Skip to content

S
sgxwallet
Unverified Commit 7d5c41bc authored by Stan Kladko's avatar Stan Kladko Committed by GitHub
Browse files
Options

Merge pull request #152 from skalenetwork/SKALE-3159-test-fails 

Skale 3159 test fails
parents f46249b5 e815de42
Hide whitespace changes
Inline Side-by-side
Showing with 116 additions and 43 deletions
DockerfileSimulation
View file @ 7d5c41bc
......@@ -6,6 +6,7 @@ RUN apt update && apt install -y curl
RUN ccache -sz
COPY . /usr/src/sdk
RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml
WORKDIR /usr/src/sdk
RUN ./autoconf.bash && \
./configure --enable-sgx-simulation && \
......
Log.h
View file @ 7d5c41bc
......@@ -39,6 +39,7 @@
#include "InvalidArgumentException.h"
#include "InvalidStateException.h"
#include <boost/core/ignore_unused.hpp>
#include "common.h"
#include <shared_mutex>
......@@ -74,22 +75,25 @@ public:
};
#define INIT_RESULT(__RESULT__) Json::Value __RESULT__; \
int errStatus = UNKNOWN_ERROR; string errMsg(BUF_LEN, '\0');__RESULT__["status"] = UNKNOWN_ERROR; __RESULT__["errorMessage"] = \
int errStatus = UNKNOWN_ERROR; boost::ignore_unused(errStatus); string errMsg(BUF_LEN, '\0');__RESULT__["status"] = UNKNOWN_ERROR; __RESULT__["errorMessage"] = \
"Server error. Please see server log.";
#define HANDLE_SGX_EXCEPTION(__RESULT__) \
catch (SGXException& _e) { \
if (_e.status != 0) {__RESULT__["status"] = _e.status;} else { __RESULT__["status"] = UNKNOWN_ERROR;}; \
__RESULT__["errorMessage"] = _e.errString; \
__RESULT__["errorMessage"] = _e.errString; \
spdlog::error("JSON call failed {}", __FUNCTION__); \
return __RESULT__; \
} catch (exception& _e) { \
__RESULT__["errorMessage"] = _e.what(); \
spdlog::error("JSON call failed {}", __FUNCTION__); \
return __RESULT__; \
}\
catch (...) { \
exception_ptr p = current_exception(); \
printf("Exception %s \n", p.__cxa_exception_type()->name()); \
__RESULT__["errorMessage"] = "Unknown exception"; \
__RESULT__["errorMessage"] = "Unknown exception"; \
spdlog::error("JSON call failed {}", __FUNCTION__); \
return __RESULT__; \
}
......
SEKManager.cpp
View file @ 7d5c41bc
......@@ -234,7 +234,7 @@ void enter_SEK() {
void initSEK() {
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encryptKeys) {
if (enterBackupKey) {
enter_SEK();
} else {
if (encr_SEK_ptr == nullptr) {
......
SGXRegistrationServer.cpp
View file @ 7d5c41bc
......@@ -46,10 +46,10 @@
#include "Log.h"
#include "common.h"
int printDebugInfo = -1;
int useHTTPS = -1;
int encryptKeys = -1;
int autoconfirm = -1;
bool printDebugInfo = false;
bool useHTTPS = false;
bool enterBackupKey = false;
bool autoconfirm = false;
shared_ptr <SGXRegistrationServer> SGXRegistrationServer::server = nullptr;
shared_ptr <HttpServer> SGXRegistrationServer::httpServer = nullptr;
......
SGXWalletServer.cpp
View file @ 7d5c41bc
......@@ -54,7 +54,8 @@
using namespace std;
void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _encryptKeys) {
void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) {
spdlog::info("Entering {}", __FUNCTION__);
CHECK_STATE(_logLevel <= 2)
......@@ -70,11 +71,12 @@ void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _en
spdlog::info("useHTTPS set to " + to_string(_useHTTPS));
autoconfirm = _autoconfirm;
spdlog::info("autoconfirm set to " + to_string(autoconfirm));
encryptKeys = _encryptKeys;
spdlog::info("encryptKeys set to " + to_string(encryptKeys));
enterBackupKey = _enterBackupKey;
spdlog::info("enterBackupKey set to " + to_string(enterBackupKey));
}
void setOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm) {
spdlog::info("Entering {}", __FUNCTION__);
setFullOptions(_logLevel, _useHTTPS, _autoconfirm, false);
}
......@@ -107,6 +109,7 @@ void SGXWalletServer::printDB() {
}
int SGXWalletServer::initHttpsServer(bool _checkCerts) {
spdlog::info("Entering {}", __FUNCTION__);
string rootCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
string keyCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
......@@ -154,6 +157,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
}
int SGXWalletServer::initHttpServer() { //without ssl
spdlog::info("Entering {}", __FUNCTION__);
httpServer = make_shared<HttpServer>(BASE_PORT + 3);
server = make_shared<SGXWalletServer>(*httpServer,
JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
......@@ -166,7 +170,7 @@ int SGXWalletServer::initHttpServer() { //without ssl
Json::Value
SGXWalletServer::importBLSKeyShareImpl(const string &_keyShare, const string &_keyShareName, int t, int n, int _index) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["encryptedKeyShare"] = "";
......@@ -195,7 +199,7 @@ SGXWalletServer::importBLSKeyShareImpl(const string &_keyShare, const string &_k
Json::Value
SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const string &_messageHash, int t, int n,
int _signerIndex) {
spdlog::trace("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["status"] = -1;
......@@ -242,6 +246,7 @@ Json::Value SGXWalletServer::importECDSAKeyImpl(const string &_key, const string
}
Json::Value SGXWalletServer::generateECDSAKeyImpl() {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["encryptedKey"] = "";
......@@ -268,6 +273,7 @@ Json::Value SGXWalletServer::generateECDSAKeyImpl() {
}
Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const string &_tempKeyName) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["encryptedKey"] = "";
......@@ -295,6 +301,7 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
}
Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_keyName, const string &_messageHash) {
spdlog::trace("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["signature_v"] = "";
......@@ -339,6 +346,7 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
}
Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
spdlog::debug("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["publicKey"] = "";
......@@ -360,6 +368,7 @@ Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
}
Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
string encrPolyHex;
......@@ -380,6 +389,7 @@ Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t
}
Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, int _t, int _n) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
vector <vector<string>> verifVector;
......@@ -408,6 +418,7 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
}
Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result);
result["secretShare"] = "";
result["SecretShare"] = "";
......@@ -443,6 +454,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, const string &_ethKeyName,
const string &_secretShare, int _t, int _n, int _index) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["result"] = false;
......@@ -473,6 +485,7 @@ Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, co
Json::Value
SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string &_ethKeyName, const string &_polyName,
const string &_secretShare, int _t, int _n) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
try {
......@@ -518,6 +531,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
}
Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
try {
......@@ -536,6 +550,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
}
Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int _ind) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
try {
......@@ -568,6 +583,7 @@ Json::Value SGXWalletServer::multG2Impl(const string &_x) {
}
Json::Value SGXWalletServer::isPolyExistsImpl(const string &_polyName) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["IsExist"] = false;
......@@ -595,6 +611,7 @@ Json::Value SGXWalletServer::getServerVersionImpl() {
}
Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) {
spdlog::info("Entering {}", __FUNCTION__);
INIT_RESULT(result)
result["deleted"] = false;
......
SGXWalletServer.h
View file @ 7d5c41bc
......@@ -30,7 +30,7 @@
#define EXTERNC
#endif
EXTERNC void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _encryptKeys);
EXTERNC void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey);
EXTERNC void setOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm);
......
VERSION
View file @ 7d5c41bc
1.57.0
\ No newline at end of file
1.58.0
\ No newline at end of file
docker/start.sh
View file @ 7d5c41bc
......@@ -24,10 +24,6 @@ ls /root/.rnd;
cd /usr/src/sdk;
echo "Checking that sgxwallet can connect to SGX whitelist update server whitelist.trustedservices.intel.com "
echo "If this test fails, you need to update your network config or firewall to allow this connection"
curl -I http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin
if [[ -f "/var/hwmode" ]]
then
......@@ -37,6 +33,9 @@ jhid -d
/opt/intel/sgxpsw/aesm/aesm_service &
pid=$!
sleep 2
echo "Checking that sgxwallet can connect to SGX whitelist update server whitelist.trustedservices.intel.com "
echo "If this test fails, you need to update your network config or firewall to allow this connection"
curl -I http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin
else
echo "Running in SGX simulation mode"
fi
......
secure_enclave/EnclaveCommon.cpp
View file @ 7d5c41bc
......@@ -162,13 +162,23 @@ int inited = 0;
domain_parameters curve;
void enclave_init() {
LOG_INFO(__FUNCTION__ );
if (inited == 1)
return;
inited = 1;
libff::init_alt_bn128_params();
curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
LOG_INFO("Initing libff");
try {
libff::init_alt_bn128_params();
curve = domain_parameters_init();
domain_parameters_load_curve(curve, secp256k1);
} catch (exception& e) {
LOG_ERROR("Exception in libff init");
LOG_ERROR(e.what());
}
LOG_INFO("Inited libff");
}
bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,
......
secure_enclave/secure_enclave.c
View file @ 7d5c41bc
......@@ -113,20 +113,33 @@ void free_function(void *, size_t);
unsigned char *globalRandom;
void trustedEnclaveInit(uint32_t _logLevel) {
LOG_DEBUG(__FUNCTION__);
LOG_INFO(__FUNCTION__);
globalLogLevel_ = _logLevel;
oc_realloc_func = &reallocate_function;
oc_free_func = &free_function;
LOG_INFO("Setting memory functions");
mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func);
mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
LOG_INFO("Reading random");
globalRandom = calloc(32,1);
auto ret = sgx_read_rand(globalRandom, 32);
if(ret != SGX_SUCCESS)
{
LOG_ERROR("sgx_read_rand failed. Aboring enclave.");
abort();
}
globalRandom = (unsigned char *) calloc(32, 1);
sgx_read_rand(globalRandom, 32);
LOG_INFO("Calling enclave init");
enclave_init();
......
secure_enclave/secure_enclave.config.xml.sim 0 → 100644
View file @ 7d5c41bc
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x1000000</StackMaxSize>
<HeapMaxSize>0x10000000</HeapMaxSize>
<TCSNum>32</TCSNum>
<TCSMaxNum>32</TCSMaxNum>
<TCSMinPool>32</TCSMinPool>
<TCSPolicy>0</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
sgxwall.cpp
View file @ 7d5c41bc
......@@ -44,16 +44,17 @@ void SGXWallet::usage() {
}
void SGXWallet::printUsage() {
cerr << "Available flags:\n";
cerr << "-c Do not verify client certificate\n";
cerr << "-s Sign client certificate without human confirmation \n";
cerr << "-d Turn on debug output\n";
cerr << "-v Verbose mode: turn on debug output\n";
cerr << "-vv Detailed verbose mode: turn on debug and trace outputs\n";
cerr << "-n Launch SGXWalletServer using http (not https)\n";
cerr << "-b Restore from back up (you will need to enter backup key) \n";
cerr << "-y Do not ask user to acknowledge receipt of backup key \n";
cerr << "-T Generate test keys \n";
cerr << "\nAvailable flags:\n";
cerr << "\nDebug flags:\n\n";
cerr << " -v Verbose mode: turn on debug output\n";
cerr << " -vv Detailed verbose mode: turn on debug and trace outputs\n";
cerr << "\nBackup, restore, update flags:\n\n";
cerr << " -b Restore from back up or software update. You will need to type in the backup key. \n";
cerr << " -y Do not ask user to acknowledge receipt of the backup key \n";
cerr << "\nHTTPS flags:\n\n";
cerr << " -n Launch sgxwallet using http. Default is to use https with a selg-signed server cert. \n";
cerr << " -c Do not verify SSL client certs\n";
cerr << " -s Sign SSL client certs without human confirmation \n";
}
......@@ -87,7 +88,7 @@ void SGXWallet::serializeKeys(const vector<string>& _ecdsaKeyNames, const vector
int main(int argc, char *argv[]) {
bool encryptKeysOption = false;
bool enterBackupKeyOption = false;
bool useHTTPSOption = true;
bool printDebugInfoOption = false;
bool printTraceInfoOption = false;
......@@ -131,10 +132,10 @@ int main(int argc, char *argv[]) {
useHTTPSOption = false;
break;
case 'a':
encryptKeysOption = false;
enterBackupKeyOption = false;
break;
case 'b':
encryptKeysOption = true;
enterBackupKeyOption = true;
break;
case 'y':
autoconfirmOption = true;
......@@ -159,7 +160,7 @@ int main(int argc, char *argv[]) {
logLevel = L_TRACE;
}
setFullOptions(logLevel, useHTTPSOption, autoconfirmOption, encryptKeysOption);
setFullOptions(logLevel, useHTTPSOption, autoconfirmOption, enterBackupKeyOption);
uint32_t enclaveLogLevel = L_INFO;
......
sgxwallet_common.h
View file @ 7d5c41bc
......@@ -44,9 +44,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <stdbool.h>
extern int useHTTPS;
extern int encryptKeys;
extern int autoconfirm;
extern bool useHTTPS;
extern bool enterBackupKey;
extern bool autoconfirm;
#define BUF_LEN 4096
......
testw.cpp
View file @ 7d5c41bc
......@@ -461,8 +461,18 @@ TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion());
}
TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
REQUIRE(SGXRegistrationServer::getServer() != nullptr);
PRINT_SRC_LINE
REQUIRE_NOTHROW(SGXRegistrationServer::getServer());
PRINT_SRC_LINE
string csrFile = "insecure-samples/yourdomain.csr";
......@@ -472,9 +482,13 @@ TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
ss << infile.rdbuf();
infile.close();
PRINT_SRC_LINE
auto result = SGXRegistrationServer::getServer()->SignCertificate(ss.str());
REQUIRE(result["status"] == 0);
PRINT_SRC_LINE
result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment