Merge branch 'bug/SKALE-3374-leak-in-bls' of github.com:skalenetwork/sgxwallet...

Merge branch 'bug/SKALE-3374-leak-in-bls' of github.com:skalenetwork/sgxwallet into bug/SKALE-3374-leak-in-bls

.gitmodules

@@ -16,3 +16,7 @@
 [submodule "sgx-software-enable"]
 	path = sgx-software-enable
 	url = https://github.com/intel/sgx-software-enable
+[submodule "secure_enclave/secp256k1-sgx"]
+	path = secure_enclave/secp256k1-sgx
+	url = https://github.com/bl4ck5un/secp256k1-sgx
+	branch = master

Dockerfile

@@ -10,4 +10,6 @@ RUN bash -c "make -j$(nproc)"
 RUN ccache -sz
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
+RUN rm -rf /usr/src/sdk/sgx-sdk-build/
+RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

DockerfileRelease

@@ -14,4 +14,10 @@ RUN cd scripts && ./sign_enclave.bash
 RUN ccache -sz
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
+RUN rm -rf /usr/src/sdk/sgx-sdk-build/
+RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
+RUN rm  /usr/src/sdk/secure_enclave/secure_enclave*.so
+RUN cd /usr/src/sdk/secure_enclave && \
+     curl --output secure_enclave.signed.so  \
+     https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.1
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

DockerfileSimulation

@@ -15,5 +15,6 @@ RUN ./autoconf.bash && \
     mkdir -p /usr/src/sdk/sgx_data
 
 COPY docker/start.sh ./
+RUN rm -rf /usr/src/sdk/sgx-sdk-build/
 
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

SGXWalletServer.cpp

@@ -149,7 +149,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
 
     int numThreads = 64;
 
-#if SGX_MODE == SIM
+#ifdef SGX_HW_SIM
    numThreads = 16; 
 #endif
 
@@ -654,12 +654,12 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
             }
         }
 
-       for (int i = 0; i < _n; i++) {
+        for (int i = 0; i < _n; i++) {
            string name = _polyName + "_" + to_string(i) + ":";
            LevelDB::getLevelDb()->deleteDHDKGKey(name);
            string shareG2_name = "shareG2_" + _polyName + "_" + to_string(i) + ":";
            LevelDB::getLevelDb()->deleteKey(shareG2_name);
-       }
+        }
         LevelDB::getLevelDb()->deleteKey(_polyName);
 
         string encryptedSecretShareName = "encryptedSecretShare:" + _polyName;

common.h

@@ -101,7 +101,7 @@ BOOST_THROW_EXCEPTION(runtime_error(__ERR_STRING__)); \
 extern std::shared_timed_mutex sgxInitMutex;
 extern uint64_t initTime;
 
-#if SGX_MODE == SIM
+#ifdef SGX_HW_SIM
 #define ENCLAVE_RESTART_PERIOD_S 5
 #else
 #define ENCLAVE_RESTART_PERIOD_S 60 * 10

docker/start.sh

@@ -28,7 +28,7 @@ cd /usr/src/sdk;
 if [[ -f "/var/hwmode" ]]
 then
 echo "Running in SGX hardware mode"
-export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/intel/sgxpsw/aesm/
+export LD_LIBRARY_PATH=/usr/src/sdk/secure_enclave:${LD_LIBRARY_PATH}:/opt/intel/sgxpsw/aesm
 jhid -d
 /opt/intel/sgxpsw/aesm/aesm_service &
 pid=$!

libBLS @ 82884ec8

-Subproject commit adf9682b69694ca2c64b5997e04ee1bb885c511c
+Subproject commit 82884ec89e84539f25af206a0148ca34c35e078f

secp256k1-sgx @ 5f235e8e

+Subproject commit 5f235e8e9e821cd972c4a57afdfe47a7fe83acd0

secure_enclave/secure_enclave.c

@@ -163,7 +163,7 @@ void trustedEnclaveInit(uint64_t _logLevel) {
     LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!");
 #endif
 
-#if SGX_MODE == SIM
+#ifdef SGX_HW_SIM
     LOG_INFO("SECURITY WARNING: sgxwallet is running in INSECURE SIMULATION MODE! NEVER USE IN PRODUCTION!");
 #endif