" -sha256 -extfile "${tmp}/v3.ext"
+}
+
+checkVariables
+build
+# showVals
+safeExit

secure_enclave/BLSEnclave.cpp

@@ -104,7 +104,7 @@ void checkKey(int *err_status, char *err_string, const char *_keyString) {
 
     *err_status = -3;
 
-    // check that key is padded with 0s
+     //check that key is padded with 0s
 
     for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
         if (_keyString[i] != 0) {
@@ -112,22 +112,22 @@ void checkKey(int *err_status, char *err_string, const char *_keyString) {
         }
     }
 
-    std::string ks(_keyString);
-
-    // std::string  keyString =
-    // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
-
-    auto key = keyFromString(ks.c_str());
-
-    auto s1 = stringFromKey(key);
-
-    if (s1->compare(ks) != 0) {
-        throw std::exception();
-    }
+//    std::string ks(_keyString);
+//
+//    // std::string  keyString =
+//    // "4160780231445160889237664391382223604184857153814275770598791864649971919844";
+//
+//    auto key = keyFromString(ks.c_str());
+//
+//    auto s1 = stringFromKey(key);
+//
+//    if (s1->compare(ks) != 0) {
+//        throw std::exception();
+//    }
 
     *err_status = 0;
 
-    return;
+   // return;
 }
 
 
@@ -151,9 +151,6 @@ bool enclave_sign(const char *_keyString, const char *_hashXString, const char *
 
     libff::alt_bn128_G1 hash(hashX, hashY, hashZ);
 
-
-
-
     libff::alt_bn128_G1 sign = key->as_bigint() * hash;  // sign
 
     sign.to_affine_coordinates();

secure_enclave/secure_enclave.c

@@ -268,7 +268,7 @@ void get_public_ecdsa_key(int *err_status, char *err_string,
 void encrypt_key(int *err_status, char *err_string, char *key,
                  uint8_t *encrypted_key, uint32_t *enc_len) {
 
-    init();
+    //init();
 
     *err_status = UNKNOWN_ERROR;
 
@@ -294,10 +294,10 @@ void encrypt_key(int *err_status, char *err_string, char *key,
 
     memset(encrypted_key, 0, BUF_LEN);
 
-    if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, (sgx_sealed_data_t *) encrypted_key) !=
-        SGX_SUCCESS) {
+    sgx_status_t status = sgx_seal_data(0, NULL, MAX_KEY_LENGTH, (uint8_t *) key, sealedLen, (sgx_sealed_data_t *) encrypted_key);
+    if ( status != SGX_SUCCESS) {
         *err_status = SEAL_KEY_FAILED;
-        snprintf(err_string, BUF_LEN, "SGX seal data failed");
+        snprintf(err_string, BUF_LEN, "SGX seal data failed with status %d", status);
         return;
     }
 
@@ -652,7 +652,7 @@ void complaint_response(int *err_status, char *err_string, uint8_t *encrypted_DH
   calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1);
 
   //snprintf(err_string, BUF_LEN,"poly:%s", decrypted_dkg_secret);
- // snprintf(err_string, BUF_LEN,"what the fuck");
+ // snprintf(err_string, BUF_LEN,"what the ...");
 
   //snprintf(err_string, BUF_LEN,"s_shareG2:%s", s_shareG2);
   free(decrypted_dkg_secret);

stubclient.h

@@ -12,7 +12,7 @@ class StubClient : public jsonrpc::Client
     public:
         StubClient(jsonrpc::IClientConnector &conn, jsonrpc::clientVersion_t type = jsonrpc::JSONRPC_CLIENT_V2) : jsonrpc::Client(conn, type) {}
 
-        Json::Value importBLSKeyShare(int index, const std::string& keyShare, const std::string& keyShareName, int n, int t) throw (jsonrpc::JsonRpcException)
+        Json::Value importBLSKeyShare(const std::string& keyShare, const std::string& keyShareName, int n, int t, int index) throw (jsonrpc::JsonRpcException)
         {
             Json::Value p;
             p["index"] = index;

testw.cpp

@@ -172,7 +172,7 @@ TEST_CASE("BLS key import", "[bls-key-import]") {
 
 
 
-    auto result = importBLSKeyShareImpl(1, TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2);
+    auto result = importBLSKeyShareImpl(TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2, 1);
 
     REQUIRE(result["status"] == 0);
 
@@ -212,7 +212,7 @@ TEST_CASE("Server BLS sign test", "[bls-server-sign]") {
 
     init_all();
 
-    auto result = importBLSKeyShareImpl(1, TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2);
+    auto result = importBLSKeyShareImpl( TEST_BLS_KEY_SHARE, TEST_BLS_KEY_NAME, 2, 2, 1);
 
     REQUIRE(result["status"] == 0);
 
@@ -719,6 +719,7 @@ using namespace jsonrpc;
 using namespace std;
 
 TEST_CASE("BLS_DKG test", "[bls_dkg]") {
+  init_all();
   cerr << "Server inited" << endl;
   HttpClient client("http://localhost:1026");
   StubClient c(client, JSONRPC_CLIENT_V2);
@@ -728,19 +729,23 @@ TEST_CASE("BLS_DKG test", "[bls_dkg]") {
   Json::Value EthKeys[n];
   Json::Value Polys[n];
   Json::Value VerifVects[n];
-  std::vector <std::string> pub_keys;
+  Json::Value pubEthKeys;
   for ( uint8_t i = 0; i < n; i++){
     EthKeys[i] = c.generateECDSAKey();
-    std::string polyName = "POLY:SCHAIN_ID:1:NODE_ID:" + std::to_string(i) + "DKG_ID:0";
+    std::string polyName = "POLY:SCHAIN_ID:1:NODE_ID:" + std::to_string(i) + ":DKG_ID:0";
     Polys[i] = c.generateDKGPoly(polyName, t);
     VerifVects[i] = c.getVerificationVector(polyName, n, t);
-
+    pubEthKeys.append(EthKeys[i]["PublicKey"]);
   }
 
 
+
+
 }
 
 TEST_CASE("API test", "[api_test]") {
+
+  std::cerr << __GNUC__ << std::endl;
     cerr << "API test started" << endl;
     init_all();
     //HttpServer httpserver(1025);
@@ -748,7 +753,7 @@ TEST_CASE("API test", "[api_test]") {
     //                JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
    // s.StartListening();
     cerr << "Server inited" << endl;
-    HttpClient client("http://localhost:1025");
+    HttpClient client("http://localhost:1026");
     StubClient c(client, JSONRPC_CLIENT_V2);
 
     cerr << "Client inited" << endl;
@@ -758,11 +763,19 @@ TEST_CASE("API test", "[api_test]") {
         //levelDb->deleteOlegKey("1");
        // levelDb->deleteDHDKGKey("p2_0:");
         //levelDb->deleteDHDKGKey("p2_1:");
+        for ( uint8_t i = 0; i < 2; i++) {
+        levelDb->deleteKey("POLY:SCHAIN_ID:0:NODE_ID:" + std::to_string(i) +
+                             ":DKG_ID:0");
+
+          levelDb->deleteKey(" DKG_DH_KEY_POLY:SCHAIN_ID:0:NODE_ID:" + std::to_string(i)+ ":DKG_ID:0_0");
+          levelDb->deleteKey(" DKG_DH_KEY_POLY:SCHAIN_ID:0:NODE_ID:" + std::to_string(i)+ ":DKG_ID:0_1");
+        }
 
+       cout << c.importBLSKeyShare("4160780231445160889237664391382223604184857153814275770598791864649971919844","BLS_KEY:SCHAIN_ID:2660016693368503500803087136248943520694587309641817:NODE_ID:33909:DKG_ID:3522960548719023733985054069487289468077787284706573", 4, 3,1);
 
        // cout << c.generateECDSAKey() << endl;
        // cout << c.renameESDSAKey("NODE_1CHAIN_1","tmp_NEK:bcacde0d26c0ea2c7e649992e7f791e1fba2492f5b7ae63dadb799075167c7fc");
-        cout<<c.getPublicECDSAKey("NEK:697fadfc597bdbfae9ffb7412b80939e848c9c2fec2657bb2122b6d0d4a0dca8");
+       // cout<<c.getPublicECDSAKey("NEK:697fadfc597bdbfae9ffb7412b80939e848c9c2fec2657bb2122b6d0d4a0dca8");
       //cout << c.ecdsaSignMessageHash(16, "NEK:697fadfc597bdbfae9ffb7412b80939e848c9c2fec2657bb2122b6d0d4a0dca8","0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db" );
         //cout << c.ecdsaSignMessageHash(16, "known_key1","0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db" );
         //  cout << c.blsSignMessageHash(TEST_BLS_KEY_NAME, "0x09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db", 2,2,1 );