Merge #1073

1073: Problem: duplicate storage between chain-abci and tx-validation app (fixes #866) r=tomtau a=tomtau

Solution: as a part of ADR-001: https://github.com/crypto-com/chain/blob/master/architecture-docs/adr-001.md
- tx-validation-app moved to chain-abci
- chain-abci build process expanded to handle SGX SDK steps for C stubs -- on non-Linux systems, it'd display a warning and compile the mock version
- tx-validation-app SGX unit test moved to chain-abci under a "sgx-test" feature flag
- tx-query-app test removed (it was a kind of "mini-integration" / functionality test that assumed a lot of old behaviour, and all of this is now tested in integration tests)
- enclave-bridge takes "intra enclave" requests that are passed directly to the ecalls and returns the response
- ZMQ server started in chain-abci in a separate thread to handle tx-query requests (note: tx-query was out of scope of ADR-001, as it doesn't have any storage -- its future is TBD depending on audit feedback etc.)
- redundant enclave protocol variants removed
- "readonly" storage version provided for serving tx-query requests -- rocksdb/kvdb is thread-safe... zmq server then takes the latest chain state or sealed transactions directly -- note: some fixes related to fees, enclave protocol etc. (other steps of ADR-001) would be addressed in a separate PR
- chain-abci storage expanded with one column for sealed transaction payloads
- integration test building and environment preparation updated

note: Makefile + chain-docs aren't updated yet / would be addressed in separate PRs


Co-authored-by: Tomas Tauber <[email protected]>

.drone.yml

@@ -7,17 +7,6 @@ platform:
   arch: amd64
 
 steps:
-- name: restore-cache
-  image: drillster/drone-volume-cache
-  volumes:
-  - name: cache
-    path: /cache
-  settings:
-    restore: true
-    # ttl: 1
-    mount:
-      - ./drone
-
 - name: build
   image: cryptocom/chain-test:latest
   pull: if-not-exists
@@ -70,17 +59,6 @@ steps:
   - LD_LIBRARY_PATH=/opt/intel/libsgx-enclave-common/aesm /opt/intel/libsgx-enclave-common/aesm/aesm_service
   - ./integration-tests/run_multinode.sh
 
-- name: rebuild-cache
-  image: drillster/drone-volume-cache
-  volumes:
-  - name: cache
-    path: /cache
-  settings:
-    rebuild: true
-    # ttl: 1
-    mount:
-      - ./drone
-
 - name: teardown
   image: cryptocom/chain-test:latest
   pull: if-not-exists
@@ -92,9 +70,6 @@ steps:
       - failure
 
 volumes:
-  - name: cache
-    host:
-      path: /tmp/drone-cache
   - name: sgx
     host:
       path: /dev/sgx
@@ -138,44 +113,8 @@ trigger:
   event:
   - push
 
----
-kind: pipeline
-type: exec
-name: sgx-cargo-1804-hw2
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: Build and Test
-  environment:
-    SPID:
-      from_secret: SPID
-    IAS_API_KEY:
-      from_secret: IAS_API_KEY
-  commands:
-  - ls -l /dev/sgx
-  - ls -l /var/run/aesmd/aesm.socket
-  - docker run --name hw2-${DRONE_COMMIT_SHA} --rm --env SPID=$SPID --env IAS_API_KEY=$IAS_API_KEY -v $PWD:/chain --device /dev/sgx cryptocom/chain:latest /bin/bash /chain/ci-scripts/tx-query-hw-test.sh
-- name: Teardown
-  commands:
-   - docker stop hw2-${DRONE_COMMIT_SHA} || exit 0
-  when:
-    status:
-      - success
-      - failure
-
-trigger:
-  branch:
-  - master
-  - staging
-  - trying
-  event:
-  - push
-
 ---
 kind: signature
-hmac: 4ffc692e5e8f67c7eb37a5f594e7bbb0edc78959d19547613c87b95021ad1331
+hmac: 711400689fced0ffba34c8f2c2029123026ea75b7c0c7a37b4e0b02d5859bb98
 
 ...

.gitignore

@@ -34,3 +34,5 @@ id_ecdsa
 # integration tests temparary artifacts
 /integration-tests/*.so
 /integration-tests/bot/.venv
+
+**/chain-abci/Enclave_u.*

.travis.yml

@@ -1,7 +1,7 @@
 clean_cache: &clean_cache
   language: rust
   sudo: required
-  dist: trusty
+  dist: xenial
   if: type = cron
   cache:
     directories: # cargo caching from https://docs.travis-ci.com/user/caching/#rust-cargo-cache
@@ -22,7 +22,7 @@ clean_cache: &clean_cache
 rust: &rust
   language: rust
   sudo: required
-  dist: trusty
+  dist: xenial
   addons:
     apt:
       packages:
@@ -34,6 +34,7 @@ rust: &rust
         - gcc
         - binutils-dev
         - libc6-dev
+        - libzmq3-dev
   cache:
     directories:
       - $HOME/.cargo
@@ -47,11 +48,13 @@ rust: &rust
   env:
     - RUST_BACKTRACE=1
     - RUSTFLAGS="-Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3 -D warnings"
-    - PATH=$HOME/.local/bin:$PATH
-    - LD_LIBRARY_PATH=$HOME/lib
-    - PKG_CONFIG_PATH=$HOME/lib/pkgconfig
+    - PATH=$HOME/.local/bin:$PATH:/opt/sgxsdk/bin/x64
+    - LD_LIBRARY_PATH=$HOME/lib:/opt/sgxsdk/sdk_libs
+    - PKG_CONFIG_PATH=$HOME/lib/pkgconfig:/opt/sgxsdk/pkgconfig
+    - SGX_SDK=/opt/sgxsdk
+    - SGX_MODE=SW
   before_install: # versions from https://github.com/erickt/rust-zmq/blob/master/.travis.yml
-    - ./ci-scripts/install_zeromq.sh
+    - ./ci-scripts/install_sgxsdk.sh
     - |
       if [[ "$TRAVIS_RUST_VERSION" == nightly ]]; then
         ./ci-scripts/install_kcov.sh 
@@ -77,6 +80,12 @@ rust: &rust
     if [[ "$TRAVIS_RUST_VERSION" == nightly ]]; then
       # a small hack, as kcov doesn't have an option to only build default members
       sed 's/"chain-tx-enclave/#"chain-tx-enclave/g' -i Cargo.toml;
+      # more hacks for kcov :(
+      sed 's/default = \[\]/default = \["mock-validation"\]/g' -i chain-abci/Cargo.toml;
+      sed 's/sgx/#sgx/g' -i chain-abci/Cargo.toml;
+      sed 's/enclave-u-common/#enclave-u-common/g' -i chain-abci/Cargo.toml;
+      sed 's/CARGO/_CARGO/g' -i chain-abci/build.rs;
+
       travis_wait 30 cargo kcov --all;
       bash <(curl -s https://codecov.io/bash);
     fi

CHANGELOG.md

@@ -7,10 +7,12 @@
 * client uses argon2 function for its internal storage key derivation.
 * *client* [976](https://github.com/crypto-com/chain/pull/976) Missing MultiSig pubkey methods in ClientRPC and ClientCLI
  -- Rename client-rpc method `wallet_newMultiSigAddressPublicKey` to  `multiSig_newAddressPublicKey`
+* ADR-001: tx-validation-app subsumed by chain-abci and sealed transaction payloads are stored in chain-abci's storage
 ...
 
 ### Bug Fixes
 * *client* [969](https://github.com/crypto-com/chain/pull/969): client-cli incorrect fee display in history
+* *chain-abci* [1008](https://github.com/crypto-com/chain/pull/1008):  unbonded or unjailed validator cannot rejoin the validator set 
 
 *January 3, 2020*
 

Cargo.toml

@@ -14,7 +14,6 @@ members = [
     "test-common",
     "dev-utils",
     "enclave-protocol",
-    "chain-tx-enclave/tx-validation/app",
     "chain-tx-enclave/tx-validation/enclave",
     "chain-tx-enclave/tx-query/app",
     "chain-tx-enclave/tx-query/enclave",

chain-abci/Cargo.toml

@@ -10,6 +10,7 @@ edition = "2018"
 mock-enc-dec = []
 mock-validation = []
 default = []
+sgx-test = []
 
 [dependencies]
 abci = "0.6"
@@ -37,8 +38,16 @@ structopt = "0.3"
 secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "0125097a7bf6f939db0ce52e49803c5e0312bf5e", features = ["recovery", "endomorphism"] }
 blake2 = "0.8"
 parity-scale-codec = { features = ["derive"], version = "1.1" }
+
+[target.'cfg(target_os = "linux")'.dependencies]
+enclave-u-common = { path = "../chain-tx-enclave/enclave-u-common" }
+sgx_types = { rev = "v1.1.0", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_urts = { rev = "v1.1.0", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 zmq = "0.9"
 
+[build-dependencies]
+cc = "1.0"
+
 [dev-dependencies]
 quickcheck = "0.9"
 # TODO: currently not maintained benchmarks

chain-abci/build.rs

@@ -0,0 +1,60 @@
+use std::env;
+use std::path::Path;
+use std::process::Command;
+
+fn main() {
+    match env::var("CARGO_CFG_TARGET_OS").as_ref() {
+        Ok(os) if os == "linux" => {
+            let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string());
+            if !Path::new(&sdk_dir).exists() {
+                println!("cargo:warning=\"SGX SDK not found\"");
+            } else {
+                let is_sim = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());
+
+                #[cfg(target_arch = "x86")]
+                let edger8r = format!("{}/bin/x86/sgx_edger8r", sdk_dir);
+                #[cfg(not(target_arch = "x86"))]
+                let edger8r = format!("{}/bin/x64/sgx_edger8r", sdk_dir);
+
+                Command::new(edger8r)
+                    .args(&[
+                        "--untrusted",
+                        "../chain-tx-enclave/tx-validation/enclave/Enclave.edl",
+                        "--search-path",
+                        &format!("{}/include", sdk_dir),
+                        "--search-path",
+                        "../chain-tx-enclave/rust-sgx-sdk/edl",
+                        "--untrusted-dir",
+                        ".",
+                    ])
+                    .status()
+                    .unwrap();
+
+                cc::Build::new()
+                    .file("Enclave_u.c")
+                    .include(&format!("{}/include", sdk_dir))
+                    .include("../chain-tx-enclave/rust-sgx-sdk/edl")
+                    .compile("enclave.a");
+
+                #[cfg(target_arch = "x86")]
+                println!("cargo:rustc-link-search=native={}/lib", sdk_dir);
+                #[cfg(not(target_arch = "x86"))]
+                println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
+
+                match is_sim.as_ref() {
+                    "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"),
+                    _ => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // default to HW
+                }
+
+                println!(
+                    "cargo:rerun-if-changed=../chain-tx-enclave/tx-validation/enclave/Enclave.edl"
+                );
+            }
+        }
+        _ => {
+            println!(
+                "cargo:warning=\"Enclave compilation and execution is only supported on Linux\""
+            );
+        }
+    }
+}