leejw51crypto · leejw51 · Jan 7, 2020 · Jan 3, 2020 · Jan 7, 2020 · Jan 7, 2020
@@ -13,12 +13,23 @@ members = [
     "test-common",
     "dev-utils",
     "enclave-protocol",
-]
-
-exclude = [
-    # currently only work on nightly + have a different build process
     "chain-tx-enclave/tx-validation/app",
     "chain-tx-enclave/tx-validation/enclave",
     "chain-tx-enclave/tx-query/app",
-    "chain-tx-enclave/tx-query/enclave"
+    "chain-tx-enclave/tx-query/enclave",
+]
+
+default-members = [
+    "chain-abci",
+    "chain-core",
+    "chain-tx-filter",
+    "chain-tx-validation",
+    "client-cli",
+    "client-common",
+    "client-core",
+    "client-network",
+    "client-rpc",
+    "test-common",
+    "dev-utils",
+    "enclave-protocol",
 ]
@@ -381,6 +381,29 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
             let data = last_app_state.to_vec();
             let last_state =
                 ChainNodeState::decode(&mut data.as_slice()).expect("deserialize app state");
+
+            // if tx-query address wasn't provided first time,
+            // then it shouldn't be provided on another run, and vice versa
+            let last_stored_height = storage
+                .db
+                .get(
+                    COL_APP_STATES,
+                    &i64::encode_var_vec(last_state.last_block_height),
+                )
+                .expect("app last block height look up");
+
+            if last_stored_height.is_some() {
+                info!("historical data is stored");
+                if tx_query_address.is_none() {
+                    panic!("tx-query address is needed, or delete chain-abci data and tx-validation data before run");
+                }
+            } else {
+                info!("no historical data is stored");
+                if tx_query_address.is_some() {
+                    panic!("tx-query address is not needed, or delete chain-abci data and tx-validation data before run");
+                }
+            }
+
             // TODO: genesis app hash check when embedded in enclave binary
             let enclave_sanity_check = tx_validator.process_request(EnclaveRequest::CheckChain {
                 chain_hex_id,

@@ -14,7 +14,7 @@ use crate::common::H264;
 
 /// What can be access in TX -- TODO: revisit when enforced by HW encryption / enclaves
 /// TODO: custom Encode/Decode when data structures are finalized (for backwards/forwards compatibility, encoders/decoders should be able to work with old formats)
-#[derive(Debug, PartialEq, Eq, Clone, Encode, Decode)]
+#[derive(Debug, PartialEq, Eq, Clone, Encode, Decode, PartialOrd, Ord)]
 #[cfg_attr(not(feature = "mesalock_sgx"), derive(Serialize, Deserialize))]
 pub enum TxAccess {
     AllData,
@@ -31,7 +31,7 @@ impl Default for TxAccess {
 }
 
 /// Specifies who can access what -- TODO: revisit when enforced by HW encryption / enclaves
-#[derive(Debug, PartialEq, Eq, Clone)]
+#[derive(Debug, PartialEq, Eq, Clone, PartialOrd, Ord)]
 #[cfg_attr(not(feature = "mesalock_sgx"), derive(Serialize, Deserialize))]
 pub struct TxAccessPolicy {
     #[cfg_attr(

@@ -1,20 +1,5 @@
-**/target/
-**/*.rs.bk
-.vscode
-.DS_Store
-
-**/lib/libEnclave_u.*
-**/lib/libcompiler-rt-patch.a
-**/lib/libenclave.a
-**/bin/tx-validation-app
-**/bin/enclave.signed.so
-**/bin/tx-query-app
 **/enclave/Enclave_t.*
-**/enclave/enclave.so
 **/app/Enclave_u.*
-**/app/libEnclave_u.*
 
