Merge pull request #35 from skalenetwork/Fixed_Init_Order

Fixed init order

.github/workflows/dockerimage.yml

@@ -20,3 +20,4 @@ jobs:
         run: docker build . --file Dockerfile --tag  skalenetwork/sgxwallet:latest
       - name: push docker image
         run:  docker push skalenetwork/sgxwallet:latest
+

.gitmodules

@@ -16,3 +16,6 @@
 [submodule "sgx-software-enable"]
 	path = sgx-software-enable
 	url = https://github.com/intel/sgx-software-enable
+[submodule "github-markdown-toc"]
+	path = github-markdown-toc
+	url = https://github.com/ekalinin/github-markdown-toc.git

Dockerfile

 FROM skalenetwork/sgxwallet_base:latest
 WORKDIR /usr/src/sdk
 
+COPY *.cpp ./
+COPY *.h ./
+COPY *.txt ./
+COPY *.c ./
+COPY *.am ./
+COPY *.hpp ./
+COPY *.sh ./
+COPY *.m4 ./
+COPY *.gmp ./
+COPY *.ac ./
+COPY *.json ./
+COPY docker ./docker
+COPY build-aux ./build-aux
+COPY  cert ./cert
+COPY jsonrpc ./jsonrpc
+
+COPY leveldb ./leveldb
+COPY m4 ./m4
+COPY scripts ./scripts
+COPY secure_enclave ./secure_enclave
+COPY spdlog ./spdlog
 
 
 RUN autoreconf -vif
@@ -12,13 +33,8 @@ RUN autoconf
 RUN ./configure
 ### RUN cd libBLS; cmake -H. -Bbuild; cmake --build build -- -j$(nproc);
 RUN make
-RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
-    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
-    make install && \
-    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
 
-RUN mkdir /sgx_data
+RUN mkdir /usr/src/sdk/sgx_data
 
 COPY docker/start.sh ./
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

DockerfileBase

@@ -48,4 +48,10 @@ RUN git clone -b sgx_2.5 --depth 1 https://github.com/intel/linux-sgx && \
 COPY configure.gmp ./
 RUN cd scripts; ./build.py
 
+RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
+    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
+    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
+    make install && \
+    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
+
 

DockerfileSimulation

 FROM skalenetwork/sgxwallet_base:latest
 WORKDIR /usr/src/sdk
 
+COPY *.cpp ./
+COPY *.h ./
+COPY *.txt ./
+COPY *.c ./
+COPY *.am ./
+COPY *.hpp ./
+COPY *.sh ./
+COPY *.m4 ./
+COPY *.gmp ./
+COPY *.ac ./
+COPY *.json ./
+COPY docker ./docker
+COPY build-aux ./build-aux
+COPY  cert ./cert
+COPY jsonrpc ./jsonrpc
+COPY leveldb ./leveldb
+COPY m4 ./m4
+COPY scripts ./scripts
+COPY secure_enclave ./secure_enclave
+COPY spdlog ./spdlog
+
 RUN autoreconf -vif
 RUN libtoolize --force
 RUN aclocal
@@ -10,13 +31,9 @@ RUN autoconf
 RUN ./configure --enable-sgx-simulation
 ### RUN cd libBLS; cmake -H. -Bbuild; cmake --build build -- -j$(nproc);
 RUN make
-RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \
-    cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \
-    cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \
-    make install && \
-    cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b
 
-RUN mkdir /sgx_data
+
+RUN mkdir /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
 
 ENTRYPOINT ["/usr/src/sdk/start.sh"]

README.md

@@ -4,13 +4,51 @@
 
 ## Intro
 
-**sgxwallet** is a next generation hardware secure crypto wallet that  is based on **Intel SGX** technology. It currently supports **Ethereum** and **SKALE**, and will support **Bitcoin** in the future.
+**sgxwallet** is a next generation hardware secure crypto wallet that is based on **Intel SGX** technology. It currently supports **Ethereum** and **SKALE**, and will support **Bitcoin** in the future.
+
+**sgxwallet** runs as a network server.  Clients connect to the server, authenticate to it using 
+TLS 1.0 protocol with client certificates, and then issue requests to the server to generate crypto 
+keys and perform cryptographic operations. The keys are generated inside the secure SGX enclave and never
+leave the enclave unencrypted.  
+
+The server provides an initial registration service to issue client certificates to the clients.
+The administrator manually approves each registration.
 
 **sgxwallet** has been tested on **Ubuntu Linux 18.04**.
 
 ## An important note about production readiness
 
-This sgxwallet library is still in active development and therefore should be regarded as _alpha software_. The development is still subject to security hardening, further testing, and breaking changes.  **This library has not yet been reviewed or audited for security.**
+The sgxwallet server is still in active development and therefore should be regarded as _alpha software_. The development is still subject to security hardening, further testing, and breaking changes.  **This server has not yet been reviewed or audited for security.**
+
+Table of Contents
+=================
+
+
+   * [Running sgxwallet](#running-sgxwallet)
+      * [Clone this repository and its submodules](#clone-this-repository-and-its-submodules)
+      * [Try instantly in simulation mode](#try-instantly-in-simulation-mode)
+      * [Start, stop and upgrade sgxwallet](#start-stop-and-upgrade-sgxwallet)
+      * [Enable SGX on your machine](#enable-sgx-on-your-machine)
+      * [Enable "software-controlled" SGX](#enable-software-controlled-sgx)
+      * [Install SGX driver](#install-sgx-driver)
+      * [Run sgxwallet in secure SGX mode](#run-the-latest-sgxwallet-docker-container-from-dockerhub)
+   * [Development](#development)
+      * [Install Prerequisites](#install-prerequisites)
+      * [Install SGX sdk](#install-sgx-sdk)
+      * [Install required debian packages](#install-required-debian-packages)
+      * [Build dependencies](#build-dependencies)
+      * [Configure and build sgxwallet](#configure-and-build-sgxwallet)
+      * [Run sgxwallet](#run-sgxwallet)
+      * [Build Docker container](#build-docker-container)
+      * [Build Docker container in simulation mode](#build-docker-container-in-simulation-mode)
+      * [Run Docker container](#run-docker-container)
+      * [Run Docker container in simulation mode](#run-docker-container-in-simulation-mode)
+      * [Adding new source files](#adding-new-source-files)
+      * [Example of client certificate instantiation](#example-of-client-certificate-instantiation)
+      * [Libraries](#libraries)
+      * [License](#license)
+
+
 
 # Running sgxwallet 
 
@@ -18,11 +56,83 @@ This sgxwallet library is still in active development and therefore should be re
 
 `git clone --recurse-submodules  https://github.com/skalenetwork/sgxwallet.git`
 
+## Try instantly in simulation mode
+
+
+The easiest way to try the sgxwallet server is to run it in  
+insecure simulation mode that emulates an SGX processor. Once you are familiar with the server,
+you can enable sgx on your machine and run it in secure production mode.
+
+To try the server:
+
+Install docker-compose if you do not have it.
+
+```
+sudo apt-get install docker.io docker-compose
+```
+
+And then do 
+
+ ```
+cd run_sgx_sim; 
+sudo docker-compose up
+``` 
+
+Voila! You should see the "SGX Server started" message.
+
+## Start, stop and upgrade sgxwallet
+
+As any docker-compose application sgxwallet is super easy to use. 
+
+To run the server as a daemon, do
+
+``` 
+sudo docker-compose up -d
+```
+
+To stop/start the server do 
+
+``` 
+sudo docker-compose stop
+sudo docker-compose start
+```
+
+To view server logs do 
+
+``` 
+sudo docker-compose logs
+```
+
+To upgrade sgxwallet to the latest version do 
+
+``` 
+sudo docker-compose stop
+sudo docker-compose pull
+sudo docker-compose up
+```
+
+Note: all docker-compose commands need to be issued from run_sgx_sim directory.
+
+Note: sgxwallet places all its data into the sgx_data directory, which is created the first time you run sgxwallet.
+Do not remove this directory!
+
+Note: sgxwallet operates on network ports 1026 (https) and 1027 (http for initial registration). 
+If you have a firewall on your network, please make sure these ports are open so clients are able to
+connect to the server. 
+
+
 ## Enable SGX on your machine
 
-To build and run **sgxd**, you'll need **Intel SGX** capable hardware. Most Intel chips that were produced after 2015 support **SGX**.
+Once your tried sgxwallet in the simulation mode, you can enable sgx on your machine, and run the server in production
+mode.  First, remove the simulation mode wallet by doing 
+
+``` 
+sudo docker-compose rm
+```
+
+You'll need **Intel SGX** capable hardware. Most Intel chips that were produced after 2015 support **SGX**.
 
--   Enter **BIOS** of you machine by pressing and holding **Del** or **F2** on boot-up and verify that **BIOS** includes **SGX options**.
+-   Enter **BIOS** of your machine by pressing and holding **Del** or **F2** on boot-up and verify that **BIOS** includes **SGX options**.
     If not, your machine cant run **SGX**.
 -   Set SGX in BIOS as `enabled` or `software-controlled`.
 -   If you can set SGX to `enabled` you are done! Proceed with "Install SGX Driver" section
@@ -30,10 +140,20 @@ To build and run **sgxd**, you'll need **Intel SGX** capable hardware. Most Inte
 
 ## Enable "software-controlled" SGX
 
-To enable SGX using a software utility:
+This repo includes the ***sgx_enable*** utility. To enable SGX run:
+
+```bash
+sudo ./sgx_enable
+```
+
+Note: if you are not using Ubuntu 18.04 (something that we do not recommend), you may need
+to rebuild the sgx-software-enable utility before use by typing:
+
+```bash
+cd sgx-software-enable;
+make
+```
 
--   Build `sgx-enable` utility by typing `cd  sgx-software-enable; make`
--   Run `./sgx_enable`.  Verify that it says that **SGX** is successfully enabled
 
 ## Install SGX driver
 
@@ -44,18 +164,18 @@ cd scripts; sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin; cd ..
 Reboot you machine after driver install.  Do `ls /dev/isgx` to check that `isgx` device is properly installed.
 If you do not see the `isgx` device, you need to troubleshoot your driver installation.
 
-## Install docker and docker-compose
 
-```
-sudo apt-get install docker.io docker-compose
-```
+## Run sgxwallet in secure SGX mode
 
-## Run the latest sgxwallet docker container from dockerhub
+Run the latest sgxwallet docker container image in SGX mode
 
 ```
+cd run_sgx; 
 sudo docker-compose up -d
 ```
 
+You should see "SGX Server started message".
+
 # Development
 
 ## Install Prerequisites
@@ -68,14 +188,12 @@ sudo apt-get install build-essential make cmake gcc g++ yasm  python libprotobuf
 
 ```bash
 cd scripts; sudo ./sgx_linux_x64_sdk_2.5.100.49891.bin; cd ..
-
 ```
 
 ## Install required debian packages
 
 ```bash
 cd scripts; sudo ./install_packages.sh; cd ..
-
 ```
 
 ## Build dependencies
@@ -84,7 +202,6 @@ Dependencies only need to be built once.
 
 ```bash
 cd scripts; ./build.py; cd ..
-
 ```
 
 ## Configure and build sgxwallet

ServerInit.cpp

@@ -58,15 +58,28 @@
 
 #include "spdlog/spdlog.h"
 
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+
 #include <sys/types.h>
 #include <sys/stat.h>
+
 //#include <system>
 
 void init_daemon() {
 
     libff::init_alt_bn128_params();
 
-    std::string sgx_data_folder = SGXDATA_FOLDER;
+
+    char cwd[PATH_MAX];
+    if (getcwd(cwd, sizeof(cwd)) == NULL) {
+        spdlog::error("could not get cwd");
+        exit(-1);
+    }
+
+
+    std::string sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
     struct stat info;
     if (stat(sgx_data_folder.c_str(), &info) !=0 ){
       spdlog::info("going to create sgx_data folder");
@@ -75,7 +88,7 @@ void init_daemon() {
         spdlog::info("sgx_data folder was created");
       }
       else{
-        spdlog::info("creating sgx_data folder failed");
+        spdlog::error("creating sgx_data folder failed");
         exit(-1);
       }
     }
@@ -155,6 +168,8 @@ void init_all(bool check_cert, bool sign_automatically) {
 
     sgxServerInited = 1;
 
+    init_daemon();
+
     if (is_sgx_https) {
       init_https_server(check_cert);
       init_registration_server(sign_automatically);
@@ -165,5 +180,5 @@ void init_all(bool check_cert, bool sign_automatically) {
     }
     init_enclave();
     //std::cerr << "enclave inited" << std::endl;
-    init_daemon();
+
 }

docker/start.sh

@@ -8,5 +8,5 @@ jhid -d
 pid=$!
 
 sleep 2
-/usr/src/sdk/sgxwallet $1
+cd /usr/src/sdk; ./sgxwallet $1 $2 $3 $4
 

github-markdown-toc @ 83fadb60

+Subproject commit 83fadb60a7f1607c1c46e868ed2a866bb70b4c76

docker-compose.yml → run_sgx/docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - "/dev/isgx"
       - "/dev/mei0"
     volumes:
-      - ./sgx_data:/sgx_data
+      - ./sgx_data:/usr/src/sdk/sgx_data
     restart: unless-stopped
     command: -s
 

docker-compose-sim.yml → run_sgx_sim/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       - "1027:1027"
       - "1028:1028"
     volumes:
-      - ./sgx_data:/sgx_data
+      - ./sgx_data:/usr/src/sdk/sgx_data
     restart: unless-stopped
     command: -s