forked from hyperledger/fabric-private-chaincode
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fpc-validation.puml
203 lines (170 loc) · 7.02 KB
/
fpc-validation.puml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
/'
Copyright 2020 Intel Corporation
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
'/
@startuml
'- force wrapping of longer text
'skinparam wrapWidth 400
!pragma teoz true
hide footbox
title Foot Box removed
title Fabric Private Chaincode - Transaction validation using FPC validation plugin
actor "User Org1" as User1 order 9
participant "Peer_CLI/\nClient SDK" as CLI order 10
participant "Peer Org1" as Peer1 order 25
participant "Peer Org2" as Peer2 order 60
participant "Peer Org3" as Peer3 order 70
entity Orderer order 100
ref over User1, Orderer
install, approve, commit chaincode definition (ECC_MR)
see fpc-lifecycle-v2.puml
end ref
ref over User1, Orderer
register enclaves and key-dist
see fpc-registration.puml and fpc-key-dist.puml
end ref
group endorsement
activate CLI
User1 -> CLI : send proposal
ref over CLI, Peer1, Peer2, Peer3
invoke chaincode enclave and collect enough enclave endorsements { proposal-response }
and corresponding results { ccrsp_msg } to satisfy enclave endorsement policy
see fpc-cc-invocation.puml
end ref
alt FPC Lite
group enclave endorsement validation transaction
CLI -> Peer1 ++: invoke "validateEnclaveEndorsement" ({ ccrsp_msg })
create participant "FPC_stub" as ECC1 order 26
Peer1 -> ECC1 ++:
group enclave endorsement validation
ECC1 -> ECC1 : <ECC_result, read/writeset, proposal, Sig_Enclave, Enclave_Id> <- extract from ccrsp_msg
create participant ERCC order 30
ECC1 -> ERCC++ : queryEnclaveCredentials(CC_Id, Enclave_Id)
note right
If FPC enclave is registered, ERCC will
return the corresponding Credentials,
otherwise Credentials is empty and validation will abort.
end note
return Credentials
ECC1 -> ECC1 : extract Enclave_VK from Credentials.attesated_data
ECC1 -> ECC1 : verify Sig_Enclave over <proposal, read/writeset, ECC_result> with Enclave_VK
ECC1 -> ECC1 : extract CC_Params from Credentials.AttestedData
ECC1 -> ECC1 : check CC_Params matches own chaincode definition
note right of ECC1
All these check validate for FPC Lite the implicitly defined "designated enclave"
enclave endorsement policy, the only enclave endorsement policy supported in MVP.
end note
end group
group transaction replay
ECC1 -> ECC1 : re-create reads and writes based on read/writeset from input proposal
end group
note right of ECC1
any validation or replay failure results in a transaction abort
end note
return
return validation-proposal-response
end group
loop for all/"enough" enclave endorsers
note right CLI
Invoke at enough endorsing peers to satisfy validation endorsement policy
and collect { validation-proposal-response }.
end note
ref over CLI,Peer2,Peer3
enclave endorsementt validation transaction
end ref
end
end
end group
group transaction submission
CLI -> CLI : form transaction from { validation-proposal-response } (FPC Lite) or from { proposal-response } (otherwise)
CLI -> Orderer++ : send transaction
deactivate CLI
...
Orderer -> Orderer : form block
end group
Orderer -> Peer1+ : broadcast
& Orderer -> Peer2+ : broadcast
& Orderer -> Peer3+ : broadcast
deactivate Orderer
group validation & commit
Peer1 -> Peer1 : validate block signature
loop for each tx in block
note over Peer1
For every FPC transaction, we first perform
default validation and then FPC validation
end note
group default validation
Peer1 -> Peer1 : perform default validation
Peer1 -> Peer1 : validate tx (client) signature
Peer1 -> Peer1 : MVCC check
Peer1 -> Peer1 : validate endorsements
end group
alt "Full" FPC (Post-MVP)
group fpc-vscc
/'
Note that i dropped here the old MVP version which would have had signature in ccrsp_msg.
The corresponding validation would essentially be replacing below with content of
group enclave endorsement validation, but read/write-set extracted from ledger rather
than from ccrsp_msg.
'/
note over Peer1
fpc-vscc is a validation plugin associated with each FPC Chaincode.
Any failure below will result in an invalidation of the transaction.
end note
note right of Peer1
The enclave's signature was already verified against the (enclave's) PeerCertificate.
Similarly, the enclave endorsement policy is encoded in the (fabric) endorsement policy
and already validate.
The only step required to verify is that the endorsement comes from a correctly
registered enclave for that chaincode
end note
Peer1 -> ERCC++ : queryEnclaveCredentials(CC_Id, Hash(PeerCertificate.Public_key))
return Credentials
note right of Peer1
fail if no credential is returned
end note
/'
we could also verify ..
Credentials.Attesteddata.HostParams.Certificate == PeerCertificate
.. but that doesn't seem to be strictly necessary
'/
end group
end
end loop
loop for each tx in block
Peer1 -> Peer1 : apply valid tx writeset
end loop
Peer1 -> Peer1 : append block to ledger
alt "Full" FPC (Post-MVP)
create "Ledger_enclave Peer_Org1" as TLCC1 order 31 #99FF99
Peer1 -> TLCC1 : new block
deactivate Peer1
|||
ref over TLCC1
validation & commit
end ref
note over TLCC1
Ledger enclave performs the same
validation steps as the peer does.
This is necessary to let the ledger
enclave establish its own trusted
view of the ledger.
end note
TLCC1 -> TLCC1 : compute and store integrity-metadata for the invoked FPC chaincode's writeset
|||
deactivate TLCC1
|||
end
end group /' validation & commit '/
ref over Peer2
validation & commit
end ref
|||
deactivate Peer2
ref over Peer3
validation & commit
end ref
|||
deactivate Peer3
@enduml