Merge pull request #177 from skalenetwork/bug/SKALE-3039

SKALE-3039 Restarting SGX

Merge pull request #177 from skalenetwork/bug/SKALE-3039
SKALE-3039 Restarting SGX
e0d95f3f · Stan Kladko · GitHub · 4b8f7281 · 83b5c23e · e0d95f3f
Unverified Commit e0d95f3f authored Sep 10, 2020 by Stan Kladko Committed by GitHub Sep 10, 2020
15 changed files
--- a/BLSCrypto.cpp
+++ b/BLSCrypto.cpp
@@ -217,7 +217,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-            status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+            status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
                                              sz, xStrArg, yStrArg, signature);
    RESTART_END

@@ -259,9 +259,9 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
+        status = trustedEncryptKey(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
                                      &encryptedLen);
-    RESTART_END
+    RESTART_END_POINTER

    HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());


--- a/BLSPrivateKeyShareSGX.cpp
+++ b/BLSPrivateKeyShareSGX.cpp
@@ -150,7 +150,7 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+        status = trustedBlsSignMessage(eid, &errStatus, errMsg.data(), encryptedKey,
                                          encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
    RESTART_END


--- a/DKGCrypto.cpp
+++ b/DKGCrypto.cpp
@@ -136,7 +136,7 @@ string gen_dkg_poly(int _t) {


    RESTART_BEGIN
-        status = trustedGenDkgSecretAES(
+        status = trustedGenDkgSecret(
                eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
    RESTART_END

@@ -175,7 +175,7 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int


    RESTART_BEGIN
-        status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
+        status = trustedGetPublicShares(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
                                           pubShares.data(), t, n);
    RESTART_END

@@ -213,7 +213,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve

    READ_LOCK(initMutex);

-    status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+    status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);

    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());

@@ -234,7 +234,7 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
        spdlog::debug("pubKeyB is {}", pub_keyB);

        sgx_status_t status = SGX_SUCCESS;
-        status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
+        status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
                                                   currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
                                                   i + 1);

@@ -287,7 +287,7 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
+        status = trustedDkgVerify(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
                                     ind, &result);
    RESTART_END

@@ -318,7 +318,7 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
+        status = trustedCreateBlsKey(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
                                        &enc_bls_len);
    RESTART_END

@@ -354,7 +354,7 @@ vector <string> getBLSPubKey(const char *encryptedKeyHex) {
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
+        status = trustedGetBlsPubKey(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
    RESTART_END

    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
@@ -440,7 +440,7 @@ string decryptDHKey(const string &polyName, int ind) {
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+        status = trustedDecryptKey(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
    RESTART_END
    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());


--- a/DKGCrypto.h
+++ b/DKGCrypto.h
@@ -55,6 +55,6 @@ string convertG2ToString(const libff::alt_bn128_G2& elem, int base = 10, const s

 vector<string> calculateAllBlsPublicKeys(const vector<string>& public_shares);

-bool TestcreateBLSShare( const char * s_shares);
+bool testCreateBLSShare( const char * s_shares);

 #endif //SGXD_DKGCRYPTO_H
--- a/ECDSACrypto.cpp
+++ b/ECDSACrypto.cpp
@@ -60,7 +60,7 @@ vector <string> genECDSAKey() {
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
+        status = trustedGenerateEcdsaKey(eid, &errStatus,
                                   errMsg.data(), encr_pr_key.data(), &enc_len,
                                   pub_key_x.data(), pub_key_y.data());
    RESTART_END
@@ -107,7 +107,7 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
+        status = trustedGetPublicEcdsaKey(eid, &errStatus,
                                             errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
    RESTART_END

@@ -196,7 +196,7 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
    sgx_status_t status = SGX_SUCCESS;

    RESTART_BEGIN
-        status = trustedEcdsaSignAES(eid, &errStatus,
+        status = trustedEcdsaSign(eid, &errStatus,
                            errMsg.data(), encryptedKey.data(), decLen, hashHex,
                            signatureR.data(),
                            signatureS.data(), &signatureV, base);

--- a/SEKManager.cpp
+++ b/SEKManager.cpp
@@ -66,7 +66,7 @@ void create_test_key() {

    {
        READ_LOCK(initMutex);
-        status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+        status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
    }

    HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
@@ -99,7 +99,7 @@ void validate_SEK() {

    {
        READ_LOCK(initMutex);
-        status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+        status = trustedDecryptKey(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
    }

    HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
@@ -129,7 +129,7 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {

    {
        READ_LOCK(initMutex);
-        status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
+        status = trustedSetSEKBackup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
                             SEK.c_str());
    }


--- a/VERSION
+++ b/VERSION
-1.58.2
\ No newline at end of file
+1.58.3
\ No newline at end of file
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -43,9 +43,10 @@ fi

 if [[ "$1" == "-t" ]]; then
 echo "Test run requested"
-##sleep 0
+sleep 5
 ./testw.py
 else
+  sleep 3
   ./sgxwallet $1 $2 $3 $4 $5
 fi

--- a/secure_enclave/AESUtils.c
+++ b/secure_enclave/AESUtils.c
@@ -30,8 +30,7 @@

 #include "AESUtils.h"

-sgx_aes_gcm_128bit_key_t AES_key;
-sgx_aes_gcm_128bit_key_t AES_DH_key;
+sgx_aes_gcm_128bit_key_t AES_key[1024];


 #define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
@@ -75,7 +74,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig

    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);

-    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len,
+    sgx_status_t status = sgx_rijndael128GCM_encrypt(&(AES_key[512]), (uint8_t*)message, len,
                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
                                                     encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
                                                     NULL, 0,
@@ -124,7 +123,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
        return -2;
  }

-  sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
+  sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]),
                                                   encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
                                                   (unsigned char*) message,
                                                   encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,

--- a/secure_enclave/AESUtils.h
+++ b/secure_enclave/AESUtils.h
@@ -24,7 +24,7 @@
 #ifndef SGXD_AESUTILS_H
 #define SGXD_AESUTILS_H

-extern sgx_aes_gcm_128bit_key_t AES_key;
+extern sgx_aes_gcm_128bit_key_t AES_key[1024];

 int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
                unsigned char type, unsigned char exportable, uint64_t* resultLen);

--- a/secure_enclave/Signature.c
+++ b/secure_enclave/Signature.c
@@ -57,6 +57,15 @@ signature signature_init() {
    return sig;
 }

+/*Release signature*/
+void signature_free(signature sig) {
+    if (!sig)
+        return;
+    mpz_clear(sig->r);
+    mpz_clear(sig->s);
+    free(sig);
+}
+

 /*Set signature from strings of a base from 2-62*/
 int signature_set_str(signature sig, const char *r, const char *s, int base) {
@@ -104,10 +113,9 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
        return;
    }

-    point Q = point_init();
-
    //Initializing variables
-    mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed;
+    point Q = point_init();
+    mpz_t k, x, r, t1, t2, t3, t4, t5, s, n_div_2, rem, neg, seed,  s_mul_2;
    mpz_init(k);
    mpz_init(x);
    mpz_init(r);
@@ -121,7 +129,6 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para
    mpz_init(rem);
    mpz_init(neg);
    mpz_init(seed);
-    mpz_t s_mul_2;
    mpz_init(s_mul_2);

    SAFE_CHAR_BUF(rand_char, 32);
@@ -182,32 +189,27 @@ void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_para


    point_clear(Q);
-
    mpz_clear(k);
-    mpz_clear(r);
    mpz_clear(s);
+    mpz_clear(r);
    mpz_clear(x);
    mpz_clear(rem);
    mpz_clear(neg);
    mpz_clear(t1);
    mpz_clear(t2);
    mpz_clear(t3);
+    mpz_clear(t4);
+    mpz_clear(t5);
    mpz_clear(seed);
    mpz_clear(n_div_2);
    mpz_clear(s_mul_2);

+
 }

 #endif

-/*Release signature*/
-void signature_free(signature sig) {
-    if (!sig)
-        return;
-    mpz_clear(sig->r);
-    mpz_clear(sig->s);
-    free(sig);
-}
+

 /*Verify the integrity of a message using it's signature*/
 bool signature_verify(mpz_t message, signature sig, point public_key, domain_parameters curve) {

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
    RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);

    carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
-    memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
+    memcpy(AES_key[512], SEK_raw, SGX_AESGCM_KEY_SIZE);


    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
@@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
    uint64_t len;


-    hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
+    hex2carray(aes_key_hex, &len, (uint8_t *) (AES_key[512]));

    SET_SUCCESS
    clean:
@@ -339,7 +339,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
    LOG_INFO("SGX call completed");
 }

-void trustedSetSEK_backup(int *errStatus, char *errString,
+void trustedSetSEKBackup(int *errStatus, char *errString,
                          uint8_t *encrypted_sek, uint64_t *enc_len, const char *sek_hex) {
    CALL_ONCE
    LOG_INFO(__FUNCTION__);
@@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    CHECK_STATE(sek_hex);

    uint64_t len;
-    hex2carray(sek_hex, &len, (uint8_t *) AES_key);
+    hex2carray(sek_hex, &len, (uint8_t *) (AES_key[512]));


