Merge pull request #176 from skalenetwork/SKALE-3205

Skale 3205

BLSCrypto.cpp

@@ -29,14 +29,12 @@
 #include "third_party/intel/create_enclave.h"
 
 
-
 #include "bls.h"
 #include <bls/BLSutils.h>
 
 #include "BLSPrivateKeyShareSGX.h"
 
 
-
 #include "sgxwallet_common.h"
 #include "sgxwallet.h"
 #include "SGXException.h"
@@ -44,8 +42,10 @@
 #include "common.h"
 #include "SGXWalletServer.h"
 
-#include "BLSCrypto.h"
+#include "SEKManager.h"
+#include "LevelDB.h"
 #include "ServerInit.h"
+#include "BLSCrypto.h"
 
 
 string *FqToString(libff::alt_bn128_Fq *_fq) {
@@ -57,7 +57,7 @@ string *FqToString(libff::alt_bn128_Fq *_fq) {
 
     _fq->as_bigint().to_mpz(t);
 
-    SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2);
+    SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
 
     mpz_get_str(arr, 10, t);
     mpz_clear(t);
@@ -86,7 +86,7 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,
 
     CHECK_STATE(_hexArrayLen > 2 * _len);
 
-    for (int j = 0; j < _len; j++) {
+    for (uint64_t j = 0; j < _len; j++) {
         _hexArray[j * 2] = hexval[((d[j] >> 4) & 0xF)];
         _hexArray[j * 2 + 1] = hexval[(d[j]) & 0x0F];
     }
@@ -95,7 +95,6 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,
 }
 
 
-
 bool hex2carray(const char *_hex, uint64_t *_bin_len,
                 uint8_t *_bin, uint64_t _max_length) {
 
@@ -105,11 +104,11 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,
     CHECK_STATE(_bin_len)
 
 
-    int len = strnlen(_hex, 2 * _max_length + 1);
+    uint64_t len = strnlen(_hex, 2 * _max_length + 1);
 
     CHECK_STATE(len != 2 * _max_length + 1);
 
-    CHECK_STATE(len <= 2 * _max_length );
+    CHECK_STATE(len <= 2 * _max_length);
 
 
     if (len == 0 && len % 2 == 1)
@@ -117,7 +116,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,
 
     *_bin_len = len / 2;
 
-    for (int i = 0; i < len / 2; i++) {
+    for (uint64_t i = 0; i < len / 2; i++) {
         int high = char2int((char) _hex[i * 2]);
         int low = char2int((char) _hex[i * 2 + 1]);
 
@@ -141,7 +140,8 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t
 
     auto keyStr = make_shared<string>(_encryptedKeyHex);
 
-    auto hash = make_shared<array<uint8_t, 32>>();
+    auto hash = make_shared < array < uint8_t,
+    32 >> ();
 
     uint64_t binLen;
 
@@ -166,7 +166,8 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
     CHECK_STATE(_hashHex);
     CHECK_STATE(_sig);
 
-    auto hash = make_shared<array<uint8_t, 32>>();
+    auto hash = make_shared < array < uint8_t,
+    32 >> ();
 
     uint64_t binLen;
 
@@ -174,10 +175,10 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
         throw SGXException(INVALID_HEX, "Invalid hash");
     }
 
-    shared_ptr<signatures::Bls> obj;
+    shared_ptr <signatures::Bls> obj;
     obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
 
-    pair<libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
+    pair <libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
 
     string *xStr = FqToString(&(hash_with_hint.first.X));
 
@@ -190,11 +191,9 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
         BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
     }
 
-    vector<char> errMsg(BUF_LEN,0);
+    vector<char> errMsg(BUF_LEN, 0);
 
-    SAFE_CHAR_BUF(xStrArg,BUF_LEN);
-    SAFE_CHAR_BUF(yStrArg,BUF_LEN);
-    SAFE_CHAR_BUF(signature,BUF_LEN);
+    SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN);
 
     strncpy(xStrArg, xStr->c_str(), BUF_LEN);
     strncpy(yStrArg, yStr->c_str(), BUF_LEN);
@@ -204,7 +203,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
 
     size_t sz = 0;
 
-    SAFE_UINT8_BUF(encryptedKey,BUF_LEN);
+    SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
 
     bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN);
 
@@ -213,9 +212,16 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
     }
 
     int errStatus = 0;
-    sgx_status_t status =
-            trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+
+
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+            status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
                                               sz, xStrArg, yStrArg, signature);
+    RESTART_END
+
+
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
@@ -240,16 +246,22 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key
     CHECK_STATE(errStatus);
     CHECK_STATE(err_string);
     CHECK_STATE(_key);
-    auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
-    auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
+    auto keyArray = make_shared < vector < char >> (BUF_LEN, 0);
+    auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0);
 
     vector<char> errMsg(BUF_LEN, 0);
 
     strncpy(keyArray->data(), _key, BUF_LEN);
     *errStatus = 0;
-    unsigned int encryptedLen = 0;
 
-    sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
+    uint64_t encryptedLen = 0;
+
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
+                                      &encryptedLen);
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
 

BLSPrivateKeyShareSGX.cpp

@@ -26,15 +26,14 @@
 #include "BLSutils.h"
 
 #include "third_party/spdlog/spdlog.h"
-
+#include "common.h"
 #include "secure_enclave_u.h"
 #include "sgxwallet_common.h"
 #include "sgxwallet.h"
 
 #include "BLSCrypto.h"
 #include "ServerInit.h"
-#include "common.h"
-
+#include "SEKManager.h"
 #include "BLSPrivateKeyShareSGX.h"
 
 string *stringFromFq(libff::alt_bn128_Fq *_fq) {
@@ -148,9 +147,12 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
         BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
     }
 
-    sgx_status_t status =
-            trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
                                           encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 

DKGCrypto.cpp

@@ -26,22 +26,15 @@
 #include <memory>
 
 
-
 #include "third_party/spdlog/spdlog.h"
+#include "common.h"
 #include "sgxwallet.h"
 #include "SGXException.h"
-#include "common.h"
-#include "SGXWalletServer.hpp"
 
-
-#include "DKGCrypto.h"
+#include "SGXWalletServer.hpp"
 #include "BLSCrypto.h"
-
-
-
-
-
-
+#include "SEKManager.h"
+#include "DKGCrypto.h"
 
 vector <string> splitString(const char *coeffs, const char symbol) {
     CHECK_STATE(coeffs);
@@ -71,7 +64,7 @@ string ConvertToString(T field_elem, int base = 10) {
 
     field_elem.as_bigint().to_mpz(t);
 
-    SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, base) + 2);
+    SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, base) + 2);
 
     mpz_get_str(arr, base, t);
     mpz_clear(t);
@@ -93,7 +86,7 @@ string convertHexToDec(const string &hex_str) {
             return ret;
         }
 
-        SAFE_CHAR_BUF(arr,mpz_sizeinbase(dec, 10) + 2);
+        SAFE_CHAR_BUF(arr, mpz_sizeinbase(dec, 10) + 2);
         mpz_get_str(arr, 10, dec);
         ret = arr;
     } catch (exception &e) {
@@ -135,13 +128,18 @@ string convertG2ToString(const libff::alt_bn128_G2 &elem, int base, const string
 string gen_dkg_poly(int _t) {
     vector<char> errMsg(BUF_LEN, 0);
     int errStatus = 0;
-    uint32_t enc_len = 0;
+    uint64_t enc_len = 0;
 
     vector <uint8_t> encrypted_dkg_secret(BUF_LEN, 0);
 
+    sgx_status_t status = SGX_SUCCESS;
+
 
+    RESTART_BEGIN
+        status = trustedGenDkgSecretAES(
+                eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
+    RESTART_END
 
-    sgx_status_t status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     uint64_t length = enc_len;;
@@ -173,9 +171,14 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int
     }
 
 
+    sgx_status_t status = SGX_SUCCESS;
 
-    sgx_status_t status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
+
+    RESTART_BEGIN
+        status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
                                            pubShares.data(), t, n);
+    RESTART_END
+
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     vector <string> g2Strings = splitString(pubShares.data(), ',');
@@ -202,19 +205,23 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
     uint64_t encLen = 0;
 
 
-
     if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    sgx_status_t status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+    sgx_status_t status = SGX_SUCCESS;
+
+    READ_LOCK(initMutex);
+
+    status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     string result;
 
     for (int i = 0; i < _n; i++) {
         vector <uint8_t> encryptedSkey(BUF_LEN, 0);
-        uint32_t decLen;
+        uint64_t decLen;
         vector<char> currentShare(193, 0);
         vector<char> sShareG2(320, 0);
 
@@ -226,8 +233,11 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
 
         spdlog::debug("pubKeyB is {}", pub_keyB);
 
-        sgx_status_t status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
-                                          currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
+        sgx_status_t status = SGX_SUCCESS;
+        status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
+                                                   currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
+                                                   i + 1);
+
         HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
         spdlog::debug("cur_share is {}", currentShare.data());
@@ -271,11 +281,16 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    SAFE_CHAR_BUF(pshares,8193);
+    SAFE_CHAR_BUF(pshares, 8193);
     strncpy(pshares, publicShares, strlen(publicShares));
 
-    sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
                                      ind, &result);
+    RESTART_END
+
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     if (result == 2) {
@@ -290,24 +305,26 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
     CHECK_STATE(s_shares);
     CHECK_STATE(encryptedKeyHex);
 
-    vector<char> errMsg(BUF_LEN,0);
+    vector<char> errMsg(BUF_LEN, 0);
     int errStatus = 0;
 
-    uint64_t decKeyLen;
-    SAFE_UINT8_BUF(encr_bls_key,BUF_LEN);
-    SAFE_UINT8_BUF(encr_key,BUF_LEN);
+    uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN);
     if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    uint32_t enc_bls_len = 0;
+    uint64_t enc_bls_len = 0;
 
-    sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
                                         &enc_bls_len);
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
-    SAFE_CHAR_BUF(hexBLSKey,2 * BUF_LEN)
+    SAFE_CHAR_BUF(hexBLSKey, 2 * BUF_LEN)
 
     carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN);
 
@@ -331,9 +348,15 @@ vector <string> getBLSPubKey(const char *encryptedKeyHex) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    SAFE_CHAR_BUF(pubKey,320)
+    SAFE_CHAR_BUF(pubKey, 320)
+
+
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
+    RESTART_END
 
-    sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     vector <string> pubKeyVect = splitString(pubKey, ':');
@@ -405,8 +428,7 @@ string decryptDHKey(const string &polyName, int ind) {
 
     vector<char> hexEncrKey(2 * BUF_LEN, 0);
 
-    uint64_t dhEncLen = 0;
-    SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
+    uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
     if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid hexEncrKey");
     }
@@ -415,7 +437,11 @@ string decryptDHKey(const string &polyName, int ind) {
 
     SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN);
 
-    sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+    RESTART_END
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     return DHKey;

ECDSACrypto.cpp

@@ -38,6 +38,7 @@
 
 #include "BLSCrypto.h"
 
+#include "SEKManager.h"
 #include "ECDSACrypto.h"
 
 void fillRandomBuffer(vector<unsigned char> &_buffer) {
@@ -54,11 +55,15 @@ vector <string> genECDSAKey() {
     vector<char> pub_key_x(BUF_LEN, 0);
     vector<char> pub_key_y(BUF_LEN, 0);
 
-    uint32_t enc_len = 0;
+    uint64_t enc_len = 0;
+
+    sgx_status_t status = SGX_SUCCESS;
 
-    sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
+    RESTART_BEGIN
+        status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
                                    errMsg.data(), encr_pr_key.data(), &enc_len,
                                    pub_key_x.data(), pub_key_y.data());
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
 
@@ -99,8 +104,12 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
                                              errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
 
@@ -184,10 +193,14 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus,
+    sgx_status_t status = SGX_SUCCESS;
+
+    RESTART_BEGIN
+        status = trustedEcdsaSignAES(eid, &errStatus,
                             errMsg.data(), encryptedKey.data(), decLen, hashHex,
                             signatureR.data(),
                             signatureS.data(), &signatureV, base);
+    RESTART_END
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 

SEKManager.cpp

@@ -21,21 +21,25 @@
     @date 2020
 */
 
-#include "SEKManager.h"
-#include "SGXException.h"
-#include "BLSCrypto.h"
-#include "LevelDB.h"
 
 #include <fstream>
 #include <iostream>
 #include <algorithm>
 
+#include "third_party/spdlog/spdlog.h"
+
+
 #include "sgxwallet_common.h"
 #include "common.h"
 #include "sgxwallet.h"
 
+#include "SGXException.h"
+#include "BLSCrypto.h"
+#include "LevelDB.h"
+
 #include "ServerDataChecker.h"
-#include "third_party/spdlog/spdlog.h"
+#include "ServerInit.h"
+#include "SEKManager.h"
 
 using namespace std;
 
@@ -52,13 +56,18 @@ bool case_insensitive_match(string s1, string s2) {
 void create_test_key() {
     int errStatus = 0;
     vector<char> errMsg(1024, 0);
-    uint32_t enc_len;
+    uint64_t enc_len;
 
     SAFE_UINT8_BUF(encrypted_key, BUF_LEN);
 
     string key = TEST_VALUE;
 
-    sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+    sgx_status_t status =  SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
@@ -86,7 +95,12 @@ void validate_SEK() {
         exit(-1);
     }
 
-    sgx_status_t status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
@@ -109,15 +123,21 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
 
     auto encrypted_SEK = make_shared < vector < uint8_t >> (BUF_LEN, 0);
 
-    uint32_t l = 0;
+    uint64_t l = 0;
 
-    sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
                              SEK.c_str());
+    }
 
-    encrypted_SEK->resize(l);
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
+    encrypted_SEK->resize(l);
+
     validate_SEK();
 
     return encrypted_SEK;
@@ -127,13 +147,18 @@ void gen_SEK() {
     vector<char> errMsg(1024, 0);
     int err_status = 0;
     vector <uint8_t> encrypted_SEK(1024, 0);
-    uint32_t enc_len = 0;
+    uint64_t enc_len = 0;
 
     SAFE_CHAR_BUF(SEK, 65);
 
     spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
 
-    sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+
+    sgx_status_t status = SGX_SUCCESS;
+    {
+
+        status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
@@ -184,6 +209,13 @@ void gen_SEK() {
 
 }
 
+void  reinitEnclave() {
+    WRITE_LOCK(initMutex);
+    initEnclave();
+    shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
+    setSEK(encrypted_SEK_ptr);
+}
+
 void setSEK(shared_ptr <string> hex_encrypted_SEK) {
 
     CHECK_STATE(hex_encrypted_SEK);
@@ -200,7 +232,10 @@ void setSEK(shared_ptr <string> hex_encrypted_SEK) {
         throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
     }
 
-    sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 

SEKManager.h

@@ -45,4 +45,11 @@ EXTERNC void enter_SEK();
 
 EXTERNC void initSEK();
 
+EXTERNC void setSEK();
+
+EXTERNC void reinitEnclave();
+
+
+
+
 #endif //SGXD_SEKMANAGER_H

SGXWalletServer.cpp

@@ -54,6 +54,9 @@
 
 using namespace std;
 
+std::shared_timed_mutex initMutex;
+uint64_t initTime;
+
 void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) {
     spdlog::info("Entering {}", __FUNCTION__);
 
@@ -563,7 +566,7 @@ Json::Value SGXWalletServer::calculateAllBLSPublicKeysImpl(const Json::Value& pu
 
         vector<string> public_keys = calculateAllBlsPublicKeys(public_shares);
 
-        if (public_keys.size() != n) {
+        if (public_keys.size() != (uint64_t)n) {
             throw SGXException(UNKNOWN_ERROR, "");
         }
 

ServerInit.cpp

@@ -57,6 +57,8 @@
 #include "SGXException.h"
 #include "SGXWalletServer.hpp"
 
+uint32_t enclaveLogLevel = 0;
+
 void initUserSpace() {
 
     libff::inhibit_profiling_counters = true;
@@ -66,9 +68,8 @@ void initUserSpace() {
     LevelDB::initDataFolderAndDBs();
 }
 
-void initEnclave(uint32_t _logLevel) {
-    eid = 0;
-    updated = 0;
+void initEnclave() {
+
 
 #ifndef SGX_HW_SIM
     unsigned long support;
@@ -81,7 +82,22 @@ void initEnclave(uint32_t _logLevel) {
 
     spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
 
-    sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        WRITE_LOCK(initMutex);
+
+        if (eid != 0) {
+            if (sgx_destroy_enclave(eid) != SGX_SUCCESS) {
+                spdlog::error("Could not destroy enclave");
+                return;
+            }
+        }
+
+        eid = 0;
+        updated = 0;
+
+        status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
                                            &updated, &eid, 0);
 
         if (status != SGX_SUCCESS) {
@@ -96,7 +112,8 @@ void initEnclave(uint32_t _logLevel) {
 
         spdlog::info("Enclave created and started successfully");
         
-    status = trustedEnclaveInit(eid, _logLevel);
+        status = trustedEnclaveInit(eid, enclaveLogLevel);
+    }
 
     if (status != SGX_SUCCESS) {
         spdlog::error("trustedEnclaveInit failed: {}", status);
@@ -107,10 +124,13 @@ void initEnclave(uint32_t _logLevel) {
 }
 
 
+
+
 void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
 
     static atomic<bool> sgxServerInited(false);
     static mutex initMutex;
+    enclaveLogLevel = _logLevel;
 
     lock_guard <mutex> lock(initMutex);
 
@@ -123,7 +143,8 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
 
         CHECK_STATE(sgxServerInited != 1)
         sgxServerInited = 1;
-        initEnclave(_logLevel);
+
+        initEnclave();
         initUserSpace();
         initSEK();
 
@@ -146,6 +167,6 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
         exception_ptr p = current_exception();
         printf("Exception %s \n", p.__cxa_exception_type()->name());
         spdlog::error("Unknown exception");
-        exit (-1);
+        exit(-1);
     }
 };

ServerInit.h

@@ -36,7 +36,7 @@ EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign);
 
 EXTERNC void initUserSpace();
 
-EXTERNC void initEnclave(uint32_t _logLevel);
+EXTERNC void initEnclave();
 
 
 

VERSION

-1.58.1
+1.58.2
\ No newline at end of file

common.h

@@ -96,5 +96,20 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
 #define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
 #define SAFE_UINT8_BUF(__X__, __Y__)  ;uint8_t __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
 
+#include <shared_mutex>
+
+extern std::shared_timed_mutex initMutex;
+extern uint64_t initTime;
+
+#if SGX_MODE == SIM
+#define ENCLAVE_RESTART_PERIOD_S 5
+#else
+#define ENCLAVE_RESTART_PERIOD_S 60 * 10
+#endif
+
+#define READ_LOCK(__X__) std::shared_lock<std::shared_timed_mutex> __LOCK__(__X__);
+#define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);
+
+
 
 #endif //SGXWALLET_COMMON_H

secure_enclave/AESUtils.c

@@ -27,42 +27,24 @@
 #include "stdlib.h"
 #include <string.h>
 
+
 #include "AESUtils.h"
 
 sgx_aes_gcm_128bit_key_t AES_key;
 sgx_aes_gcm_128bit_key_t AES_DH_key;
 
-int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
-
-    if (!message) {
-        LOG_ERROR("Null message in AES_encrypt");
-        return -1;
-    }
-
-    if (!encr_message) {
-        LOG_ERROR("Null encr message in AES_encrypt");
-        return -2;
-    }
-
-    uint64_t len = strlen(message) + 1;
 
-    if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
-        LOG_ERROR("Output buffer too small");
-        return -3;
-    }
+#define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
 
-    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
+int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsigned  char type,
+                unsigned char exportable, uint64_t* resultLen) {
 
-    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message),
-                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
-                                                     encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
-                                                     NULL, 0,
-                                                     (sgx_aes_gcm_128bit_tag_t *) encr_message);
 
-    return status;
-}
 
-int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
+    if (!type) {
+        LOG_ERROR("Null type in AES_encrypt");
+        return -1;
+    }
 
     if (!message) {
         LOG_ERROR("Null message in AES_encrypt");
@@ -74,74 +56,57 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
         return -2;
     }
 
+    uint64_t len = strlen(message) + 1;
 
-  if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
-      LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
-      return -1;
+    if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) {
+        LOG_ERROR("Output buffer too small");
+        return -3;
     }
 
+    SAFE_CHAR_BUF(fullMessage, len + 2);
 
+    fullMessage[0] = type;
+    fullMessage[1] = exportable;
 
-  uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
+    strncpy(fullMessage + 2, message, len );
 
-  if (msgLen < len) {
-        LOG_ERROR("Output buffer not large enough");
-        return -2;
-  }
+    len = len + 2;
+    message = fullMessage;
 
-  sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
-                                                   encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
-                                                   (unsigned char*) message,
+    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
+
+    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len,
+                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
                                                      encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
                                                      NULL, 0,
-                                                   (sgx_aes_gcm_128bit_tag_t *)encr_message);
+                                                     (sgx_aes_gcm_128bit_tag_t *) encr_message);
+
+    *resultLen = len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
 
     return status;
 }
 
-
-
-
-int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) {
+int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
+                uint8_t *type, uint8_t* exportable){
 
     if (!message) {
-        LOG_ERROR("Null message in AES_encrypt_DH");
+        LOG_ERROR("Null message in AES_encrypt");
         return -1;
     }
 
     if (!encr_message) {
-        LOG_ERROR("Null encr message in AES_encrypt_DH");
+        LOG_ERROR("Null encr message in AES_encrypt");
         return -2;
     }
 
-    uint64_t len = strlen(message) + 1;
-
-    if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
-        LOG_ERROR("Output buffer too small");
+    if (!type) {
+        LOG_ERROR("Null type in AES_encrypt");
         return -3;
     }
 
-    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
-
-    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message),
-                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
-                                                     encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
-                                                     NULL, 0,
-                                                     (sgx_aes_gcm_128bit_tag_t *) encr_message);
-
-    return status;
-}
-
-int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
-
-    if (!message) {
-        LOG_ERROR("Null message in AES_encrypt_DH");
-        return -1;
-    }
-
     if (!encr_message) {
-        LOG_ERROR("Null encr message in AES_encrypt_DH");
-        return -2;
+        LOG_ERROR("Null exportable in AES_encrypt");
+        return -4;
     }
 
 
@@ -159,23 +124,18 @@ int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64
         return -2;
   }
 
-    sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key,
+  sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
                                                    encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
                                                    (unsigned char*) message,
                                                    encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
                                                    NULL, 0,
                                                    (sgx_aes_gcm_128bit_tag_t *)encr_message);
 
-    return status;
-}
-
-
-
-
-
+  *type = message[0];
+  *exportable = message[1];
+  for (int i = 2; i < strlen(message) + 1; i++) {
+      message[i - 2 ] = message[i];
+  }
 
-void derive_DH_Key() {
-    memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE );
-    /*AES_DH_key[1] = 1;AES_DH_key[2] = 2;*/
+  return status;
 }
-

secure_enclave/AESUtils.h

@@ -25,15 +25,21 @@
 #define SGXD_AESUTILS_H
 
 extern sgx_aes_gcm_128bit_key_t AES_key;
-extern sgx_aes_gcm_128bit_key_t AES_DH_key;
 
-int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
-int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
+int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
+                unsigned char type, unsigned char exportable, uint64_t* resultLen);
+int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen,
+                uint8_t *type, uint8_t* exportable) ;
 
-int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen);
-int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
 
-void derive_DH_Key();
+
+#define ECDSA '1'
+#define BLS '2'
+#define DKG '3'
+
+#define EXPORTABLE '1'
+#define NON_EXPORTABLE '2'
+
 
 
 #endif //SGXD_AESUTILS_H

secure_enclave/secure_enclave.c

@@ -122,7 +122,7 @@ unsigned char *globalRandom = NULL;
         abort(); \
     } else {called = true;};
 
-void trustedEnclaveInit(uint32_t _logLevel) {
+void trustedEnclaveInit(uint64_t _logLevel) {
     CALL_ONCE
     LOG_INFO(__FUNCTION__);
 
@@ -232,7 +232,7 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
 
 
 void sealHexSEK(int *errStatus, char *errString,
-                        uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+                        uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) {
     CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
@@ -255,7 +255,7 @@ void sealHexSEK(int *errStatus, char *errString,
                                            (sgx_sealed_data_t *) encrypted_sek);
     CHECK_STATUS("seal SEK failed after SEK generation");
 
-    uint32_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek);
+    uint64_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek);
 
     CHECK_STATE(encrypt_text_length = plaintextLen);
 
@@ -263,7 +263,7 @@ void sealHexSEK(int *errStatus, char *errString,
     SAFE_CHAR_BUF(unsealedKey, BUF_LEN);
     uint32_t decLen = BUF_LEN;
 
-    uint32_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek);
+    uint64_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek);
     CHECK_STATE(add_text_length == 0);
     CHECK_STATE(sgx_is_within_enclave(encrypted_sek,sizeof(sgx_sealed_data_t)));
     status = sgx_unseal_data((const sgx_sealed_data_t *)encrypted_sek, NULL, NULL,
@@ -279,7 +279,7 @@ void sealHexSEK(int *errStatus, char *errString,
 }
 
 void trustedGenerateSEK(int *errStatus, char *errString,
-                        uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+                        uint8_t *encrypted_sek, uint64_t *enc_len, char *sek_hex) {
     CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
@@ -292,7 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 
     carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
     memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
-    derive_DH_Key();
+
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
 
@@ -332,7 +332,6 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
 
 
     hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
-    derive_DH_Key();
 
     SET_SUCCESS
     clean:
@@ -341,7 +340,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
 }
 
 void trustedSetSEK_backup(int *errStatus, char *errString,
-                          uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) {
+                          uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) {
     CALL_ONCE
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
@@ -351,7 +350,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
 
     uint64_t len;
     hex2carray(sek_hex, &len, (uint8_t *) AES_key);
-    derive_DH_Key();
+
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
 
@@ -370,7 +369,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
 
 
 void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
-                                uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
+                                uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) {
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
@@ -410,22 +409,24 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
     }
     strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
 
-    SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2);
+    SAFE_CHAR_BUF(skey_str, BUF_LEN);
+    SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2);
     mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey);
     n_zeroes = 64 - strlen(arr_skey_str);
     for (int i = 0; i < n_zeroes; i++) {
         skey_str[i] = '0';
     }
     strncpy(skey_str + n_zeroes, arr_skey_str, 65 - n_zeroes);
-    skey_str[ECDSA_SKEY_LEN - 1] = 0;
     snprintf(errString, BUF_LEN, "skey len is %d\n", (int) strlen(skey_str));
 
-    int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN);
+    int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN,
+                             ECDSA, NON_EXPORTABLE, enc_len);
     CHECK_STATUS("ecdsa private key encryption failed");
 
-    *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
+    uint8_t type = 0;
+    uint8_t exportable = 0;
 
-    status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
+    status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, BUF_LEN, &type, &exportable);
 
     CHECK_STATUS2("ecdsa private key decr failed with status %d");
 
@@ -439,11 +440,11 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
 }
 
 void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
-                                 uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
+                                 uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) {
     LOG_DEBUG(__FUNCTION__);
     INIT_ERROR_STATE
 
-    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey, BUF_LEN);
 
     mpz_t privateKeyMpz;
     mpz_init(privateKeyMpz);
@@ -455,7 +456,11 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
     CHECK_STATE(pub_key_x);
     CHECK_STATE(pub_key_y);
 
-    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
+                             &type, &exportable);
     CHECK_STATUS2("AES_decrypt failed with status %d");
 
     skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
@@ -515,7 +520,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
 
 static uint64_t sigCounter = 0;
 
-void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len,
+void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len,
                          const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
     LOG_DEBUG(__FUNCTION__);
 
@@ -526,7 +531,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
     CHECK_STATE(sigR);
     CHECK_STATE(sigS);
 
-    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey, BUF_LEN);
 
     mpz_t privateKeyMpz;
     mpz_init(privateKeyMpz);
@@ -534,7 +539,12 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
     mpz_init(msgMpz);
     signature sign = signature_init();
 
-    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
+                             &type, &exportable);
 
     CHECK_STATUS2("aes decrypt failed with status %d");
 
@@ -600,7 +610,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 
 
 void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
-                          uint32_t enc_len, char *key) {
+                          uint64_t enc_len, char *key) {
 
     LOG_DEBUG(__FUNCTION__);
     INIT_ERROR_STATE
@@ -610,7 +620,16 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
 
     *errStatus = -9;
 
-    int status = AES_decrypt_DH(encryptedPrivateKey, enc_len, key, 3072);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072,
+                             &type, &exportable);
+
+    if (exportable != EXPORTABLE) {
+        *errStatus = -11;
+        snprintf(errString, BUF_LEN, "Key is not exportable");
+    }
 
     if (status != 0) {
         *errStatus = status;
@@ -636,7 +655,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
 
 
 void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
-                          uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
+                          uint8_t *encryptedPrivateKey, uint64_t *enc_len) {
     LOG_INFO(__FUNCTION__);
 
     *errString = 0;
@@ -647,15 +666,18 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 
     *errStatus = UNKNOWN_ERROR;
 
-    int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN);
+    int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN,
+                             DKG, EXPORTABLE, enc_len);
 
     CHECK_STATUS2("AES encrypt failed with status %d");
 
-    *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
-
     SAFE_CHAR_BUF(decryptedKey, BUF_LEN);
 
-    status = AES_decrypt_DH(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    status = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN,
+                         &type, &exportable);
 
     CHECK_STATUS2("trustedDecryptKey failed with status %d");
 
@@ -671,6 +693,8 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 
     if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) {
         snprintf(errString, BUF_LEN, "Decrypted key does not match original key");
+        LOG_ERROR(key);
+        LOG_ERROR(decryptedKey);
         LOG_ERROR(errString);
         goto clean;
     }
@@ -684,7 +708,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 
 
 void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
-                              uint32_t enc_len, char *_hashX,
+                              uint64_t enc_len, char *_hashX,
                               char *_hashY, char *signature) {
     LOG_DEBUG(__FUNCTION__);
     INIT_ERROR_STATE
@@ -696,7 +720,10 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
 
     SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN);
 
-    int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN, &type, &exportable);
 
     CHECK_STATUS("AES decrypt failed")
 
@@ -726,7 +753,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
 }
 
 void
-trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
+trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) {
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
@@ -738,16 +765,20 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
 
     CHECK_STATUS("gen_dkg_poly failed")
 
-    status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN);
+    status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN,
+                         DKG, EXPORTABLE, enc_len);
 
     CHECK_STATUS("SGX AES encrypt DKG poly failed");
 
-    *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
+
 
     SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH);
 
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
     status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
-                         DKG_BUFER_LENGTH);
+                         DKG_BUFER_LENGTH, &type, &exportable);
 
     CHECK_STATUS("aes decrypt dkg poly failed");
 
@@ -768,7 +799,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
 
 void
 trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
-                           uint32_t enc_len,
+                           uint64_t enc_len,
                            uint8_t *decrypted_dkg_secret) {
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
@@ -776,8 +807,11 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
     CHECK_STATE(encrypted_dkg_secret);
     CHECK_STATE(decrypted_dkg_secret);
 
+    uint8_t  type;
+    uint8_t  exportable;
+
     int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret,
-                             3072);
+                             3072, &type, &exportable);
 
     CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d")
 
@@ -790,7 +824,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
 }
 
 
-void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint32_t enc_len) {
+void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) {
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
@@ -798,8 +832,11 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
 
     memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
 
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
     int status = AES_decrypt(encrypted_poly, enc_len, (char *) getThreadLocalDecryptedDkgPoly(),
-                             DKG_BUFER_LENGTH);
+                             DKG_BUFER_LENGTH, &type, &exportable);
 
     CHECK_STATUS2("sgx_unseal_data - encrypted_poly failed with status %d")
 
@@ -810,14 +847,14 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
     LOG_INFO("SGX call completed");
 }
 
-void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
+void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
                                        char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
                                        uint8_t ind) {
 
     LOG_INFO(__FUNCTION__);
     INIT_ERROR_STATE
 
-    uint32_t enc_len;
+    uint64_t enc_len;
     int status;
 
     CHECK_STATE(encrypted_skey);
@@ -827,7 +864,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     LOG_DEBUG(__FUNCTION__);
 
-    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey, BUF_LEN);
 
     SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);
 
@@ -835,7 +872,10 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
 
-    status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    status = AES_decrypt(encrypted_skey, enc_len, skey, BUF_LEN, &type, &exportable);
 
     skey[ECDSA_SKEY_LEN - 1] = 0;
 
@@ -843,13 +883,13 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
 
     *dec_len = enc_len;
 
-    SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(common_key, BUF_LEN);
 
     status = gen_session_key(skey, pub_keyB, common_key);
 
     CHECK_STATUS("gen_session_key failed")
 
-    SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(s_share, BUF_LEN);
 
     status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind);
     CHECK_STATUS("calc secret share failed")
@@ -858,7 +898,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
     status = calc_secret_shareG2(s_share, s_shareG2);
     CHECK_STATUS("invalid decr secret share");
 
-    SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(cypher, BUF_LEN);
     status=xor_encrypt(common_key, s_share, cypher);
 
     CHECK_STATUS("xor_encrypt failed")
@@ -875,7 +915,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
     LOG_INFO("SGX call completed");
 }
 
-void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
+void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
                                char *public_shares,
                                unsigned _t, unsigned _n) {
     LOG_INFO(__FUNCTION__);
@@ -888,8 +928,11 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
 
     SAFE_CHAR_BUF(decrypted_dkg_secret, DKG_MAX_SEALED_LEN);
 
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
     int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
-                             DKG_MAX_SEALED_LEN);
+                             DKG_MAX_SEALED_LEN, &type, &exportable);
 
     CHECK_STATUS2("aes decrypt data - encrypted_dkg_secret failed with status %d");
 
@@ -913,26 +956,30 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
     CHECK_STATE(s_share);
     CHECK_STATE(encryptedPrivateKey);
 
-    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey,BUF_LEN);
 
     mpz_t s;
     mpz_init(s);
 
-    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, BUF_LEN,
+                             &type, &exportable);
 
     CHECK_STATUS2("AES_decrypt failed (in trustedDkgVerifyAES) with status %d");
 
-    SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(encr_sshare, BUF_LEN);
 
     strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1);
 
-    SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(common_key, BUF_LEN);
 
     status = session_key_recover(skey, s_share, common_key);
 
     CHECK_STATUS("session_key_recover failed");
 
-    SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(decr_sshare, BUF_LEN);
 
     status=xor_decrypt(common_key, encr_sshare, decr_sshare);
 
@@ -954,7 +1001,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
 
 void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
                             uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
-                            uint32_t *enc_bls_key_len) {
+                            uint64_t *enc_bls_key_len) {
 
     LOG_INFO(__FUNCTION__);
 
@@ -964,7 +1011,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
     CHECK_STATE(encryptedPrivateKey);
     CHECK_STATE(encr_bls_key);
 
-    SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey, BUF_LEN);
 
     mpz_t sum;
     mpz_init(sum);
@@ -977,8 +1024,12 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
     mpz_t bls_key;
     mpz_init(bls_key);
 
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
 
-    int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
+    int status = AES_decrypt(encryptedPrivateKey, key_len, skey, BUF_LEN,
+                             &type, &exportable);
     CHECK_STATUS2("aes decrypt failed with status %d");
 
     skey[ECDSA_SKEY_LEN - 1] = 0;
@@ -1038,12 +1089,10 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
     strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes);
     key_share[BLS_KEY_LENGTH - 1] = 0;
 
-    status = AES_encrypt(key_share, encr_bls_key, BUF_LEN);
+    status = AES_encrypt(key_share, encr_bls_key, BUF_LEN, BLS, NON_EXPORTABLE, enc_bls_key_len);
 
     CHECK_STATUS2("aes encrypt bls private key failed with status %d ");
 
-    *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
-
     SET_SUCCESS
     clean:
 
@@ -1064,9 +1113,15 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
     CHECK_STATE(bls_pub_key);
     CHECK_STATE(encryptedPrivateKey);
 
-    SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN);
+    SAFE_CHAR_BUF(skey_hex, BUF_LEN);
+
+    uint8_t type = 0;
+    uint8_t exportable = 0;
+
+
 
-    int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
+    int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, BUF_LEN,
+                             &type, &exportable);
 
     CHECK_STATUS2("AES decrypt failed %d");
 

secure_enclave/secure_enclave.edl

@@ -11,14 +11,14 @@ enclave {
 	trusted {
 		include "sgx_tgmp.h"
 
-		public void trustedEnclaveInit(uint32_t _logLevel);
+		public void trustedEnclaveInit(uint64_t _logLevel);
 
 
         public void trustedGenerateSEK(
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char *err_string,
                                 [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
-                                [out] uint32_t *enc_len,
+                                [out] uint64_t *enc_len,
                                 [out, count = 65] char* hex_SEK);
 
         public void trustedSetSEK(
@@ -30,14 +30,14 @@ enclave {
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char *err_string,
                                 [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
-                                [out] uint32_t *enc_len,
+                                [out] uint64_t *enc_len,
                                 [in, string] const char* SEK_hex);
 
         public void trustedGenerateEcdsaKeyAES (
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
-                                [out] uint32_t *enc_len,
+                                [out] uint64_t *enc_len,
                                 [out, count = SMALL_BUF_SIZE] char * pub_key_x,
                                 [out, count = SMALL_BUF_SIZE] char * pub_key_y);
 
@@ -45,7 +45,7 @@ enclave {
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
-                                uint32_t dec_len,
+                                uint64_t dec_len,
                                 [out, count = SMALL_BUF_SIZE] char * pub_key_x,
                                 [out, count = SMALL_BUF_SIZE] char * pub_key_y);
 
@@ -53,7 +53,7 @@ enclave {
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
-                                uint32_t enc_len,
+                                uint64_t enc_len,
                                 [in, string] const char* hash,
                                 [out, count = SMALL_BUF_SIZE] char* sig_r,
                                 [out, count = SMALL_BUF_SIZE] char* sig_s,
@@ -65,26 +65,26 @@ enclave {
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = SMALL_BUF_SIZE] const char* key,
                                 [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
-                                [out] uint32_t *enc_len);
+                                [out] uint64_t *enc_len);
 
         public void trustedDecryptKeyAES (
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
-                                uint32_t enc_len,
+                                uint64_t enc_len,
                                 [out, count = SMALL_BUF_SIZE] char* key );
 
         public void trustedGenDkgSecretAES (
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [out, count = 3072] uint8_t* encrypted_dkg_secret,
-                                [out] uint32_t * enc_len, size_t _t);
+                                [out] uint64_t * enc_len, size_t _t);
 
         public void trustedDecryptDkgSecretAES (
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = 3050] uint8_t* encrypted_dkg_secret,
-                                uint32_t enc_len,
+                                uint64_t enc_len,
                                 [out, count = 3072] uint8_t* decrypted_dkg_secret
                                 );
 
@@ -92,13 +92,13 @@ enclave {
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = 3050] uint8_t* encrypted_poly,
-                                uint32_t enc_len);
+                                uint64_t enc_len);
 
         public void trustedGetEncryptedSecretShareAES(
                                 [out]int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char *err_string,
                                 [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
-                                [out] uint32_t* dec_len,
+                                [out] uint64_t* dec_len,
                                 [out, count = 193] char* result_str,
                                 [out, count = 320] char* s_shareG2,
                                 [in, string] char* pub_keyB,
@@ -110,7 +110,7 @@ enclave {
                                 [out] int *errStatus,
                                 [out, count = SMALL_BUF_SIZE] char* err_string,
                                 [in, count = 3050] uint8_t* encrypted_dkg_secret,
-                                uint32_t enc_len,
+                                uint64_t enc_len,
                                 [out, count = 10000] char* public_shares,
                                 unsigned _t,
                                 unsigned _n);
@@ -133,13 +133,13 @@ enclave {
                                 [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                 uint64_t key_len,
                                 [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
-                                [out] uint32_t *enc_bls_key_len);
+                                [out] uint64_t *enc_bls_key_len);
 
         public void trustedBlsSignMessageAES (
                                 [out] int *errStatus,
                                 [out, count = TINY_BUF_SIZE] char* err_string,
                                 [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key,
-                                uint32_t enc_len,
+                                uint64_t enc_len,
                                 [in, string] char* hashX ,
                                 [in, string] char* hashY,
                                 [out, count = SMALL_BUF_SIZE] char* signature);

sgxwallet_common.h

@@ -109,4 +109,23 @@ extern bool autoconfirm;
 
 #define TEST_VALUE "1234567890"
 
+
+#define RESTART_BEGIN \
+int __ATTEMPTS__ = 0; \
+do {\
+__ATTEMPTS__++; \
+{\
+READ_LOCK(initMutex);
+
+#define RESTART_END \
+} \
+if (status != SGX_SUCCESS) { \
+spdlog::error(__FUNCTION__); \
+spdlog::error("Restarting sgx ..."); \
+reinitEnclave(); \
+} \
+} while (status != SGX_SUCCESS && __ATTEMPTS__ < 2);
+
+
+
 #endif //SGXWALLET_SGXWALLET_COMMON_H

testw.cpp

@@ -127,7 +127,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes
     vector<char> pubKeyX(BUF_LEN, 0);
     vector<char> pubKeyY(BUF_LEN, 0);
 
-    uint32_t encLen = 0;
+    uint64_t encLen = 0;
     PRINT_SRC_LINE
     auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
                                              pubKeyX.data(),
@@ -160,7 +160,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") {
     vector <uint8_t> encrPrivKey(BUF_LEN, 0);
     vector<char> pubKeyX(BUF_LEN, 0);
     vector<char> pubKeyY(BUF_LEN, 0);
-    uint32_t encLen = 0;
+    uint64_t encLen = 0;
     PRINT_SRC_LINE
     auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
                                              pubKeyX.data(),
@@ -177,7 +177,8 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke
     vector <uint8_t> encPrivKey(BUF_LEN, 0);
     vector<char> pubKeyX(BUF_LEN, 0);
     vector<char> pubKeyY(BUF_LEN, 0);
-    uint32_t encLen = 0;
+
+    uint64_t encLen = 0;
 
     PRINT_SRC_LINE
     auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(),
@@ -291,7 +292,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") {
     vector<char> errMsg(BUF_LEN, 0);
 
     int errStatus = 0;
-    uint32_t encLen = 0;
+    uint64_t encLen = 0;
 
     PRINT_SRC_LINE
     auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32);
@@ -314,7 +315,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares
     vector<char> errMsg(BUF_LEN, 0);
 
     int errStatus = 0;
-    uint32_t encLen = 0;
+    uint64_t encLen = 0;
 
     unsigned t = 32, n = 32;
     PRINT_SRC_LINE
@@ -363,7 +364,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-
     vector<char> result(BUF_LEN, 0);
 
     int errStatus = 0;
-    uint32_t encLen = 0;
+    uint64_t encLen = 0;
 
     vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
     PRINT_SRC_LINE
@@ -694,7 +695,7 @@ TEST_CASE_METHOD(TestFixture, "AES_DKG test", "[aes-dkg]") {
 TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
     int errStatus = 0;
     vector<char> errMsg(BUF_LEN, 0);
-    uint32_t encLen;
+    uint64_t encLen;
     string key = SAMPLE_AES_KEY;
     vector <uint8_t> encrypted_key(BUF_LEN, 0);