Cherry-pick #3116 (#3122)

CHANGELOG.md

@@ -5,7 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+
+## [1.0.14]
+
+### Changed
+
+- Log more detailed errors on early startup (#3116).
 
 ### Added
 
@@ -955,6 +960,7 @@ Some discrepancies with the TR remain, and are being tracked under https://githu
 
 Initial pre-release
 
+[1.0.14]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.14
 [1.0.13]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.13
 [1.0.12]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.12
 [1.0.11]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.11

src/common/enclave_interface_types.h

@@ -21,6 +21,18 @@ enum CreateNodeStatus
 
   /** One of the input buffers is not located outside of the enclave memory */
   MemoryNotOutsideEnclave = 5,
+
+  /** Enclave initialisation failed */
+  EnclaveInitFailed = 6,
+
+  /** Open Enclave Verifier initialisation failed */
+  OEVerifierInitFailed = 7,
+
+  /** Open Enclave Attester initialisation failed */
+  OEAttesterInitFailed = 8,
+
+  /** OpenSSL RDRAND Init Failed */
+  OpenSSLRDRANDInitFailed = 9
 };
 
 constexpr char const* create_node_result_to_str(CreateNodeStatus result)
@@ -51,6 +63,22 @@ constexpr char const* create_node_result_to_str(CreateNodeStatus result)
     {
       return "MemoryNotOutsideEnclave";
     }
+    case CreateNodeStatus::EnclaveInitFailed:
+    {
+      return "EnclaveInitFailed";
+    }
+    case CreateNodeStatus::OEVerifierInitFailed:
+    {
+      return "OEVerifierInitFailed";
+    }
+    case CreateNodeStatus::OEAttesterInitFailed:
+    {
+      return "OEAttesterInitFailed";
+    }
+    case CreateNodeStatus::OpenSSLRDRANDInitFailed:
+    {
+      return "OpenSSLRDRANDInitFailed";
+    }
     default:
     {
       return "Unknown CreateNodeStatus";

src/ds/ccf_exception.h

@@ -47,4 +47,28 @@ namespace ccf
   private:
     std::string result;
   };
+
+  class ccf_oe_attester_init_error : public ccf_logic_error
+  {
+  public:
+    ccf_oe_attester_init_error(const std::string& what_arg) :
+      ccf_logic_error(what_arg)
+    {}
+  };
+
+  class ccf_oe_verifier_init_error : public ccf_logic_error
+  {
+  public:
+    ccf_oe_verifier_init_error(const std::string& what_arg) :
+      ccf_logic_error(what_arg)
+    {}
+  };
+
+  class ccf_openssl_rdrand_init_error : public ccf_logic_error
+  {
+  public:
+    ccf_openssl_rdrand_init_error(const std::string& what_arg) :
+      ccf_logic_error(what_arg)
+    {}
+  };
 };

src/enclave/enclave.h

@@ -98,7 +98,7 @@ namespace enclave
         ENGINE_set_default(rdrand_engine, ENGINE_METHOD_RAND) != 1)
       {
         ENGINE_free(rdrand_engine);
-        throw std::runtime_error(
+        throw ccf::ccf_openssl_rdrand_init_error(
           "could not initialize RDRAND engine for OpenSSL");
       }
 
@@ -176,7 +176,7 @@ namespace enclave
       {
         r = node->create(start_type, std::move(ccf_config_));
       }
-      catch (const std::runtime_error& e)
+      catch (const std::exception& e)
       {
         LOG_FAIL_FMT("Error starting node: {}", e.what());
         return false;

src/enclave/main.cpp

@@ -2,6 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #include "ccf/version.h"
 #include "common/enclave_interface_types.h"
+#include "ds/ccf_exception.h"
 #include "ds/json.h"
 #include "ds/logger.h"
 #include "ds/spin_lock.h"
@@ -143,13 +144,29 @@ extern "C"
 #ifdef DEBUG_CONFIG
     reserved_memory = new uint8_t[ec->debug_config.memory_reserve_startup];
 #endif
+    enclave::Enclave* enclave;
 
-    auto enclave = new enclave::Enclave(
-      ec,
-      cc.signature_intervals,
-      consensus_type,
-      cc.consensus_config,
-      cc.curve_id);
+    try
+    {
+      enclave = new enclave::Enclave(
+        ec, cc.signature_intervals, consensus_type, cc.consensus_config, cc.curve_id);
+    }
+    catch (const ccf::ccf_oe_attester_init_error&)
+    {
+      return CreateNodeStatus::OEAttesterInitFailed;
+    }
+    catch (const ccf::ccf_oe_verifier_init_error&)
+    {
+      return CreateNodeStatus::OEVerifierInitFailed;
+    }
+    catch (const ccf::ccf_openssl_rdrand_init_error&)
+    {
+      return CreateNodeStatus::OpenSSLRDRANDInitFailed;
+    }
+    catch (const std::exception&)
+    {
+      return CreateNodeStatus::EnclaveInitFailed;
+    }
 
     if (!enclave->create_new_node(
           start_type,

src/node/quote.h

@@ -11,6 +11,7 @@
 #  include "network_tables.h"
 #  include "node/rpc/node_interface.h"
 #  include "quote_info.h"
+#  include "ds/ccf_exception.h"
 
 #  include <openenclave/attestation/attester.h>
 #  include <openenclave/attestation/custom_claims.h>
@@ -215,14 +216,14 @@ namespace ccf
       auto rc = oe_attester_initialize();
       if (rc != OE_OK)
       {
-        throw std::logic_error(fmt::format(
+        throw ccf::ccf_oe_attester_init_error(fmt::format(
           "Failed to initialise evidence attester: {}", oe_result_str(rc)));
       }
 
       rc = oe_verifier_initialize();
       if (rc != OE_OK)
       {
-        throw std::logic_error(fmt::format(
+        throw ccf::ccf_oe_verifier_init_error(fmt::format(
           "Failed to initialise evidence verifier: {}", oe_result_str(rc)));
       }
     }