    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
@@ -368,7 +368,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,



-void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
+void trustedGenerateEcdsaKey(int *errStatus, char *errString,
                                uint8_t *encryptedPrivateKey, uint64_t *enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE
@@ -439,7 +439,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
    LOG_INFO("SGX call completed");
 }

-void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
+void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
                                 uint8_t *encryptedPrivateKey, uint64_t enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_DEBUG(__FUNCTION__);
    INIT_ERROR_STATE
@@ -520,7 +520,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,

 static uint64_t sigCounter = 0;

-void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len,
+void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t enc_len,
                         const char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
    LOG_DEBUG(__FUNCTION__);

@@ -609,7 +609,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
 }


-void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
+void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                          uint64_t enc_len, char *key) {

    LOG_DEBUG(__FUNCTION__);
@@ -654,7 +654,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
 }


-void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
+void trustedEncryptKey(int *errStatus, char *errString, const char *key,
                          uint8_t *encryptedPrivateKey, uint64_t *enc_len) {
    LOG_INFO(__FUNCTION__);

@@ -707,7 +707,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 }


-void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
+void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                              uint64_t enc_len, char *_hashX,
                              char *_hashY, char *signature) {
    LOG_DEBUG(__FUNCTION__);
@@ -753,7 +753,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
 }

 void
-trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) {
+trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t *enc_len, size_t _t) {
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE

@@ -798,7 +798,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
 }

 void
-trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
+trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
                           uint64_t enc_len,
                           uint8_t *decrypted_dkg_secret) {
    LOG_INFO(__FUNCTION__);
@@ -824,7 +824,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
 }


-void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) {
+void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t enc_len) {
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE

@@ -847,7 +847,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
    LOG_INFO("SGX call completed");
 }

-void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
+void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint64_t *dec_len,
                                       char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
                                       uint8_t ind) {

@@ -868,9 +868,9 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t

    SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN);

-    trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);
+    trustedGenerateEcdsaKey(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y);

-    CHECK_STATUS("trustedGenerateEcdsaKeyAES failed");
+    CHECK_STATUS("trustedGenerateEcdsaKey failed");

    uint8_t type = 0;
    uint8_t exportable = 0;
@@ -915,7 +915,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
    LOG_INFO("SGX call completed");
 }

-void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
+void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint64_t enc_len,
                               char *public_shares,
                               unsigned _t, unsigned _n) {
    LOG_INFO(__FUNCTION__);
@@ -946,7 +946,7 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
    LOG_INFO("SGX call completed");
 }

-void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share,
+void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
                         uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
    LOG_INFO(__FUNCTION__);

@@ -999,7 +999,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
    LOG_INFO("SGX call completed");
 }

-void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
+void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
                            uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key,
                            uint64_t *enc_bls_key_len) {

@@ -1104,7 +1104,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
 }

 void
-trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
+trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len,
                       char *bls_pub_key) {
    LOG_DEBUG(__FUNCTION__);


--- a/secure_enclave/secure_enclave.edl
+++ b/secure_enclave/secure_enclave.edl
@@ -26,14 +26,14 @@ enclave {
                                [out, count = SMALL_BUF_SIZE] char *err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK);

-        public void trustedSetSEK_backup(
+        public void trustedSetSEKBackup(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char *err_string,
                                [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_SEK,
                                [out] uint64_t *enc_len,
                                [in, string] const char* SEK_hex);

-        public void trustedGenerateEcdsaKeyAES (
+        public void trustedGenerateEcdsaKey (
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
@@ -41,7 +41,7 @@ enclave {
                                [out, count = SMALL_BUF_SIZE] char * pub_key_x,
                                [out, count = SMALL_BUF_SIZE] char * pub_key_y);

-        public void trustedGetPublicEcdsaKeyAES(
+        public void trustedGetPublicEcdsaKey(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
@@ -49,7 +49,7 @@ enclave {
                                [out, count = SMALL_BUF_SIZE] char * pub_key_x,
                                [out, count = SMALL_BUF_SIZE] char * pub_key_y);

-        public void trustedEcdsaSignAES(
+        public void trustedEcdsaSign(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
@@ -60,27 +60,27 @@ enclave {
                                [out] uint8_t* sig_v,
                                int base);

-        public void trustedEncryptKeyAES (
+        public void trustedEncryptKey (
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = SMALL_BUF_SIZE] const char* key,
                                [out, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                [out] uint64_t *enc_len);

-        public void trustedDecryptKeyAES (
+        public void trustedDecryptKey (
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,
                                uint64_t enc_len,
                                [out, count = SMALL_BUF_SIZE] char* key );

-        public void trustedGenDkgSecretAES (
+        public void trustedGenDkgSecret (
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [out, count = 3072] uint8_t* encrypted_dkg_secret,
                                [out] uint64_t * enc_len, size_t _t);

-        public void trustedDecryptDkgSecretAES (
+        public void trustedDecryptDkgSecret (
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = 3050] uint8_t* encrypted_dkg_secret,
@@ -88,13 +88,13 @@ enclave {
                                [out, count = 3072] uint8_t* decrypted_dkg_secret
                                );

-        public void trustedSetEncryptedDkgPolyAES(
+        public void trustedSetEncryptedDkgPoly(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = 3050] uint8_t* encrypted_poly,
                                uint64_t enc_len);

-        public void trustedGetEncryptedSecretShareAES(
+        public void trustedGetEncryptedSecretShare(
                                [out]int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char *err_string,
                                [out, count = SMALL_BUF_SIZE] uint8_t *encrypted_skey,
@@ -106,7 +106,7 @@ enclave {
                                uint8_t _n,
                                uint8_t ind);

-        public void trustedGetPublicSharesAES(
+        public void trustedGetPublicShares(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = 3050] uint8_t* encrypted_dkg_secret,
@@ -115,7 +115,7 @@ enclave {
                                unsigned _t,
                                unsigned _n);

-        public void trustedDkgVerifyAES(
+        public void trustedDkgVerify(
                                [out] int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, string] const char* public_shares,
@@ -126,7 +126,7 @@ enclave {
                                int _ind,
                                [out] int* result);

-        public void trustedCreateBlsKeyAES(
+        public void trustedCreateBlsKey(
                                [out]int *errStatus,
                                [out, count = SMALL_BUF_SIZE] char* err_string,
                                [in, count = 6145] const char* s_shares,
@@ -135,7 +135,7 @@ enclave {
                                [out, count = SMALL_BUF_SIZE] uint8_t * encr_bls_key,
                                [out] uint64_t *enc_bls_key_len);

-        public void trustedBlsSignMessageAES (
+        public void trustedBlsSignMessage (
                                [out] int *errStatus,
                                [out, count = TINY_BUF_SIZE] char* err_string,
                                [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key,
@@ -144,7 +144,7 @@ enclave {
                                [in, string] char* hashY,
                                [out, count = SMALL_BUF_SIZE] char* signature);

-        public void trustedGetBlsPubKeyAES(
+        public void trustedGetBlsPubKey(
                                [out]int *errStatus,
                                [out, count = SMALL_BUF_SIZE]  char* err_string,
                                [in, count = SMALL_BUF_SIZE] uint8_t* encrypted_key,

--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -119,12 +119,23 @@ READ_LOCK(initMutex);

 #define RESTART_END \
 } \
-if (status != SGX_SUCCESS) { \
-spdlog::error(__FUNCTION__); \
-spdlog::error("Restarting sgx ..."); \
+if (status != SGX_SUCCESS || errStatus != 0) { \
+spdlog::error(__FUNCTION__);                   \
+spdlog::error("Restarting sgx on status errStatus... {} {}", status, errStatus);                    \
 reinitEnclave(); \
 } \
-} while (status != SGX_SUCCESS && __ATTEMPTS__ < 2);
+} while ((status != SGX_SUCCESS || errStatus != 0) && __ATTEMPTS__ < 2);
+
+
+
+#define RESTART_END_POINTER \
+} \
+if (status != SGX_SUCCESS || *errStatus != 0) { \
+spdlog::error(__FUNCTION__);\
+spdlog::error("Restarting sgx on status errStatus... {} {}", status, *errStatus);                            \
+reinitEnclave(); \
+} \
+} while ((status != SGX_SUCCESS || *errStatus != 0) && __ATTEMPTS__ < 2);




--- a/testw.cpp
+++ b/testw.cpp
@@ -129,7 +129,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes

    uint64_t encLen = 0;
    PRINT_SRC_LINE
-    auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
+    auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
                                             pubKeyX.data(),
                                             pubKeyY.data());
    REQUIRE(status == SGX_SUCCESS);
@@ -143,7 +143,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes

    for (int i = 0; i < 50; i++) {
        PRINT_SRC_LINE
-        status = trustedEcdsaSignAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
+        status = trustedEcdsaSign(eid, &errStatus, errMsg.data(), encrPrivKey.data(), encLen,
                                     hex.data(),
                                     signatureR.data(),
                                     signatureS.data(), &signatureV, 16);
@@ -162,7 +162,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES key gen", "[ecdsa-aes-key-gen]") {
    vector<char> pubKeyY(BUF_LEN, 0);
    uint64_t encLen = 0;
    PRINT_SRC_LINE
-    auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
+    auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encrPrivKey.data(), &encLen,
                                             pubKeyX.data(),
                                             pubKeyY.data());

@@ -181,7 +181,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke
    uint64_t encLen = 0;

    PRINT_SRC_LINE
-    auto status = trustedGenerateEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(),
+    auto status = trustedGenerateEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), &encLen, pubKeyX.data(),
                                             pubKeyY.data());

    REQUIRE(status == SGX_SUCCESS);
@@ -191,7 +191,7 @@ TEST_CASE_METHOD(TestFixture, "ECDSA AES get public key", "[ecdsa-aes-get-pub-ke
    vector<char> receivedPubKeyY(BUF_LEN, 0);

    PRINT_SRC_LINE
-    status = trustedGetPublicEcdsaKeyAES(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen,
+    status = trustedGetPublicEcdsaKey(eid, &errStatus, errMsg.data(), encPrivKey.data(), encLen,
                                         receivedPubKeyX.data(),
                                         receivedPubKeyY.data());
    REQUIRE(status == SGX_SUCCESS);
@@ -295,14 +295,14 @@ TEST_CASE_METHOD(TestFixture, "DKG AES gen test", "[dkg-aes-gen]") {
    uint64_t encLen = 0;

    PRINT_SRC_LINE
-    auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32);
+    auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 32);
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);

    vector<char> secret(BUF_LEN, 0);
    vector<char> errMsg1(BUF_LEN, 0);

-    status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(),
+    status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(),
                                        encLen, (uint8_t *) secret.data());

    REQUIRE(status == SGX_SUCCESS);
@@ -319,7 +319,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares

    unsigned t = 32, n = 32;
    PRINT_SRC_LINE
-    auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n);
+    auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, n);
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);

@@ -328,7 +328,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares
    char colon = ':';
    vector<char> pubShares(10000, 0);
    PRINT_SRC_LINE
-    status = trustedGetPublicSharesAES(eid, &errStatus, errMsg1.data(),
+    status = trustedGetPublicShares(eid, &errStatus, errMsg1.data(),
                                       encryptedDKGSecret.data(), encLen, pubShares.data(), t, n);
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);
@@ -343,7 +343,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES public shares test", "[dkg-aes-pub-shares

    vector<char> secret(BUF_LEN, 0);
    PRINT_SRC_LINE
-    status = trustedDecryptDkgSecretAES(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen,
+    status = trustedDecryptDkgSecret(eid, &errStatus, errMsg1.data(), encryptedDKGSecret.data(), encLen,
                                        (uint8_t *) secret.data());
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);
@@ -368,14 +368,14 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-

    vector <uint8_t> encryptedDKGSecret(BUF_LEN, 0);
    PRINT_SRC_LINE
-    auto status = trustedGenDkgSecretAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
+    auto status = trustedGenDkgSecret(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), &encLen, 2);
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);

    uint64_t enc_len = encLen;

    PRINT_SRC_LINE
-    status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
+    status = trustedSetEncryptedDkgPoly(eid, &errStatus, errMsg.data(), encryptedDKGSecret.data(), enc_len);
    REQUIRE(status == SGX_SUCCESS);
    REQUIRE(errStatus == SGX_SUCCESS);

@@ -385,7 +385,7 @@ TEST_CASE_METHOD(TestFixture, "DKG AES encrypted secret shares test", "[dkg-aes-

    vector<char> s_shareG2(BUF_LEN, 0);
    PRINT_SRC_LINE
-    status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
+    status = trustedGetEncryptedSecretShare(eid, &errStatus, errMsg.data(), encrPRDHKey.data(), &encLen,
                                               result.data(),
                                               s_shareG2.data(),
                                               (char *) pub_keyB.data(), 2, 2, 1);
@@ -700,14 +700,14 @@ TEST_CASE_METHOD(TestFixture, "AES encrypt/decrypt", "[aes-encrypt-decrypt]") {
    vector <uint8_t> encrypted_key(BUF_LEN, 0);

    PRINT_SRC_LINE
-    auto status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);
+    auto status = trustedEncryptKey(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key.data(), &encLen);

    REQUIRE(status == 0);
    REQUIRE(errStatus == 0);

    vector<char> decr_key(BUF_LEN, 0);
    PRINT_SRC_LINE
-    status = trustedDecryptKeyAES(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());
+    status = trustedDecryptKey(eid, &errStatus, errMsg.data(), encrypted_key.data(), encLen, decr_key.data());

    REQUIRE(status == 0);
    REQUIRE(errStatus == 0);