Merge branch 'develop' into bug/fix-typo

09e913a6 · Oleh Nikolaiev · GitHub · 6618d4da · ec396cb7 · 09e913a6
Unverified Commit 09e913a6 authored Apr 20, 2021 by Oleh Nikolaiev Committed by GitHub Apr 20, 2021
8 changed files
--- a/.github/workflows/dockerimageintelsubmission.yml
+++ b/.github/workflows/dockerimageintelsubmission.yml
@@ -17,10 +17,10 @@ jobs:
      - name: submodule update
        run: git submodule update --init --recursive
      - name: build and deploy docker image
-        if: |
+        if: |    
          contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
          contains(github.ref, 'master') || contains(github.ref, 'stable') ||
-          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')                  
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
        run : |
          export BRANCH=${GITHUB_REF##*/}
          echo "Branch $BRANCH"

--- a/DockerfileRelease
+++ b/DockerfileRelease
@@ -19,5 +19,5 @@ RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
 RUN rm  /usr/src/sdk/secure_enclave/secure_enclave*.so
 RUN cd /usr/src/sdk/secure_enclave && \
     curl --output secure_enclave.signed.so  \
-     https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.1
+     https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.3
 ENTRYPOINT ["/usr/src/sdk/start.sh"]
--- a/Log.h
+++ b/Log.h
@@ -81,9 +81,19 @@ static uint64_t __COUNT__ = 0; \
 __COUNT__++; \
 if (__COUNT__ % 1000 == 0) { \
 spdlog::info(string(__FUNCTION__) +  " processed " + to_string(__COUNT__) + " requests"); \
+struct sysinfo memInfo; \
+sysinfo (&memInfo); \
+long long totalPhysMem = memInfo.totalram; \
+/*Multiply in next statement to avoid int overflow on right hand side...*/ \
+totalPhysMem *= memInfo.mem_unit; \
+int usedByCurrentProcess = getValue(); \
+if ( 0.5 * totalPhysMem < usedByCurrentProcess ) { \
+  exit(-103); \
+} \
 }


+
 // if uknown error, the error is 10000 + line number



--- a/README.md
+++ b/README.md
-# sgxwallet: SKALE SGX-based hardware crypto wallet
+# sgxwallet: SKALE SGX-based hardware crypto wallet 

 <!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->


--- a/common.h
+++ b/common.h
@@ -31,6 +31,11 @@ using namespace std;
 #include <iostream>
 #include <map>
 #include <memory>
+
+#include <sys/types.h>
+#include <sys/sysinfo.h>
+#include <string.h>
+
 #include <vector>

 #include <boost/throw_exception.hpp>
@@ -68,6 +73,32 @@ inline void print_stack(int _line) {
    backtrace_symbols_fd(array, size, STDERR_FILENO);
 }

+inline int parseLine(char* line) {
+    // This assumes that a digit will be found and the line ends in " Kb".
+    int i = strlen(line);
+    const char* p = line;
+    while (*p <'0' || *p > '9') p++;
+    line[i-3] = '\0';
+    i = atoi(p);
+    return i;
+}
+
+inline int getValue() { //Note: this value is in KB!
+    FILE* file = fopen("/proc/self/status", "r");
+    int result = -1;
+    char line[128];
+
+    while (fgets(line, 128, file) != NULL){
+        if (strncmp(line, "VmRSS:", 6) == 0){
+            result = parseLine(line);
+            break;
+        }
+    }
+    fclose(file);
+    return result;
+}
+
+

 #define CHECK_STATE(_EXPRESSION_) \
    if (!(_EXPRESSION_)) { \
@@ -133,23 +164,5 @@ extern uint64_t initTime;
 #define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);


-#include <boost/interprocess/sync/interprocess_semaphore.hpp>
-
-// max of 200 threads can call enclave at a time
-extern boost::interprocess::interprocess_semaphore enclaveSemaphore;
-
-class semaphore_guard {
-    boost::interprocess::interprocess_semaphore &sem;
-public:
-    semaphore_guard(boost::interprocess::interprocess_semaphore &_semaphore) : sem(_semaphore) {
-        sem.wait();
-    }
-
-    ~semaphore_guard() {
-        sem.post();
-    }
-};
-
-

 #endif //SGXWALLET_COMMON_H
--- a/docs/admin-guide.md
+++ b/docs/admin-guide.md
@@ -10,6 +10,7 @@
    -   [Run sgxwallet in secure mode](run-in-hardware-mode.md#run-sgxwallet-in-secure-mode)
    -   [Start, stop and upgrade sgxwallet containers](run-in-hardware-mode.md#start-stop-and-upgrade-sgxwallet-containers)
    -   [Logging](run-in-hardware-mode.md#logging)
+-   [Check that your SGXWallet is working correctly](healthchecks.md)
 -   [Backup and recover sgxwallet](backup-procedure.md)

 ## Community

--- a/docs/healthchecks.md
+++ b/docs/healthchecks.md
+<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
+
+# SGXServer healthchecks
+
+-   [Check JSON-RPC server](#check-json-rpc-server)
+-   [Check Secure Enclave part](#check-secure-enclave-part)
+
+## Check JSON-RPC server
+
+To verify JSON-RPC server inside SGXWallet is up running execute one of the following commands:
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":1,"method":"getServerStatus","params":{}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":2,"method":"getServerVersion","params":{}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+If server does not respond or response contains error message than you should restart your SGXWallet.
+
+## Check Secure Enclave part
+
+To verify Secure Enclave part of SGXWallet is configured and initialized in a proper way run following commands:
+
+1. 
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":3,"method":"importBLSKeyShare","params":{"keyShare":"0xe632f7fde2c90a073ec43eaa90dca7b82476bf28815450a11191484934b9c3f", "keyShareName":"BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":4,"method":"blsSignMessageHash","params":{"keyShareName":"BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0", "t":1, "n":1, "messageHash":"09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+2. 
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":5,"method":"importECDSAKey","params":{"key":"0xe632f7fde2c90a073ec43eaa90dca7b82476bf28815450a11191484934b9c3f", "keyName":"NEK:abcdef"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":6,"method":"ecdsaSignMessageHash","params":{"keyName":"NEK:abcdef", "base":16, "messageHash":"09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+Any error during one of the calls means that SGXWallet is misconfigured and will not work as you expect. Please try to run SGXWallet in backup mode.
--- a/jsonrpc/build.sh
+++ b/jsonrpc/build.sh
@@ -90,12 +90,11 @@ make
 make install
 cd ..

-#tar -xzf ./pre_downloaded/libjson-rpc-cpp.tar.gz
 git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive
 cd libjson-rpc-cpp
-git checkout hotfix/comment-ssl-certificates
+git checkout develop
 git pull
-rn -rf build || true
+rm -rf build || true
 mkdir -p build
 cd build
 cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE \