Merge branch 'develop' into bug/SKALE-3114-bls-import-error

DockerfileSimulation

@@ -6,6 +6,7 @@ RUN apt update &&  apt install -y curl
 RUN ccache -sz
 
 COPY . /usr/src/sdk
+RUN cp -f secure_enclave/secure_enclave.config.xml.sim secure_enclave/secure_enclave.config.xml
 WORKDIR /usr/src/sdk
 RUN ./autoconf.bash && \
     ./configure --enable-sgx-simulation && \

Log.h

@@ -39,6 +39,7 @@
 #include "InvalidArgumentException.h"
 #include "InvalidStateException.h"
 
+#include <boost/core/ignore_unused.hpp>
 #include "common.h"
 
 #include <shared_mutex>
@@ -74,22 +75,25 @@ public:
 };
 
 #define INIT_RESULT(__RESULT__)     Json::Value __RESULT__; \
-              int errStatus = UNKNOWN_ERROR; string errMsg(BUF_LEN, '\0');__RESULT__["status"] = UNKNOWN_ERROR; __RESULT__["errorMessage"] = \
+              int errStatus = UNKNOWN_ERROR; boost::ignore_unused(errStatus); string errMsg(BUF_LEN, '\0');__RESULT__["status"] = UNKNOWN_ERROR; __RESULT__["errorMessage"] = \
 "Server error. Please see server log.";
 
 #define HANDLE_SGX_EXCEPTION(__RESULT__) \
     catch (SGXException& _e) { \
       if (_e.status != 0) {__RESULT__["status"] = _e.status;} else { __RESULT__["status"]  = UNKNOWN_ERROR;}; \
-      __RESULT__["errorMessage"] = _e.errString; \
+      __RESULT__["errorMessage"] = _e.errString;                                                              \
+      spdlog::error("JSON call failed {}", __FUNCTION__);                             \
       return __RESULT__; \
       } catch (exception& _e) { \
       __RESULT__["errorMessage"] = _e.what(); \
+      spdlog::error("JSON call failed {}", __FUNCTION__);                                   \
       return __RESULT__; \
       }\
       catch (...) { \
       exception_ptr p = current_exception(); \
       printf("Exception %s \n", p.__cxa_exception_type()->name()); \
-      __RESULT__["errorMessage"] = "Unknown exception"; \
+      __RESULT__["errorMessage"] = "Unknown exception";                                                       \
+      spdlog::error("JSON call failed {}", __FUNCTION__);                                   \
       return __RESULT__; \
       }
 

SEKManager.cpp

@@ -234,7 +234,7 @@ void enter_SEK() {
 
 void initSEK() {
   std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
-  if (encryptKeys) {
+  if (enterBackupKey) {
     enter_SEK();
   } else {
       if (encr_SEK_ptr == nullptr) {

SGXRegistrationServer.cpp

@@ -46,10 +46,10 @@
 #include "Log.h"
 #include "common.h"
 
-int printDebugInfo = -1;
-int useHTTPS = -1;
-int encryptKeys = -1;
-int autoconfirm = -1;
+bool printDebugInfo = false;
+bool useHTTPS = false;
+bool enterBackupKey = false;
+bool autoconfirm = false;
 
 shared_ptr <SGXRegistrationServer> SGXRegistrationServer::server = nullptr;
 shared_ptr <HttpServer> SGXRegistrationServer::httpServer = nullptr;

SGXWalletServer.cpp

@@ -54,7 +54,8 @@
 
 using namespace std;
 
-void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _encryptKeys) {
+void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey) {
+    spdlog::info("Entering {}", __FUNCTION__);
 
     CHECK_STATE(_logLevel <= 2)
 
@@ -70,11 +71,12 @@ void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _en
     spdlog::info("useHTTPS set to " + to_string(_useHTTPS));
     autoconfirm = _autoconfirm;
     spdlog::info("autoconfirm set to " + to_string(autoconfirm));
-    encryptKeys = _encryptKeys;
-    spdlog::info("encryptKeys set to " + to_string(encryptKeys));
+    enterBackupKey = _enterBackupKey;
+    spdlog::info("enterBackupKey set to " + to_string(enterBackupKey));
 }
 
 void setOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm) {
+    spdlog::info("Entering {}", __FUNCTION__);
     setFullOptions(_logLevel, _useHTTPS, _autoconfirm, false);
 }
 
@@ -107,6 +109,7 @@ void SGXWalletServer::printDB() {
 }
 
 int SGXWalletServer::initHttpsServer(bool _checkCerts) {
+    spdlog::info("Entering {}", __FUNCTION__);
     string rootCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
     string keyCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
 
@@ -154,6 +157,7 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
 }
 
 int SGXWalletServer::initHttpServer() { //without ssl
+    spdlog::info("Entering {}", __FUNCTION__);
     httpServer = make_shared<HttpServer>(BASE_PORT + 3);
     server = make_shared<SGXWalletServer>(*httpServer,
                                           JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
@@ -166,7 +170,7 @@ int SGXWalletServer::initHttpServer() { //without ssl
 
 Json::Value
 SGXWalletServer::importBLSKeyShareImpl(const string &_keyShare, const string &_keyShareName, int t, int n, int _index) {
-
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result);
 
     result["encryptedKeyShare"] = "";
@@ -195,7 +199,7 @@ SGXWalletServer::importBLSKeyShareImpl(const string &_keyShare, const string &_k
 Json::Value
 SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const string &_messageHash, int t, int n,
                                         int _signerIndex) {
-
+    spdlog::trace("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     result["status"] = -1;
@@ -242,6 +246,7 @@ Json::Value SGXWalletServer::importECDSAKeyImpl(const string &_key, const string
 }
 
 Json::Value SGXWalletServer::generateECDSAKeyImpl() {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
     result["encryptedKey"] = "";
 
@@ -268,6 +273,7 @@ Json::Value SGXWalletServer::generateECDSAKeyImpl() {
 }
 
 Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const string &_tempKeyName) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
     result["encryptedKey"] = "";
 
@@ -295,6 +301,7 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
 }
 
 Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_keyName, const string &_messageHash) {
+    spdlog::trace("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     result["signature_v"] = "";
@@ -338,6 +345,7 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
 }
 
 Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
+    spdlog::debug("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     result["publicKey"] = "";
@@ -359,6 +367,7 @@ Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
 }
 
 Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     string encrPolyHex;
@@ -379,6 +388,7 @@ Json::Value SGXWalletServer::generateDKGPolyImpl(const string &_polyName, int _t
 }
 
 Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName, int _t, int _n) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     vector <vector<string>> verifVector;
@@ -407,6 +417,7 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
 }
 
 Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const Json::Value &_pubKeys, int _t, int _n) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result);
     result["secretShare"] = "";
     result["SecretShare"] = "";
@@ -442,6 +453,7 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
 
 Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, const string &_ethKeyName,
                                                  const string &_secretShare, int _t, int _n, int _index) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
     result["result"] = false;
 
@@ -472,6 +484,7 @@ Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, co
 Json::Value
 SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string &_ethKeyName, const string &_polyName,
                                          const string &_secretShare, int _t, int _n) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     try {
@@ -515,6 +528,7 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
 }
 
 Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     try {
@@ -533,6 +547,7 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
 }
 
 Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int _ind) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     try {
@@ -565,6 +580,7 @@ Json::Value SGXWalletServer::multG2Impl(const string &_x) {
 }
 
 Json::Value SGXWalletServer::isPolyExistsImpl(const string &_polyName) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     result["IsExist"] = false;
@@ -592,6 +608,7 @@ Json::Value SGXWalletServer::getServerVersionImpl() {
 }
 
 Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) {
+    spdlog::info("Entering {}", __FUNCTION__);
     INIT_RESULT(result)
 
     result["deleted"] = false;

SGXWalletServer.h

@@ -30,7 +30,7 @@
 #define EXTERNC
 #endif
 
-EXTERNC void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _encryptKeys);
+EXTERNC void setFullOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm, int _enterBackupKey);
 
 
 EXTERNC void setOptions(uint64_t _logLevel, int _useHTTPS, int _autoconfirm);

VERSION

-1.57.0
+1.58.0
\ No newline at end of file

docker/start.sh

@@ -24,10 +24,6 @@ ls /root/.rnd;
 
 cd /usr/src/sdk;
 
-echo "Checking that sgxwallet can connect to SGX whitelist update server whitelist.trustedservices.intel.com "
-echo "If this test fails, you need to update your network config or firewall to allow this connection"
-
-curl  -I http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin
 
 if [[ -f "/var/hwmode" ]]
 then
@@ -37,6 +33,9 @@ jhid -d
 /opt/intel/sgxpsw/aesm/aesm_service &
 pid=$!
 sleep 2
+echo "Checking that sgxwallet can connect to SGX whitelist update server whitelist.trustedservices.intel.com "
+echo "If this test fails, you need to update your network config or firewall to allow this connection"
+curl  -I http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin
 else
 echo "Running in SGX simulation mode"
 fi

secure_enclave/EnclaveCommon.cpp

@@ -164,13 +164,23 @@ int inited = 0;
 domain_parameters curve;
 
 void enclave_init() {
+
+    LOG_INFO(__FUNCTION__ );
+
     if (inited == 1)
         return;
     inited = 1;
-    libff::init_alt_bn128_params();
 
-    curve = domain_parameters_init();
-    domain_parameters_load_curve(curve, secp256k1);
+    LOG_INFO("Initing libff");
+    try {
+        libff::init_alt_bn128_params();
+        curve = domain_parameters_init();
+        domain_parameters_load_curve(curve, secp256k1);
+    } catch (exception& e) {
+        LOG_ERROR("Exception in libff init");
+        LOG_ERROR(e.what());
+    }
+    LOG_INFO("Inited libff");
 }
 
 bool enclave_sign(const char *_keyString, const char *_hashXString, const char *_hashYString,

secure_enclave/secure_enclave.c

@@ -113,20 +113,33 @@ void free_function(void *, size_t);
 unsigned char *globalRandom;
 
 void trustedEnclaveInit(uint32_t _logLevel) {
-    LOG_DEBUG(__FUNCTION__);
+    LOG_INFO(__FUNCTION__);
 
     globalLogLevel_ = _logLevel;
 
     oc_realloc_func = &reallocate_function;
     oc_free_func = &free_function;
 
+    LOG_INFO("Setting memory functions");
+
     mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func);
     mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func);
 
+    LOG_INFO("Reading random");
+
+
+    globalRandom = calloc(32,1);
+
+    auto ret = sgx_read_rand(globalRandom, 32);
+
+    if(ret != SGX_SUCCESS)
+    {
+        LOG_ERROR("sgx_read_rand failed. Aboring enclave.");
+        abort();
+    }
 
-    globalRandom = (unsigned char *) calloc(32, 1);
 
-    sgx_read_rand(globalRandom, 32);
+    LOG_INFO("Calling enclave init");
 
     enclave_init();
 

secure_enclave/secure_enclave.config.xml.sim

+<EnclaveConfiguration>
+ <ProdID>0</ProdID>
+ <ISVSVN>0</ISVSVN>
+ <StackMaxSize>0x1000000</StackMaxSize>
+ <HeapMaxSize>0x10000000</HeapMaxSize>
+ <TCSNum>32</TCSNum>
+ <TCSMaxNum>32</TCSMaxNum>
+ <TCSMinPool>32</TCSMinPool>
+ <TCSPolicy>0</TCSPolicy>
+ <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+ <DisableDebug>0</DisableDebug>
+ <MiscSelect>0</MiscSelect>
+ <MiscMask>0xFFFFFFFF</MiscMask>
+ </EnclaveConfiguration>

sgxwall.cpp

@@ -44,16 +44,17 @@ void SGXWallet::usage() {
 }
 
 void SGXWallet::printUsage() {
-    cerr << "Available flags:\n";
-    cerr << "-c  Do not verify client certificate\n";
-    cerr << "-s  Sign client certificate without human confirmation \n";
-    cerr << "-d  Turn on debug output\n";
-    cerr << "-v  Verbose mode: turn on debug output\n";
-    cerr << "-vv Detailed verbose mode: turn on debug and trace outputs\n";
-    cerr << "-n  Launch SGXWalletServer using http (not https)\n";
-    cerr << "-b  Restore from back up (you will need to enter backup key) \n";
-    cerr << "-y  Do not ask user to acknowledge receipt of backup key \n";
-    cerr << "-T  Generate test keys \n";
+    cerr << "\nAvailable flags:\n";
+    cerr << "\nDebug flags:\n\n";
+    cerr << "   -v  Verbose mode: turn on debug output\n";
+    cerr << "   -vv Detailed verbose mode: turn on debug and trace outputs\n";
+    cerr << "\nBackup, restore, update flags:\n\n";
+    cerr << "   -b  Restore from back up or software update. You will need to type in the backup key. \n";
+    cerr << "   -y  Do not ask user to acknowledge receipt of the backup key \n";
+    cerr << "\nHTTPS flags:\n\n";
+    cerr << "   -n  Launch sgxwallet using http. Default is to use https with a selg-signed server cert.  \n";
+    cerr << "   -c  Do not verify SSL client certs\n";
+    cerr << "   -s  Sign SSL client certs without human confirmation \n";
 }
 
 
@@ -86,7 +87,7 @@ void SGXWallet::serializeKeys(const vector<string>& _ecdsaKeyNames, const vector
 
 
 int main(int argc, char *argv[]) {
-    bool encryptKeysOption  = false;
+    bool enterBackupKeyOption  = false;
     bool useHTTPSOption = true;
     bool printDebugInfoOption = false;
     bool printTraceInfoOption = false;
@@ -130,10 +131,10 @@ int main(int argc, char *argv[]) {
                 useHTTPSOption = false;
                 break;                
             case 'a':
-                encryptKeysOption = false;
+                enterBackupKeyOption = false;
                 break;
             case 'b':
-                encryptKeysOption = true;
+                enterBackupKeyOption = true;
                 break;
             case 'y':
                 autoconfirmOption = true;
@@ -158,7 +159,7 @@ int main(int argc, char *argv[]) {
         logLevel = L_TRACE;
     }
 
-    setFullOptions(logLevel, useHTTPSOption, autoconfirmOption, encryptKeysOption);
+    setFullOptions(logLevel, useHTTPSOption, autoconfirmOption, enterBackupKeyOption);
 
     uint32_t enclaveLogLevel = L_INFO;
 

sgxwallet_common.h

@@ -44,9 +44,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include <stdbool.h>
 
-extern int useHTTPS;
-extern int encryptKeys;
-extern int autoconfirm;
+extern bool useHTTPS;
+extern bool enterBackupKey;
+extern bool autoconfirm;
 
 #define BUF_LEN 4096
 

testw.cpp

@@ -461,8 +461,18 @@ TEST_CASE_METHOD(TestFixture, "Get ServerVersion", "[get-server-version]") {
     REQUIRE(c.getServerVersion()["version"] == SGXWalletServer::getVersion());
 }
 
+
+
+
+
+
 TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
-    REQUIRE(SGXRegistrationServer::getServer() != nullptr);
+
+    PRINT_SRC_LINE
+
+    REQUIRE_NOTHROW(SGXRegistrationServer::getServer());
+
+    PRINT_SRC_LINE
 
     string csrFile = "insecure-samples/yourdomain.csr";
 
@@ -472,9 +482,13 @@ TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
     ss << infile.rdbuf();
     infile.close();
 
+    PRINT_SRC_LINE
+
     auto result = SGXRegistrationServer::getServer()->SignCertificate(ss.str());
 
     REQUIRE(result["status"] == 0);
+
+
     PRINT_SRC_LINE
     result = SGXRegistrationServer::getServer()->SignCertificate("Haha");