From 4cb4955bfd72f18d064676e84a2f7c4366b8e59d Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Thu, 21 Oct 2021 13:12:48 +0000 Subject: [PATCH 01/13] Disable BFT by default --- .azure-pipelines-templates/daily-matrix.yml | 4 ++-- .ycm_extra_conf.py | 1 - cmake/common.cmake | 2 +- doc/overview/consensus/bft.rst | 4 ++-- doc/overview/consensus/index.rst | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.azure-pipelines-templates/daily-matrix.yml b/.azure-pipelines-templates/daily-matrix.yml index d49f3581fcd..3f15f485543 100644 --- a/.azure-pipelines-templates/daily-matrix.yml +++ b/.azure-pipelines-templates/daily-matrix.yml @@ -49,7 +49,7 @@ jobs: parameters: target: SGX env: "${{ parameters.env.SGX }}" - cmake_args: "${{ parameters.build.common.cmake_args }} -DTLS_TEST=ON -DSHUFFLE_SUITE=ON -DENABLE_BFT=OFF" + cmake_args: "${{ parameters.build.common.cmake_args }} -DTLS_TEST=ON -DSHUFFLE_SUITE=ON" suffix: "Release" artifact_name: "SGX_Release" ctest_filter: '-LE "benchmark|perf|rotation"' @@ -58,7 +58,7 @@ jobs: parameters: target: SGXIceLake env: "${{ parameters.env.SGXIceLake }}" - cmake_args: "${{ parameters.build.common.cmake_args }} -DTLS_TEST=ON -DSHUFFLE_SUITE=ON -DENABLE_BFT=OFF" + cmake_args: "${{ parameters.build.common.cmake_args }} -DTLS_TEST=ON -DSHUFFLE_SUITE=ON" suffix: "Release" artifact_name: "SGX_IceLake_Release" ctest_filter: '-LE "benchmark|perf|rotation"' diff --git a/.ycm_extra_conf.py b/.ycm_extra_conf.py index 82a95afe4ab..f4b6bf64deb 100644 --- a/.ycm_extra_conf.py +++ b/.ycm_extra_conf.py @@ -22,7 +22,6 @@ '-fexceptions', '-x', 'c++', -'-DENABLE_BFT', '-D_FORTIFY_SOURCE=2', '-DINSIDE_ENCLAVE', '-DVIRTUAL_ENCLAVE', diff --git a/cmake/common.cmake b/cmake/common.cmake index 92de5079587..ae3695bbc34 100644 --- a/cmake/common.cmake +++ b/cmake/common.cmake @@ -51,7 +51,7 @@ option(COVERAGE "Enable coverage mapping" OFF) option(SHUFFLE_SUITE "Shuffle end to end test suite" OFF) option(LONG_TESTS "Enable long end-to-end tests" OFF) -option(ENABLE_BFT "Enable experimental BFT consensus at compile time" ON) +option(ENABLE_BFT "Enable experimental BFT consensus at compile time" OFF) if(ENABLE_BFT) add_compile_definitions(ENABLE_BFT) endif() diff --git a/doc/overview/consensus/bft.rst b/doc/overview/consensus/bft.rst index d4399847e21..09df8287433 100644 --- a/doc/overview/consensus/bft.rst +++ b/doc/overview/consensus/bft.rst @@ -1,12 +1,12 @@ Byzantine Fault Tolerance ========================= -Below we discuss the reconfiguration as implemented for the BFT setting. Technically the two-transaction scheme is not specific to BFT. In fact, Ongardie and Ousterhout also described a two-transaction reconfiguration mechanism for Raft. As such, the two-transaction scheme as described below could also be used in CFT. However in BFT, the following properties are desirable: +Below we discuss the reconfiguration as implemented for the BFT setting. Technically the two-transaction scheme is not specific to BFT. In fact, Ongaro and Ousterhout also described a two-transaction reconfiguration mechanism for Raft. As such, the two-transaction scheme as described below could also be used in CFT. However in BFT, the following properties are desirable: 1. A reconfiguration only starts when the reconfiguration transaction is committed, so a reconfiguration attempt can never roll back. 2. Reconfigurations are atomic. This creates room for additional conditions, such as checking that the byzantine reconfiguration (a multiple transaction protocol) is complete before proceeding to the new configuration. -BFT is still under development and should not be enabled in a production environment. There is an open research question of `node identity with Byzantine nodes `_. +BFT is under development and should not be enabled in a production environment. There is an open research question of `node identity with Byzantine nodes `_. Two-transaction Reconfiguration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/overview/consensus/index.rst b/doc/overview/consensus/index.rst index 050db3a1fc1..4d7feb5f4c5 100644 --- a/doc/overview/consensus/index.rst +++ b/doc/overview/consensus/index.rst @@ -19,7 +19,7 @@ CFT parameters can be configured when starting up a network (see :doc:`here `. There is an open research question of `node identity with Byzantine nodes `_. From 296b5e0e00278569fff2462d2fc8a8ef9acfd6ec Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Thu, 21 Oct 2021 20:01:02 +0000 Subject: [PATCH 02/13] Add specific return codes for some error types --- src/common/enclave_interface_types.h | 12 ++++++++++++ src/ds/ccf_exception.h | 24 ++++++++++++++++++++++++ src/enclave/enclave.h | 2 +- src/enclave/main.cpp | 25 +++++++++++++++++++++++-- src/enclave/oe_init.h | 5 +++-- 5 files changed, 63 insertions(+), 5 deletions(-) diff --git a/src/common/enclave_interface_types.h b/src/common/enclave_interface_types.h index a6a3cdd2c15..d8d0af4ed25 100644 --- a/src/common/enclave_interface_types.h +++ b/src/common/enclave_interface_types.h @@ -21,6 +21,18 @@ enum CreateNodeStatus /** One of the input buffers is not located outside of the enclave memory */ MemoryNotOutsideEnclave = 5, + + /** Enclave initialisation failed */ + EnclaveInitFailed = 6, + + /** Open Enclave Verifier initialisation failed */ + OEVerifierInitFailed = 7, + + /** Open Enclave Attester initialisation failed */ + OEAttesterInitFailed = 8, + + /** OpenSSL RDRAND Init Failed */ + OpenSSLRDRANDInitFailed = 9 }; constexpr char const* create_node_result_to_str(CreateNodeStatus result) diff --git a/src/ds/ccf_exception.h b/src/ds/ccf_exception.h index a386f42ba6a..1c4f49de114 100644 --- a/src/ds/ccf_exception.h +++ b/src/ds/ccf_exception.h @@ -31,4 +31,28 @@ namespace ccf private: std::string result; }; + + class ccf_oe_attester_init_error : public ccf_logic_error + { + public: + ccf_oe_attester_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; + + class ccf_oe_verifier_init_error : public ccf_logic_error + { + public: + ccf_oe_verifier_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; + + class ccf_openssl_rdrand_init_error : public ccf_logic_error + { + public: + ccf_openssl_rdrand_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; }; diff --git a/src/enclave/enclave.h b/src/enclave/enclave.h index d32cb4abd86..c4160ac4b79 100644 --- a/src/enclave/enclave.h +++ b/src/enclave/enclave.h @@ -98,7 +98,7 @@ namespace enclave ENGINE_set_default(rdrand_engine, ENGINE_METHOD_RAND) != 1) { ENGINE_free(rdrand_engine); - throw std::runtime_error( + throw ccf::ccf_openssl_rdrand_init_error( "could not initialize RDRAND engine for OpenSSL"); } diff --git a/src/enclave/main.cpp b/src/enclave/main.cpp index 3a2c0de607d..0aa03a71f6b 100644 --- a/src/enclave/main.cpp +++ b/src/enclave/main.cpp @@ -2,6 +2,7 @@ // Licensed under the Apache 2.0 License. #include "ccf/version.h" #include "common/enclave_interface_types.h" +#include "ds/ccf_exception.h" #include "ds/json.h" #include "ds/logger.h" #include "enclave.h" @@ -143,9 +144,29 @@ extern "C" #ifdef DEBUG_CONFIG reserved_memory = new uint8_t[ec->debug_config.memory_reserve_startup]; #endif + enclave::Enclave* enclave; - auto enclave = new enclave::Enclave( - ec, cc.signature_intervals, cc.consensus_config, cc.curve_id); + try + { + enclave = new enclave::Enclave( + ec, cc.signature_intervals, cc.consensus_config, cc.curve_id); + } + catch (const ccf::ccf_oe_attester_init_error&) + { + return CreateNodeStatus::OEAttesterInitFailed; + } + catch (const ccf::ccf_oe_verifier_init_error&) + { + return CreateNodeStatus::OEVerifierInitFailed; + } + catch (const ccf::ccf_openssl_rdrand_init_error&) + { + return CreateNodeStatus::OpenSSLRDRANDInitFailed; + } + catch (const std::exception&) + { + return CreateNodeStatus::EnclaveInitFailed; + } if (!enclave->create_new_node( start_type, diff --git a/src/enclave/oe_init.h b/src/enclave/oe_init.h index 6bd4025684e..67f85c69916 100644 --- a/src/enclave/oe_init.h +++ b/src/enclave/oe_init.h @@ -7,6 +7,7 @@ #else # include #endif +#include "ds/ccf_exception.h" namespace ccf { @@ -17,7 +18,7 @@ namespace ccf auto rc = oe_attester_initialize(); if (rc != OE_OK) { - throw std::logic_error(fmt::format( + throw std::ccf_oe_attester_init_error(fmt::format( "Failed to initialise evidence attester: {}", oe_result_str(rc))); } } @@ -26,7 +27,7 @@ namespace ccf auto rc = oe_verifier_initialize(); if (rc != OE_OK) { - throw std::logic_error(fmt::format( + throw ccf::ccf_oe_verifier_init_error(fmt::format( "Failed to initialise evidence verifier: {}", oe_result_str(rc))); } } From 4a6f387be6a7fe778844f62d9a9017665cc2a489 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 08:13:35 +0000 Subject: [PATCH 03/13] . --- src/enclave/oe_init.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/enclave/oe_init.h b/src/enclave/oe_init.h index 67f85c69916..9fc60e551e1 100644 --- a/src/enclave/oe_init.h +++ b/src/enclave/oe_init.h @@ -18,7 +18,7 @@ namespace ccf auto rc = oe_attester_initialize(); if (rc != OE_OK) { - throw std::ccf_oe_attester_init_error(fmt::format( + throw ccf::ccf_oe_attester_init_error(fmt::format( "Failed to initialise evidence attester: {}", oe_result_str(rc))); } } From 53c7611264dfd9edca490badcada9e4c19359b97 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 08:20:40 +0000 Subject: [PATCH 04/13] . --- src/common/enclave_interface_types.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/common/enclave_interface_types.h b/src/common/enclave_interface_types.h index d8d0af4ed25..94b68f0e923 100644 --- a/src/common/enclave_interface_types.h +++ b/src/common/enclave_interface_types.h @@ -63,6 +63,22 @@ constexpr char const* create_node_result_to_str(CreateNodeStatus result) { return "MemoryNotOutsideEnclave"; } + case CreateNodeStatus::EnclaveInitFailed: + { + return "EnclaveInitFailed"; + } + case CreateNodeStatus::OEVerifierInitFailed: + { + return "OEVerifierInitFailed"; + } + case CreateNodeStatus::OEAttesterInitFailed: + { + return "OEAttesterInitFailed"; + } + case CreateNodeStatus::OpenSSLRDRANDInitFailed: + { + return "OpenSSLRDRANDInitFailed"; + } default: { return "Unknown CreateNodeStatus"; From 645895c2178d60b6604776f63a42d75d7ae1fbc0 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 08:57:49 +0000 Subject: [PATCH 05/13] . --- js/ccf-app/package.json | 2 +- tests/npm-app/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/js/ccf-app/package.json b/js/ccf-app/package.json index 7cf7a71105f..da310c38bde 100644 --- a/js/ccf-app/package.json +++ b/js/ccf-app/package.json @@ -30,6 +30,6 @@ "serve": "^11.3.2", "ts-node": "^9.1.1", "typedoc": "^0.20.34", - "typescript": "4.2.4" + "typescript": "^4.2.4" } } diff --git a/tests/npm-app/package.json b/tests/npm-app/package.json index 57a41b7ca9c..2210febe1da 100644 --- a/tests/npm-app/package.json +++ b/tests/npm-app/package.json @@ -23,6 +23,6 @@ "http-server": "^0.13.0", "rollup": "^2.41.0", "tslib": "^2.0.1", - "typescript": "4.2.4" + "typescript": "^4.2.4" } } From 2c8a6fde27c8cff398213bc0e993d330d64b6e33 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 09:13:13 +0000 Subject: [PATCH 06/13] . --- doc/conf.py | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/conf.py b/doc/conf.py index 43186b6e0ec..27d8eef220e 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -326,7 +326,6 @@ def config_inited(app, config): if app.config.smv_metadata_path: os.environ['SMV_METADATA_PATH'] = app.config.smv_metadata_path os.environ['SMV_CURRENT_VERSION'] = app.config.smv_current_version - subprocess.run(["sed", "-i", "s/\^4.2.3/4.2.4/g", "package.json"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "install", "--no-package-lock", "--no-audit", "--no-fund"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "run", "docs", "--", "--out", str(js_docs_dir)], From 0dccdf85335af0a203ea79bc2f00f835b6109dcd Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 09:37:30 +0000 Subject: [PATCH 07/13] . --- doc/conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/conf.py b/doc/conf.py index 27d8eef220e..a7a49c988c1 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -326,6 +326,7 @@ def config_inited(app, config): if app.config.smv_metadata_path: os.environ['SMV_METADATA_PATH'] = app.config.smv_metadata_path os.environ['SMV_CURRENT_VERSION'] = app.config.smv_current_version + subprocess.run(["sed", "-i", "s/4.2.4/\^4.2.4/g", "package.json"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "install", "--no-package-lock", "--no-audit", "--no-fund"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "run", "docs", "--", "--out", str(js_docs_dir)], From 2c1f6c71ee8ed3e2b07351aa7e175d04cb1f51d3 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 09:59:09 +0000 Subject: [PATCH 08/13] scrub --- .azure-pipelines-templates/common.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azure-pipelines-templates/common.yml b/.azure-pipelines-templates/common.yml index 90f11cd7989..340acbda4f0 100644 --- a/.azure-pipelines-templates/common.yml +++ b/.azure-pipelines-templates/common.yml @@ -8,6 +8,8 @@ jobs: steps: - script: | sudo rm -rf build + rm -rf tests/npm-app/package-lock.json + rm -rf tests/npm-app/node_modules displayName: "Cleanup" - checkout: self From fec28ebe45a395f5b74fa58cd939d8963d9133d3 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 10:08:41 +0000 Subject: [PATCH 09/13] . --- doc/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/conf.py b/doc/conf.py index a7a49c988c1..42f89b662bb 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -326,7 +326,7 @@ def config_inited(app, config): if app.config.smv_metadata_path: os.environ['SMV_METADATA_PATH'] = app.config.smv_metadata_path os.environ['SMV_CURRENT_VERSION'] = app.config.smv_current_version - subprocess.run(["sed", "-i", "s/4.2.4/\^4.2.4/g", "package.json"], cwd=js_pkg_dir, check=True) + subprocess.run(["sed", "-i", "s/\"4.2.4\"/\"\^4.2.4\"/g", "package.json"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "install", "--no-package-lock", "--no-audit", "--no-fund"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "run", "docs", "--", "--out", str(js_docs_dir)], From 2f45f12085e77d3daea7c093c844f0581eda4bdb Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 14:01:27 +0000 Subject: [PATCH 10/13] . --- doc/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/conf.py b/doc/conf.py index 42f89b662bb..cf93f4206e6 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -326,7 +326,7 @@ def config_inited(app, config): if app.config.smv_metadata_path: os.environ['SMV_METADATA_PATH'] = app.config.smv_metadata_path os.environ['SMV_CURRENT_VERSION'] = app.config.smv_current_version - subprocess.run(["sed", "-i", "s/\"4.2.4\"/\"\^4.2.4\"/g", "package.json"], cwd=js_pkg_dir, check=True) + subprocess.run(["sed", "-i", "s/\"4\.2\.\d\"/\"\^4\.2\.4\"/g", "package.json"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "install", "--no-package-lock", "--no-audit", "--no-fund"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "run", "docs", "--", "--out", str(js_docs_dir)], From 89ddec35b4e8a892e60e5e859976a65000350cb5 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 15:10:20 +0000 Subject: [PATCH 11/13] . --- src/enclave/enclave.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/enclave/enclave.h b/src/enclave/enclave.h index c4160ac4b79..8dbbacc46c5 100644 --- a/src/enclave/enclave.h +++ b/src/enclave/enclave.h @@ -171,7 +171,7 @@ namespace enclave { r = node->create(start_type, std::move(ccf_config_)); } - catch (const std::runtime_error& e) + catch (const std::exception& e) { LOG_FAIL_FMT("Error starting node: {}", e.what()); return false; From 4d3be496aa311635f44d3ffeb500b4e03ae47275 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 15:14:06 +0000 Subject: [PATCH 12/13] . --- js/ccf-app/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/ccf-app/package.json b/js/ccf-app/package.json index da310c38bde..c3e7e67924a 100644 --- a/js/ccf-app/package.json +++ b/js/ccf-app/package.json @@ -20,7 +20,7 @@ "devDependencies": { "@types/chai": "^4.2.15", "@types/mocha": "^8.2.2", - "@types/node": "^14.14.35", + "@types/node": "14.17.27", "@types/node-forge": "^0.9.7", "chai": "^4.3.4", "concurrently": "^6.0.0", From 78dd10806ce6ae418e5082ab7e8cb38c18433a4c Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 22 Oct 2021 16:15:37 +0000 Subject: [PATCH 13/13] . --- .azure-pipelines-templates/common.yml | 2 -- CHANGELOG.md | 1 + doc/conf.py | 2 +- js/ccf-app/package.json | 2 +- tests/npm-app/package.json | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.azure-pipelines-templates/common.yml b/.azure-pipelines-templates/common.yml index 340acbda4f0..90f11cd7989 100644 --- a/.azure-pipelines-templates/common.yml +++ b/.azure-pipelines-templates/common.yml @@ -8,8 +8,6 @@ jobs: steps: - script: | sudo rm -rf build - rm -rf tests/npm-app/package-lock.json - rm -rf tests/npm-app/node_modules displayName: "Cleanup" - checkout: self diff --git a/CHANGELOG.md b/CHANGELOG.md index 830cc79057a..b19ab85b951 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Slow ledger IO operations will now be logged at level FAIL. The threshold over which logging will activate can be adjusted by the `--io-logging-threshold` CLI argument to cchost (#3067). - Snapshot files now include receipt of evidence transaction. Nodes can now join or recover a service from a standalone snapshot file. 2.x nodes can still make use of snapshots created by a 1.x node, as long as the ledger suffix containing the proof of evidence is also specified at start-up (#2998). - `ccf.historical.getStateRange` / `ccf.historical.dropCachedStates` JavaScript APIs to manually retrieve historical state in endpoints declared as `"mode": "readonly"` (#3033). +- Log more detailed errors on early startup (#3116). ### Changed diff --git a/doc/conf.py b/doc/conf.py index cf93f4206e6..43186b6e0ec 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -326,7 +326,7 @@ def config_inited(app, config): if app.config.smv_metadata_path: os.environ['SMV_METADATA_PATH'] = app.config.smv_metadata_path os.environ['SMV_CURRENT_VERSION'] = app.config.smv_current_version - subprocess.run(["sed", "-i", "s/\"4\.2\.\d\"/\"\^4\.2\.4\"/g", "package.json"], cwd=js_pkg_dir, check=True) + subprocess.run(["sed", "-i", "s/\^4.2.3/4.2.4/g", "package.json"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "install", "--no-package-lock", "--no-audit", "--no-fund"], cwd=js_pkg_dir, check=True) subprocess.run(["npm", "run", "docs", "--", "--out", str(js_docs_dir)], diff --git a/js/ccf-app/package.json b/js/ccf-app/package.json index c3e7e67924a..f91e09ff908 100644 --- a/js/ccf-app/package.json +++ b/js/ccf-app/package.json @@ -30,6 +30,6 @@ "serve": "^11.3.2", "ts-node": "^9.1.1", "typedoc": "^0.20.34", - "typescript": "^4.2.4" + "typescript": "4.2.4" } } diff --git a/tests/npm-app/package.json b/tests/npm-app/package.json index 2210febe1da..57a41b7ca9c 100644 --- a/tests/npm-app/package.json +++ b/tests/npm-app/package.json @@ -23,6 +23,6 @@ "http-server": "^0.13.0", "rollup": "^2.41.0", "tslib": "^2.0.1", - "typescript": "^4.2.4" + "typescript": "4.2.4" } }