Merge branch 'develop' into bug/fix-typo

.github/workflows/dockerimageintelsubmission.yml

@@ -17,10 +17,10 @@ jobs:
       - name: submodule update
         run: git submodule update --init --recursive
       - name: build and deploy docker image
-        if: |
+        if: |    
           contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
           contains(github.ref, 'master') || contains(github.ref, 'stable') ||
-          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')                  
+          contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
         run : |
           export BRANCH=${GITHUB_REF##*/}
           echo "Branch $BRANCH"

DockerfileRelease

@@ -19,5 +19,5 @@ RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
 RUN rm  /usr/src/sdk/secure_enclave/secure_enclave*.so
 RUN cd /usr/src/sdk/secure_enclave && \
      curl --output secure_enclave.signed.so  \
-     https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.1
+     https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.3
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

Log.h

@@ -81,9 +81,19 @@ static uint64_t __COUNT__ = 0; \
 __COUNT__++; \
 if (__COUNT__ % 1000 == 0) { \
 spdlog::info(string(__FUNCTION__) +  " processed " + to_string(__COUNT__) + " requests"); \
+struct sysinfo memInfo; \
+sysinfo (&memInfo); \
+long long totalPhysMem = memInfo.totalram; \
+/*Multiply in next statement to avoid int overflow on right hand side...*/ \
+totalPhysMem *= memInfo.mem_unit; \
+int usedByCurrentProcess = getValue(); \
+if ( 0.5 * totalPhysMem < usedByCurrentProcess ) { \
+  exit(-103); \
+} \
 }
 
 
+
 // if uknown error, the error is 10000 + line number
 
 

README.md

-# sgxwallet: SKALE SGX-based hardware crypto wallet
+# sgxwallet: SKALE SGX-based hardware crypto wallet 
 
 <!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
 

common.h

@@ -31,6 +31,11 @@ using namespace std;
 #include <iostream>
 #include <map>
 #include <memory>
+
+#include <sys/types.h>
+#include <sys/sysinfo.h>
+#include <string.h>
+
 #include <vector>
 
 #include <boost/throw_exception.hpp>
@@ -68,6 +73,32 @@ inline void print_stack(int _line) {
     backtrace_symbols_fd(array, size, STDERR_FILENO);
 }
 
+inline int parseLine(char* line) {
+    // This assumes that a digit will be found and the line ends in " Kb".
+    int i = strlen(line);
+    const char* p = line;
+    while (*p <'0' || *p > '9') p++;
+    line[i-3] = '\0';
+    i = atoi(p);
+    return i;
+}
+
+inline int getValue() { //Note: this value is in KB!
+    FILE* file = fopen("/proc/self/status", "r");
+    int result = -1;
+    char line[128];
+
+    while (fgets(line, 128, file) != NULL){
+        if (strncmp(line, "VmRSS:", 6) == 0){
+            result = parseLine(line);
+            break;
+        }
+    }
+    fclose(file);
+    return result;
+}
+
+
 
 #define CHECK_STATE(_EXPRESSION_) \
     if (!(_EXPRESSION_)) { \
@@ -133,23 +164,5 @@ extern uint64_t initTime;
 #define WRITE_LOCK(__X__) std::unique_lock<std::shared_timed_mutex> __LOCK__(__X__);
 
 
-#include <boost/interprocess/sync/interprocess_semaphore.hpp>
-
-// max of 200 threads can call enclave at a time
-extern boost::interprocess::interprocess_semaphore enclaveSemaphore;
-
-class semaphore_guard {
-    boost::interprocess::interprocess_semaphore &sem;
-public:
-    semaphore_guard(boost::interprocess::interprocess_semaphore &_semaphore) : sem(_semaphore) {
-        sem.wait();
-    }
-
-    ~semaphore_guard() {
-        sem.post();
-    }
-};
-
-
 
 #endif //SGXWALLET_COMMON_H

docs/admin-guide.md

@@ -10,6 +10,7 @@
     -   [Run sgxwallet in secure mode](run-in-hardware-mode.md#run-sgxwallet-in-secure-mode)
     -   [Start, stop and upgrade sgxwallet containers](run-in-hardware-mode.md#start-stop-and-upgrade-sgxwallet-containers)
     -   [Logging](run-in-hardware-mode.md#logging)
+-   [Check that your SGXWallet is working correctly](healthchecks.md)
 -   [Backup and recover sgxwallet](backup-procedure.md)
 
 ## Community

docs/healthchecks.md

+<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) -->
+
+# SGXServer healthchecks
+
+-   [Check JSON-RPC server](#check-json-rpc-server)
+-   [Check Secure Enclave part](#check-secure-enclave-part)
+
+## Check JSON-RPC server
+
+To verify JSON-RPC server inside SGXWallet is up running execute one of the following commands:
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":1,"method":"getServerStatus","params":{}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":2,"method":"getServerVersion","params":{}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+If server does not respond or response contains error message than you should restart your SGXWallet.
+
+## Check Secure Enclave part
+
+To verify Secure Enclave part of SGXWallet is configured and initialized in a proper way run following commands:
+
+1. 
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":3,"method":"importBLSKeyShare","params":{"keyShare":"0xe632f7fde2c90a073ec43eaa90dca7b82476bf28815450a11191484934b9c3f", "keyShareName":"BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":4,"method":"blsSignMessageHash","params":{"keyShareName":"BLS_KEY:SCHAIN_ID:123456789:NODE_ID:0:DKG_ID:0", "t":1, "n":1, "messageHash":"09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+2. 
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":5,"method":"importECDSAKey","params":{"key":"0xe632f7fde2c90a073ec43eaa90dca7b82476bf28815450a11191484934b9c3f", "keyName":"NEK:abcdef"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+```bash
+curl --cert PATH_TO_CERTS/file.crt --key PATH_TO_CERTS/file.key -X POST --data '{"jsonrpc":"2.0","id":6,"method":"ecdsaSignMessageHash","params":{"keyName":"NEK:abcdef", "base":16, "messageHash":"09c6137b97cdf159b9950f1492ee059d1e2b10eaf7d51f3a97d61f2eee2e81db"}}' -H 'content-type:application/json;' YOUR_SGX_SERVER_URL -k
+```
+
+Any error during one of the calls means that SGXWallet is misconfigured and will not work as you expect. Please try to run SGXWallet in backup mode.

jsonrpc/build.sh

@@ -90,12 +90,11 @@ make
 make install
 cd ..
 
-#tar -xzf ./pre_downloaded/libjson-rpc-cpp.tar.gz
 git clone https://github.com/skalenetwork/libjson-rpc-cpp.git --recursive
 cd libjson-rpc-cpp
-git checkout hotfix/comment-ssl-certificates
+git checkout develop
 git pull
-rn -rf build || true
+rm -rf build || true
 mkdir -p build
 cd build
 cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE \