SKALE-3205

BLSCrypto.cpp

@@ -29,14 +29,12 @@
 #include "third_party/intel/create_enclave.h"
 
 
-
 #include "bls.h"
 #include <bls/BLSutils.h>
 
 #include "BLSPrivateKeyShareSGX.h"
 
 
-
 #include "sgxwallet_common.h"
 #include "sgxwallet.h"
 #include "SGXException.h"
@@ -57,7 +55,7 @@ string *FqToString(libff::alt_bn128_Fq *_fq) {
 
     _fq->as_bigint().to_mpz(t);
 
-    SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, 10) + 2);
+    SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, 10) + 2);
 
     mpz_get_str(arr, 10, t);
     mpz_clear(t);
@@ -95,9 +93,8 @@ void carray2Hex(const unsigned char *d, uint64_t _len, char *_hexArray,
 }
 
 
-
 bool hex2carray(const char *_hex, uint64_t *_bin_len,
-                 uint8_t *_bin, uint64_t _max_length) {
+                uint8_t *_bin, uint64_t _max_length) {
 
 
     CHECK_STATE(_hex);
@@ -109,7 +106,7 @@ bool hex2carray(const char *_hex, uint64_t *_bin_len,
 
     CHECK_STATE(len != 2 * _max_length + 1);
 
-    CHECK_STATE(len <= 2 * _max_length );
+    CHECK_STATE(len <= 2 * _max_length);
 
 
     if (len == 0 && len % 2 == 1)
@@ -141,7 +138,8 @@ bool sign(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, size_t
 
     auto keyStr = make_shared<string>(_encryptedKeyHex);
 
-    auto hash = make_shared<array<uint8_t, 32>>();
+    auto hash = make_shared < array < uint8_t,
+    32 >> ();
 
     uint64_t binLen;
 
@@ -166,7 +164,8 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
     CHECK_STATE(_hashHex);
     CHECK_STATE(_sig);
 
-    auto hash = make_shared<array<uint8_t, 32>>();
+    auto hash = make_shared < array < uint8_t,
+    32 >> ();
 
     uint64_t binLen;
 
@@ -174,10 +173,10 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
         throw SGXException(INVALID_HEX, "Invalid hash");
     }
 
-    shared_ptr<signatures::Bls> obj;
+    shared_ptr <signatures::Bls> obj;
     obj = make_shared<signatures::Bls>(signatures::Bls(_t, _n));
 
-    pair<libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
+    pair <libff::alt_bn128_G1, string> hash_with_hint = obj->HashtoG1withHint(hash);
 
     string *xStr = FqToString(&(hash_with_hint.first.X));
 
@@ -190,11 +189,9 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
         BOOST_THROW_EXCEPTION(runtime_error("Null yStr"));
     }
 
-    vector<char> errMsg(BUF_LEN,0);
+    vector<char> errMsg(BUF_LEN, 0);
 
-    SAFE_CHAR_BUF(xStrArg,BUF_LEN);
-    SAFE_CHAR_BUF(yStrArg,BUF_LEN);
-    SAFE_CHAR_BUF(signature,BUF_LEN);
+    SAFE_CHAR_BUF(xStrArg, BUF_LEN);SAFE_CHAR_BUF(yStrArg, BUF_LEN);SAFE_CHAR_BUF(signature, BUF_LEN);
 
     strncpy(xStrArg, xStr->c_str(), BUF_LEN);
     strncpy(yStrArg, yStr->c_str(), BUF_LEN);
@@ -204,7 +201,7 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
 
     size_t sz = 0;
 
-    SAFE_UINT8_BUF(encryptedKey,BUF_LEN);
+    SAFE_UINT8_BUF(encryptedKey, BUF_LEN);
 
     bool result = hex2carray(_encryptedKeyHex, &sz, encryptedKey, BUF_LEN);
 