 rust-sgx-sdk/compiler-rt/libcompiler-rt-patch.a
 rust-sgx-sdk/compiler-rt/muloti4.o
-
-enclave-u-common/Cargo.lock
@@ -0,0 +1,120 @@
+# Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#  * Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#  * Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#  * Neither the name of Baidu, Inc., nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+# Modifications Copyright 2019 Foris Limited (licensed under the Apache License, Version 2.0)
+
+######## Update SGX SDK ########
+# include ../UpdateRustSGXSDK.mk
+######## SGX SDK Settings ########
+
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= SW
+SGX_ARCH ?= x64
+SGX_DEBUG ?= 1
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+else
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+endif
+
+CARGO_FLAGS :=
+ifeq ($(SGX_DEBUG), 1)
+	OUTPUT_PATH := debug
+else
+	OUTPUT_PATH := release
+	CARGO_FLAGS += --release
+endif
+
+ifeq ($(SGX_TEST), 1)
+	CARGO_FLAGS += --features "sgx-test"
+endif
+
+######## Enclave Files ############
+CARGO_TARGET_DIR ?= ../../target
+Enclave_Static_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/lib$(Enclave_Name).a
+Enclave_Shared_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/lib$(Enclave_Name).so
+Enclave_Signed_Lib := $(CARGO_TARGET_DIR)/$(OUTPUT_PATH)/$(Enclave_Name).signed.so
+
+######## Compiler Flags ########
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+KeyExchange_Library_Name := sgx_tkey_exchange
+ProtectedFs_Library_Name := sgx_tprotected_fs
+
+Compiler_RT_Lib := ../rust-sgx-sdk/compiler-rt/libcompiler-rt-patch.a
+RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tcxx -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) \
+   	$(Compiler_RT_Lib) $(Enclave_Static_Lib) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--defsym,__ImageBase=0 \
+	-Wl,--gc-sections \
+	-Wl,--version-script=enclave/Enclave.lds
+
+.PHONY: all
+all: $(Enclave_Signed_Lib)
+
+$(Enclave_Shared_Lib): $(Enclave_Static_Lib) $(Compiler_RT_Lib)
+	@$(CXX) -o $@ $(RustEnclave_Link_Flags)
+	@echo "LINK =>  $@"
+
+$(Enclave_Signed_Lib): $(Enclave_Shared_Lib)
+	@$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $< -out $@ -config enclave/Enclave.config.xml
+	@echo "SIGN => $@"
+
+$(Enclave_Static_Lib): FORCE
+	@cd ./enclave/ && cargo build ${CARGO_FLAGS}
+	@echo "CARGO => $@"
+
+$(Compiler_RT_Lib):
+	$(MAKE) -C ../rust-sgx-sdk/compiler-rt
+
+.PHONY: clean
+clean:
+	@rm -f $(Enclave_Shared_Lib) $(Enclave_Signed_Lib)
+	$(MAKE) -C ../rust-sgx-sdk/compiler-rt clean
+
+FORCE:
@@ -1,5 +1,5 @@
 extern crate proc_macro;
-	
+
 use proc_macro::TokenStream;
 #[proc_macro]
 pub fn get_network_id(_input: TokenStream) -> TokenStream {
@@ -10,4 +10,4 @@ pub fn get_network_id(_input: TokenStream) -> TokenStream {
 pub fn mock_key(_input: TokenStream) -> TokenStream {
     let random_bytes: [u8; 16] = rand::random();
     format!("{:?}", random_bytes).parse().unwrap()
-}
+}
@@ -60,6 +60,8 @@ where
             return None;
         }
         let opt = unsafe {
+            // TODO check alignment correctness
+            #[allow(clippy::cast_ptr_alignment)]
             SgxSealedData::<[u8]>::from_raw_sealed_data_t(
                 sealed_log.as_mut_ptr() as *mut sgx_sealed_data_t,
                 sealed_log.len() as u32,

@@ -31,10 +31,8 @@
 use sgx_types::*;
 use sgx_urts::SgxEnclave;
 
-static ENCLAVE_FILE: &'static str = "enclave.signed.so";
-
 /// returns the initialized enclave
-pub fn init_enclave(debug: bool) -> SgxResult<SgxEnclave> {
+pub fn init_enclave(name: &str, debug: bool) -> SgxResult<SgxEnclave> {
     // call sgx_create_enclave to initialize an enclave instance
     // Debug Support: set 2nd parameter to 1
     let debug = if debug { 1 } else { 0 };
@@ -43,11 +41,5 @@ pub fn init_enclave(debug: bool) -> SgxResult<SgxEnclave> {
         misc_select: 0,
     };
     // TODO: remove the launch token-related args when they are removed from SDK
-    SgxEnclave::create(
-        ENCLAVE_FILE,
-        debug,
-        &mut [0; 1024],
-        &mut 0,
-        &mut misc_attr,
-    )
+    SgxEnclave::create(name, debug, &mut [0; 1024], &mut 0, &mut misc_attr)
 }
@@ -18,8 +18,8 @@ ENV APP_PORT=25944
 
 COPY . .
 
-RUN ./chain-tx-enclave/tx-query/make.sh
+RUN ./chain-tx-enclave/tx-query/make.sh && cp ./chain-tx-enclave/tx-query/entrypoint.sh ./target/debug/
 
-WORKDIR /root/chain-tx-enclave/tx-query/bin
+WORKDIR ./target/debug
 
-CMD ["../entrypoint.sh"]
+CMD ["./entrypoint.sh"]