Merge branch 'develop' into SKALE-3189-fix-build

83599fbf · Stan Kladko · GitHub · 54bd23a9 · 06f17ec4 · 83599fbf
Unverified Commit 83599fbf authored Sep 01, 2020 by Stan Kladko Committed by GitHub Sep 01, 2020
11 changed files
--- a/Dockerfile
+++ b/Dockerfile
 FROM skalenetwork/sgxwallet_base:latest

 COPY . /usr/src/sdk
-RUN apt update && apt install -y curl
+RUN apt update && apt install -y curl secure-delete
 WORKDIR /usr/src/sdk
 RUN touch /var/hwmode
 RUN ./autoconf.bash

--- a/DockerfileBase
+++ b/DockerfileBase
-FROM ubuntu:bionic
+FROM ubuntu:xenial


 COPY . /usr/src/sdk

--- a/DockerfileRelease
+++ b/DockerfileRelease
@@ -2,7 +2,7 @@ FROM skalenetwork/sgxwallet_base:latest

 COPY . /usr/src/sdk
 RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml
-RUN apt update && apt install -y curl
+RUN apt update && apt install -y curl secure-delete
 WORKDIR /usr/src/sdk
 #Test signing key generation
 RUN cd scripts && ./generate_signing_key.bash

--- a/DockerfileSimulation
+++ b/DockerfileSimulation
 FROM skalenetwork/sgxwallet_base:latest


-RUN apt update &&  apt install -y curl
+RUN apt update &&  apt install -y curl secure-delete

 RUN ccache -sz


--- a/Makefile.am
+++ b/Makefile.am
@@ -102,7 +102,7 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -l$(SGX_UAE_SERVICE_LIB) -LlibBLS/deps/deps_in
   -l:libbls.a -l:libleveldb.a \
   -l:libff.a -lgmp -ldl -l:libsgx_capable.a -l:libsgx_tprotected_fs.a \
   -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd \
-    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread
+    -lboost_system -lboost_thread -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -lstdc++fs


 testw_SOURCES=testw.cpp $(COMMON_SRC)

--- a/SEKManager.cpp
+++ b/SEKManager.cpp
--- a/secure_enclave/Makefile.in
+++ b/secure_enclave/Makefile.in
@@ -323,8 +323,7 @@ AM_CFLAGS = @SGX_ENCLAVE_CFLAGS@
 AM_CPPFLAGS = @SGX_ENCLAVE_CPPFLAGS@ -Wall \
 	-Wno-implicit-function-declaration $(TGMP_CPPFLAGS) \
 	-I./third_party/SCIPR -I../third_party/SCIPR \
-	-I../sgx-sdk-build/sgxsdk/include/libcxx \
-	-I../intel-sgx-ssl/Linux/package/include
+	-I../sgx-sdk-build/sgxsdk/include/libcxx
 AM_CXXFLAGS = @SGX_ENCLAVE_CXXFLAGS@ @SGX_ENCLAVE_CFLAGS@ -fno-builtin \
 	-fstack-protector-strong
 AM_LDFLAGS = @SGX_ENCLAVE_LDFLAGS@ $(TGMP_LDFLAGS) -L./tgmp-build/lib \
@@ -344,7 +343,7 @@ secure_enclave_SOURCES = secure_enclave_t.c secure_enclave_t.h \
                ../third_party/SCIPR/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp $(ENCLAVE_KEY) $(ENCLAVE_CONFIG)

 secure_enclave_LDADD = @SGX_ENCLAVE_LDADD@
-SGX_EXTRA_TLIBS = -lsgx_tgmp -lsgx_tservice  -lsgx_urts -lsgx_tcxx ../intel-sgx-ssl/Linux/package/lib64/libsgx_tsgxssl_crypto.a
+SGX_EXTRA_TLIBS = -lsgx_tgmp -lsgx_tservice  -lsgx_urts -lsgx_tcxx 
 all: all-am

 .SUFFIXES:

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -84,7 +84,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
        goto clean;}

 #define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
-snprintf(errString, BUF_LEN, __ERRMESSAGE__); \
+LOG_ERROR(__FUNCTION__); \
+snprintf(errString, BUF_LEN, "failed with status %d : %s",  status,  __ERRMESSAGE__); \
 LOG_ERROR(errString); \
 *errStatus = status; \
 goto clean; \
@@ -112,7 +113,17 @@ void free_function(void *, size_t);

 unsigned char *globalRandom;

+
+#define CALL_ONCE \
+    static volatile bool called = false;\
+    if (called)  { \
+        LOG_ERROR(__FUNCTION__); \
+        LOG_ERROR("This function shouldnt be called twice. Aborting!"); \
+        abort(); \
+    } else {called = true;};
+
 void trustedEnclaveInit(uint32_t _logLevel) {
+    CALL_ONCE
    LOG_INFO(__FUNCTION__);

    globalLogLevel_ = _logLevel;
@@ -130,7 +141,7 @@ void trustedEnclaveInit(uint32_t _logLevel) {

    globalRandom = calloc(32,1);

-    auto ret = sgx_read_rand(globalRandom, 32);
+    int ret = sgx_read_rand(globalRandom, 32);

    if(ret != SGX_SUCCESS)
    {
@@ -200,7 +211,6 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
 }

 void get_global_random(unsigned char *_randBuff, uint64_t _size) {
-
    char errString[BUF_LEN];
    int status;
    int *errStatus = &status;
@@ -223,11 +233,13 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {

 void sealHexSEK(int *errStatus, char *errString,
                        uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+    CALL_ONCE
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE

    CHECK_STATE(encrypted_sek);
    CHECK_STATE(sek_hex);
+    CHECK_STATE(strnlen(sek_hex, 33) == 32)
    

    uint64_t plaintextLen = strlen(sek_hex + 1);
@@ -262,15 +274,17 @@ void sealHexSEK(int *errStatus, char *errString,

    SET_SUCCESS
    clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

 void trustedGenerateSEK(int *errStatus, char *errString,
                        uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) {
+    CALL_ONCE
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE

+
    CHECK_STATE(encrypted_sek);
    CHECK_STATE(sek_hex);

@@ -281,18 +295,19 @@ void trustedGenerateSEK(int *errStatus, char *errString,

    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);

-    if (errStatus != 0) {
+    if (*errStatus != 0) {
        LOG_ERROR("sealHexSEK failed");
        goto clean;
    }

    SET_SUCCESS
    clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

 void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
+    CALL_ONCE
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE
    CHECK_STATE(encrypted_sek);
@@ -319,12 +334,13 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {

    SET_SUCCESS
    clean:
-    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

 void trustedSetSEK_backup(int *errStatus, char *errString,
                          uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) {
+    CALL_ONCE
    LOG_INFO(__FUNCTION__);
    INIT_ERROR_STATE

@@ -336,7 +352,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,

    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);

-    if (errStatus != 0) {
+    if (*errStatus != 0) {
        LOG_ERROR("sealHexSEK failed");
        goto clean;
    }
@@ -344,6 +360,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    SET_SUCCESS
    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -414,6 +431,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
    mpz_clear(seed);
    mpz_clear(skey);
    point_clear(Pkey);
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -480,7 +498,16 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
    mpz_clear(privateKeyMpz);
    point_clear(pKey);
    point_clear(pKey_test);
-    LOG_DEBUG("SGX call completed");
+
+    static uint64_t counter = 0;
+
+    if (counter % 1000 == 0) {
+        LOG_INFO(__FUNCTION__);
+        LOG_INFO("Thousand SGX calls completed");
+    }
+
+    counter++;
+
 }

 static uint64_t sigCounter = 0;
@@ -564,6 +591,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    mpz_clear(privateKeyMpz);
    mpz_clear(msgMpz);
    signature_free(sign);
+    LOG_DEBUG(__FUNCTION__ );
    LOG_DEBUG("SGX call completed");
 }

@@ -647,6 +675,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
    SET_SUCCESS
    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -730,6 +759,7 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
    SET_SUCCESS
    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -752,6 +782,7 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d

    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -772,6 +803,7 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
    SET_SUCCESS
    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -836,6 +868,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t

    clean:
    ;
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -912,6 +945,7 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
    clean:

    mpz_clear(s);
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -1013,6 +1047,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
    mpz_clear(bls_key);
    mpz_clear(sum);
    mpz_clear(q);
+    LOG_INFO(__FUNCTION__ );
    LOG_INFO("SGX call completed");
 }

@@ -1039,7 +1074,12 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
    CHECK_STATUS("could not calculate bls public key");

    SET_SUCCESS
+    static uint64_t counter = 0;
    clean:
-    ;
-    LOG_DEBUG("SGX call completed");
+    if (counter % 1000 == 0) {
+        LOG_INFO(__FUNCTION__);
+        LOG_INFO("Thousand SGX calls completed");
+    }
+
+    counter++;
 }
--- a/sgxwall.cpp
+++ b/sgxwall.cpp
@@ -49,7 +49,7 @@ void SGXWallet::printUsage() {
    cerr << "   -v  Verbose mode: turn on debug output\n";
    cerr << "   -vv Detailed verbose mode: turn on debug and trace outputs\n";
    cerr << "\nBackup, restore, update flags:\n\n";
-    cerr << "   -b  Restore from back up or software update. You will need to type in the backup key. \n";
+    cerr << "   -b  filename Restore from back up or software update. You will need to put backup key into a file in sgx_data dir. \n";
    cerr << "   -y  Do not ask user to acknowledge receipt of the backup key \n";
    cerr << "\nHTTPS flags:\n\n";
    cerr << "   -n  Launch sgxwallet using http. Default is to use https with a selg-signed server cert.  \n";

--- a/testw.cpp
+++ b/testw.cpp
@@ -95,6 +95,19 @@ public:
    }
 };

+class TestFixtureNoResetFromBackup {
+public:
+    TestFixtureNoResetFromBackup() {
+        setFullOptions(L_INFO, false, true, true );
+        initAll(L_INFO, false, true);
+    }
+
+    ~TestFixtureNoResetFromBackup() {
+        TestUtils::destroyEnclave();
+    }
+};
+
+
 class TestFixtureNoReset {
 public:
    TestFixtureNoReset() {
@@ -107,7 +120,6 @@ public:
    }
 };

-
 TEST_CASE_METHOD(TestFixture, "ECDSA AES keygen and signature test", "[ecdsa-aes-key-sig-gen]") {
    vector<char> errMsg(BUF_LEN, 0);
    int errStatus = 0;
@@ -439,7 +451,7 @@ TEST_CASE_METHOD(TestFixture, "Delete Bls Key", "[delete-bls-key]") {
 TEST_CASE_METHOD(TestFixture, "Backup Key", "[backup-key]") {
    HttpClient client(RPC_ENDPOINT);
    StubClient c(client, JSONRPC_CLIENT_V2);
-    std::ifstream sek_file("backup_key.txt");
+    std::ifstream sek_file("sgx_data/sgxwallet_backup_key.txt");
    REQUIRE(sek_file.good());

    std::string sek;
@@ -721,3 +733,6 @@ TEST_CASE_METHOD(TestFixture, "First run", "[first-run]") {

 TEST_CASE_METHOD(TestFixtureNoReset, "Second run", "[second-run]") {
 }
+
+TEST_CASE_METHOD(TestFixtureNoResetFromBackup, "Backup restore", "[backup-restore]") {
+}
--- a/testw.py
+++ b/testw.py
@@ -29,7 +29,8 @@ username = getpass.getuser()
 topDir = os.getcwd() + "/sgxwallet"
 print("Top directory is:" + topDir)
 testList = ["[first-run]",
-            "[second-run]", 
+            "[second-run]",
+            "[backup-restore]",
            "[cert-sign]",
            "[get-server-status]",
            "[get-server-version]",