@@ -213,9 +210,15 @@ bool sign_aes(const char *_encryptedKeyHex, const char *_hashHex, size_t _t, siz
     }
 
     int errStatus = 0;
-    sgx_status_t status =
-            trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
-                                 sz, xStrArg, yStrArg, signature);
+
+
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+                                          sz, xStrArg, yStrArg, signature);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" + hash_with_hint.second;
@@ -240,8 +243,8 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key
     CHECK_STATE(errStatus);
     CHECK_STATE(err_string);
     CHECK_STATE(_key);
-    auto keyArray = make_shared<vector<char>>(BUF_LEN, 0);
-    auto encryptedKey = make_shared<vector<uint8_t>>(BUF_LEN, 0);
+    auto keyArray = make_shared < vector < char >> (BUF_LEN, 0);
+    auto encryptedKey = make_shared < vector < uint8_t >> (BUF_LEN, 0);
 
     vector<char> errMsg(BUF_LEN, 0);
 
@@ -250,8 +253,13 @@ string encryptBLSKeyShare2Hex(int *errStatus, char *err_string, const char *_key
 
     uint64_t encryptedLen = 0;
 
-    sgx_status_t status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(), &encryptedLen);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedEncryptKeyAES(eid, errStatus, errMsg.data(), keyArray->data(), encryptedKey->data(),
+                                      &encryptedLen);
 
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, *errStatus, errMsg.data());
 
     SAFE_CHAR_BUF(resultBuf, 2 * BUF_LEN + 1);

BLSPrivateKeyShareSGX.cpp

@@ -148,9 +148,12 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
         BOOST_THROW_EXCEPTION(invalid_argument("Invalid hex encrypted key"));
     }
 
-    sgx_status_t status =
-            trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
-                                     encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedBlsSignMessageAES(eid, &errStatus, errMsg.data(), encryptedKey,
+                                          encryptedKeyHex->size() / 2, xStrArg, yStrArg, signature);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
@@ -162,7 +165,7 @@ string BLSPrivateKeyShareSGX::signWithHelperSGXstr(
     }
 
     string hint = BLSutils::ConvertToString(hash_with_hint.first.Y) + ":" +
-                       hash_with_hint.second;
+                  hash_with_hint.second;
 
     string sig = signature;
 
@@ -183,7 +186,7 @@ shared_ptr <BLSSigShare> BLSPrivateKeyShareSGX::signWithHelperSGX(
     auto sig = make_shared<string>(signature);
 
     shared_ptr <BLSSigShare> s = make_shared<BLSSigShare>(sig, _signerIndex, requiredSigners,
-                                                                    totalSigners);
+                                                          totalSigners);
 
     return s;
 }

DKGCrypto.cpp

@@ -26,7 +26,6 @@
 #include <memory>
 
 
-
 #include "third_party/spdlog/spdlog.h"
 #include "sgxwallet.h"
 #include "SGXException.h"
@@ -38,11 +37,6 @@
 #include "BLSCrypto.h"
 
 
-
-
-
-
-
 vector <string> splitString(const char *coeffs, const char symbol) {
     CHECK_STATE(coeffs);
     string str(coeffs);
@@ -71,7 +65,7 @@ string ConvertToString(T field_elem, int base = 10) {
 
     field_elem.as_bigint().to_mpz(t);
 
-    SAFE_CHAR_BUF(arr,mpz_sizeinbase(t, base) + 2);
+    SAFE_CHAR_BUF(arr, mpz_sizeinbase(t, base) + 2);
 
     mpz_get_str(arr, base, t);
     mpz_clear(t);
@@ -93,7 +87,7 @@ string convertHexToDec(const string &hex_str) {
             return ret;
         }
 
-        SAFE_CHAR_BUF(arr,mpz_sizeinbase(dec, 10) + 2);
+        SAFE_CHAR_BUF(arr, mpz_sizeinbase(dec, 10) + 2);
         mpz_get_str(arr, 10, dec);
         ret = arr;
     } catch (exception &e) {
@@ -139,8 +133,12 @@ string gen_dkg_poly(int _t) {
 
     vector <uint8_t> encrypted_dkg_secret(BUF_LEN, 0);
 
-    sgx_status_t status = trustedGenDkgSecretAES(
-            eid, &errStatus,errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedGenDkgSecretAES(
+                eid, &errStatus, errMsg.data(), encrypted_dkg_secret.data(), &enc_len, _t);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
@@ -173,9 +171,13 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int
     }
 
 
+    sgx_status_t status = SGX_SUCCESS;
 
-    sgx_status_t status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
-                                       pubShares.data(), t, n);
+    {
+        READ_LOCK(initMutex);
+        status = trustedGetPublicSharesAES(eid, &errStatus, errMsg.data(), encrDKGPoly.data(), encLen,
+                                           pubShares.data(), t, n);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     vector <string> g2Strings = splitString(pubShares.data(), ',');
@@ -190,8 +192,8 @@ vector <vector<string>> get_verif_vect(const char *encryptedPolyHex, int t, int
 
 string
 getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const vector <string> &_publicKeys,
-                       int _t,
-                       int _n) {
+                int _t,
+                int _n) {
 
     CHECK_STATE(_encryptedPolyHex);
 
@@ -202,12 +204,15 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
     uint64_t encLen = 0;
 
 
-
     if (!hex2carray(_encryptedPolyHex, &encLen, encrDKGPoly.data(), BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    sgx_status_t status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedSetEncryptedDkgPolyAES(eid, &errStatus, errMsg1.data(), encrDKGPoly.data(), encLen);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     string result;
@@ -226,8 +231,13 @@ getSecretShares(const string &_polyName, const char *_encryptedPolyHex, const ve
 
         spdlog::debug("pubKeyB is {}", pub_keyB);
 
-        sgx_status_t status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
-                                          currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n, i + 1);
+        sgx_status_t status = SGX_SUCCESS;
+        {
+            READ_LOCK(initMutex);
+            status = trustedGetEncryptedSecretShareAES(eid, &errStatus, errMsg1.data(), encryptedSkey.data(), &decLen,
+                                                       currentShare.data(), sShareG2.data(), pubKeyB.data(), _t, _n,
+                                                       i + 1);
+        }
         HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
         spdlog::debug("cur_share is {}", currentShare.data());
@@ -271,11 +281,15 @@ verifyShares(const char *publicShares, const char *encr_sshare, const char *encr
         throw SGXException(INVALID_HEX, "Invalid encryptedPolyHex");
     }
 
-    SAFE_CHAR_BUF(pshares,8193);
+    SAFE_CHAR_BUF(pshares, 8193);
     strncpy(pshares, publicShares, strlen(publicShares));
 
-    sgx_status_t status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
-                                              ind, &result);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedDkgVerifyAES(eid, &errStatus, errMsg.data(), pshares, encr_sshare, encr_key, decKeyLen, t,
+                                     ind, &result);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
     if (result == 2) {
@@ -290,24 +304,27 @@ bool createBLSShare(const string &blsKeyName, const char *s_shares, const char *
     CHECK_STATE(s_shares);
     CHECK_STATE(encryptedKeyHex);
 
-    vector<char> errMsg(BUF_LEN,0);
+    vector<char> errMsg(BUF_LEN, 0);
     int errStatus = 0;
 
-    uint64_t decKeyLen;
-    SAFE_UINT8_BUF(encr_bls_key,BUF_LEN);
-    SAFE_UINT8_BUF(encr_key,BUF_LEN);
+    uint64_t decKeyLen;SAFE_UINT8_BUF(encr_bls_key, BUF_LEN);SAFE_UINT8_BUF(encr_key, BUF_LEN);
     if (!hex2carray(encryptedKeyHex, &decKeyLen, encr_key, BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
     uint64_t enc_bls_len = 0;
 
-    sgx_status_t status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
-                                                 &enc_bls_len);
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedCreateBlsKeyAES(eid, &errStatus, errMsg.data(), s_shares, encr_key, decKeyLen, encr_bls_key,
+                                        &enc_bls_len);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
-    SAFE_CHAR_BUF(hexBLSKey,2 * BUF_LEN)
+    SAFE_CHAR_BUF(hexBLSKey, 2 * BUF_LEN)
 
     carray2Hex(encr_bls_key, enc_bls_len, hexBLSKey, 2 * BUF_LEN);
 
@@ -331,9 +348,14 @@ vector <string> getBLSPubKey(const char *encryptedKeyHex) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    SAFE_CHAR_BUF(pubKey,320)
+    SAFE_CHAR_BUF(pubKey, 320)
+
 
-    sgx_status_t status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedGetBlsPubKeyAES(eid, &errStatus, errMsg1.data(), encrKey, decKeyLen, pubKey);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     vector <string> pubKeyVect = splitString(pubKey, ':');
@@ -405,8 +427,7 @@ string decryptDHKey(const string &polyName, int ind) {
 
     vector<char> hexEncrKey(2 * BUF_LEN, 0);
 
-    uint64_t dhEncLen = 0;
-    SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
+    uint64_t dhEncLen = 0;SAFE_UINT8_BUF(encryptedDHKey, BUF_LEN);
     if (!hex2carray(hexEncrKeyPtr->c_str(), &dhEncLen, encryptedDHKey, BUF_LEN)) {
         throw SGXException(INVALID_HEX, "Invalid hexEncrKey");
     }
@@ -415,7 +436,11 @@ string decryptDHKey(const string &polyName, int ind) {
 
     SAFE_CHAR_BUF(DHKey, ECDSA_SKEY_LEN);
 
-    sgx_status_t status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedDecryptKeyAES(eid, &errStatus, errMsg1.data(), encryptedDHKey, dhEncLen, DHKey);
+    }
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg1.data());
 
     return DHKey;

ECDSACrypto.cpp

@@ -56,9 +56,14 @@ vector <string> genECDSAKey() {
 
     uint64_t enc_len = 0;
 
-    sgx_status_t status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
-                                        errMsg.data(), encr_pr_key.data(), &enc_len,
-                                        pub_key_x.data(), pub_key_y.data());
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedGenerateEcdsaKeyAES(eid, &errStatus,
+                                   errMsg.data(), encr_pr_key.data(), &enc_len,
+                                   pub_key_x.data(), pub_key_y.data());
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus,errMsg.data());
 
@@ -99,8 +104,13 @@ string getECDSAPubKey(const std::string& _encryptedKeyHex) {
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    sgx_status_t status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
-                                         errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedGetPublicEcdsaKeyAES(eid, &errStatus,
+                                             errMsg.data(), encrPrKey.data(), enc_len, pubKeyX.data(), pubKeyY.data());
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data())
 
@@ -184,10 +194,15 @@ vector <string> ecdsaSignHash(const std::string& encryptedKeyHex, const char *ha
         throw SGXException(INVALID_HEX, "Invalid encryptedKeyHex");
     }
 
-    sgx_status_t status = trustedEcdsaSignAES(eid, &errStatus,
-            errMsg.data(), encryptedKey.data(), decLen, hashHex,
-                                 signatureR.data(),
-                                 signatureS.data(), &signatureV, base);
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedEcdsaSignAES(eid, &errStatus,
+                            errMsg.data(), encryptedKey.data(), decLen, hashHex,
+                            signatureR.data(),
+                            signatureS.data(), &signatureV, base);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 

SEKManager.cpp

@@ -58,7 +58,12 @@ void create_test_key() {
 
     string key = TEST_VALUE;
 
-    sgx_status_t status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+    sgx_status_t status =  SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, errStatus, errMsg.data());
 
@@ -86,7 +91,12 @@ void validate_SEK() {
         exit(-1);
     }
 
-    sgx_status_t status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
@@ -111,13 +121,19 @@ shared_ptr <vector<uint8_t>> check_and_set_SEK(const string &SEK) {
 
     uint64_t l = 0;
 
-    sgx_status_t status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
-                                               SEK.c_str());
+    sgx_status_t status = SGX_SUCCESS;
+
+    {
+        READ_LOCK(initMutex);
+        status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encrypted_SEK->data(), &l,
+                             SEK.c_str());
+    }
 
-    encrypted_SEK->resize(l);
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
+    encrypted_SEK->resize(l);
+
     validate_SEK();
 
     return encrypted_SEK;
@@ -133,7 +149,12 @@ void gen_SEK() {
 
     spdlog::info("Generating backup key. Will be stored in backup_key.txt ... ");
 
-    sgx_status_t status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encrypted_SEK.data(), &enc_len, SEK);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 
@@ -200,7 +221,11 @@ void setSEK(shared_ptr <string> hex_encrypted_SEK) {
         throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
     }
 
-    sgx_status_t status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+    sgx_status_t status = SGX_SUCCESS;
+    {
+        READ_LOCK(initMutex);
+        status = trustedSetSEK(eid, &err_status, errMsg.data(), encrypted_SEK);
+    }
 
     HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
 

ServerInit.cpp

@@ -67,8 +67,6 @@ void initUserSpace() {
 }
 
 void initEnclave(uint32_t _logLevel) {
-    eid = 0;
-    updated = 0;
 
 #ifndef SGX_HW_SIM
     unsigned long support;
@@ -81,22 +79,32 @@ void initEnclave(uint32_t _logLevel) {
 
     spdlog::info("SGX_DEBUG_FLAG = {}", SGX_DEBUG_FLAG);
 
-    sgx_status_t status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
-                                       &updated, &eid, 0);
+    sgx_status_t status = SGX_SUCCESS;
 
-    if (status != SGX_SUCCESS) {
-        if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
-            spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME);
-            spdlog::error("Did you forget to set LD_LIBRARY_PATH?");
-        } else {
-            spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
+    {
+        READ_LOCK(initMutex);
+
+        eid = 0;
+        updated = 0;
+
+        status = sgx_create_enclave_search(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token,
+                                           &updated, &eid, 0);
+
+        if (status != SGX_SUCCESS) {
+            if (status == SGX_ERROR_ENCLAVE_FILE_ACCESS) {
+                spdlog::error("sgx_create_enclave: {}: file not found", ENCLAVE_NAME);
+                spdlog::error("Did you forget to set LD_LIBRARY_PATH?");
+            } else {
+                spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
+            }
+            exit(1);
         }
-        exit(1);
-    }
 
-    spdlog::info("Enclave created and started successfully");
+        spdlog::info("Enclave created and started successfully");
 
-    status = trustedEnclaveInit(eid, _logLevel);
+
+        status = trustedEnclaveInit(eid, _logLevel);
+    }
 
     if (status != SGX_SUCCESS) {
         spdlog::error("trustedEnclaveInit failed: {}", status);
@@ -146,6 +154,6 @@ void initAll(uint32_t _logLevel, bool _checkCert, bool _autoSign) {
         exception_ptr p = current_exception();
         printf("Exception %s \n", p.__cxa_exception_type()->name());
         spdlog::error("Unknown exception");
-        exit (-1);
+        exit(-1);
     }
 };

secure_enclave/secure_enclave.c

@@ -292,7 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 
     carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
     memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
-    derive_DH_Key();
+
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
 
@@ -332,7 +332,6 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
 
 
     hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
-    derive_DH_Key();
 
     SET_SUCCESS
     clean:
@@ -351,7 +350,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
 
     uint64_t len;
     hex2carray(sek_hex, &len, (uint8_t *) AES_key);
-    derive_DH_Key();
+
 
     sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);