-
Notifications
You must be signed in to change notification settings - Fork 91
/
fpc-registration.puml
291 lines (236 loc) · 11.8 KB
/
fpc-registration.puml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
/'
Copyright 2020 Intel Corporation
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
'/
@startuml
!pragma teoz true
title FPC Enclave Registration
actor "Admin" as Admin order 10
participant "Peer_CLI" as Peer_CLI order 15
participant "FPC_stub" as ECC1 order 20
participant "Ledger Enclave" as TLCC1 order 36 #99FF99
participant "ERCC" as ERCC1 order 40
entity CA order 90
entity IAS order 100
participant Orderer as Orderer order 100
note over TLCC1
"Full" FPC (Post-MVP)
end note
note right Admin
Types are shown in the fpc-components diagram.
end note
note right Admin
It is assumed that:
- Channel has already been created;
- ERCC has been installed -- approved by the participating organizations;
- ERCC contains hard-coded the IAS Root Certificate and, for the
"full" FPC version (post-MVP), the TLCC_MRenclave.
- ERCC should have an Endorsement Policy which subsumes the organizational trust
assumptions for any FPC chaincode executed on this channel. Hence, a suitable
choice might be to keep it the same as the the Lifecycle Policy, e.g., the
majority of Organizations.
Note: While ERCC transactions are essentially extensions to the chaincode
lifecycle and ERCC-managed data is paramount for the overall security of FPC
chaincode, ERCC performs strict test on crucial data "baked" into the ERCC
chaincode definition and such data is already automatically protected by the
lifecycle policy.
end note
Admin -> Admin: Attestation_Params <- <.e.g, SPID, sig-rl, ....>
Admin -> Peer_CLI ++: lifecycle chaincode\n initEnclave (CC_Id, Attestation_Params, Peer_Endpoint)
group enclave creation
note right Peer_CLI
This operation can only be performed after the chaincode definition ---
which defines the root of trust (MRENCLAVE) for the FPC Chaincode ---
is committed on the channel. More specifically, this commitment must have
completed before below 'registerEnclave' starts in order to complete the
enclave registration step.
PS: In the future (post-MVP) when we support chaincode upgrades, the
interleaving of below with normal lifecycle commands will have to be revisited;
chaincode upgrades will require consistent and atomic updates of both the
chaincode definition on the channel as well as in ERCC.
end note
Peer_CLI -> Peer_CLI : init_enclave_msg.attestation_params <- Attestation_Params
Peer_CLI -> Peer_CLI : init_enclave_msg.peer_endpoint <- Peer_Endpoint
Peer_CLI -> ECC1 ++: initEnclave (init_encalve_msg)
ref over ECC1
This might trigger [FPC Chaincode is not running] from fpc-cc-invocation.puml
end ref
ECC1 -> ECC1: fetch CC_Params and Host_Params objects
note right ECC1
The CC_Params help binding the enclave to a specific FPC chaincode,
as it is registered in Fabric.
The requirement of CC_Params can be met in practice as follows:
CC_Id, version, and channel id can be retrieved through Fabric
shim functions
The Host_Params has two purposes: enable endpoint discovery for enclaves
and capture the endorsement of the organization hosting the enclave.
The stub creates it based on 'getCreator' to retrieve the MSP ID
(for Host_Params.Peer_MSP_ID) and from the endpoint address passed in initEnclave.
Note that the validation of these parameters is performed by ERCC.
If necessary, a pre-validation can be performed through the Ledger Enclave.
end note
create "FPC_stub_enclave" as Enclave1 order 30 #99FF99
ECC1 -> Enclave1 ++: ecall_init(CC_Params, Host_Params, Attestation_Params)
Enclave1 -> Enclave1 : <Public_Keys, Private_Keys> <- generate keys
note right Enclave1
This step generates the enclave's public and private keys used by
the FPC chaincode to sign transactions and decrypt transaction arguments.
See fpc-components.uml diagram for more details
end note
Enclave1 -> Enclave1 : Enclave_Id <- Hash(Enclave_VK)
note right Enclave1
A sha256 hash of the enclave signature verification key (Enclave_VK)
is used as unique enclave identifier
end note
group attestation preparation
alt FPC Lite
Enclave1 -> Enclave1 : AttestedData <- <CC_Params, Host_Params, Enclave_VK, Channel_hash, onCreation=true>
note right Enclave1
In the future an admin might want to request re-attestations: For EPID this would be
the only way to check for revocations (In DCAP, checking CRLs would enable this as well).
For security reasoning, it is crucial that the TCB level (CPUSVN) of the seal operation is
reflected in the attestation (and, hence, ERCC registration).
We ensure that performing the initial attestation before sealing the state and distinguish
the intial from subsequent attestations based on the onCreation field in AttestedData.
end note
else "full" FPC (Post-MVP)
group establish secure channel based on local attestation to retrieve MRENCLAVE of TLCC and cryptographic channel identifier (channel_hash)
Enclave1 -> TLCC1 ++: tl_session_setup(Channel_Id, CC_Id, Enclave_Id)
return
Enclave1 -> TLCC1 ++: tl_session_get_tlcc_mrenclave()
return tlcc_mrenclave
Enclave1 -> TLCC1 ++: tl_session_get_channel_hash()
return channel_hash
end group
Enclave1 -> Enclave1 : AttestedData <- <CC_Params, Host_Params, Enclave_VK, Channel_hash, tlcc_mrenclave, onCreation=true>
end
end group
group enclave attestation
Enclave1 -> Enclave1 : init_attestation(Attestation_Params)
Enclave1 -> Enclave1 : get_attestation(AttestedData)
note right Enclave1
The GetAttestation method abstracts/generalizes the attestation protocol used here.
Currently, Intel SGX supports two different attestation schemes, namely,
EPID-based attestation and DCAP. For more details see Intel SGX docu.
In this diagram we illustrate the flow of the EPID-based attestation, which
involves Intel Attestation Service (IAS). As the EPID attestation requires
the SPID to generate a quote, the peer provides it through FPC_stub.
end note
Enclave1 -> Enclave1 : Attestation <- create quote using Attestation_Params.SPID over Hash(AttestedData)
end group
' sealing and storing state will eventually performed by a separate secure storage module, that is, details below may change in the future
Enclave1 -> Enclave1 : Sealed_State <- seal <CC_Params, Host_Params, Private_Keys, Public_Keys>
note right Enclave1
The enclave keeps CC_Paramenters, Host_Params, Public_Keys, and Private_Keys as local state
in memory during it's lifetime. Once an enclave restarts, this state is
deleted and must be restored. For this reason, the enclave state is sealed
so it can be stored outside the enclave for recovery.
Also, a new secure connection with the Ledger Enclave must be established.
end note
Enclave1 -> ECC1 ++: store Sealed_State
return
note right ECC1
FPC_stub stores sealed chaincode state with the help of
the external builder on the peer local storage.
end note
Enclave1 -> Enclave1 : Credentials <- <AttestedData, Attestation>
return Credentials
group Org-Enclave binding/certification [Post-MVP: Validation]
note right ECC1
In MVP, the attestation will be carried in the fabric transaction response payload in addition to the normal peer endorsement signature.
To enable cleaner integration into Fabric and, in particular, support multi-enclave endorsement, post-MVP we will provide the enclave
with a peer-certificate on Private_keys.Enclave_VK rooted in the organizations MSP -- more cleanly expressing that the Org take
"ownership" of this enclave -- and replace the normal peer endorsement signature with the enclave signature.
The corresponding changes will be marked with '[Post-MVP: Validation]'.
end note
ECC1 -> Enclave1 ++: getCSR
Enclave1 -> Enclave1 : csr <- generate_csr(Private_Keys.Enclave_SK, CC_Params)
return csr /' ECC1 -> Enclave1 '/
ECC1 -> CA ++: issueCertificate(csr)
return cert /' ECC1 -> CA '/
ECC1 -> ECC1: Credentials.Certificate <- cert
end group
return Credentials
end
group Attestation-to-Evidence Conversion
Peer_CLI -> Peer_CLI +: AttestationToEvidence(Credentials.Attestation)
Peer_CLI -> IAS ++: send Credentials.Attestation for verification
note left IAS
IAS verifies the quote produced by the enclave and returns
a signed verification report that is used as evidence that
the enclave runs a certain FPC enclave in certain security context.
end note
return Verification_Report
return Credentials.Evidence <- Verification_Report
end
loop for all/"enough" endorsers to satisfy ercc endorsement policy
Peer_CLI -> ERCC1 ++: registerEnclave (Credentials)
note right ERCC1
Note that ERCC aborts if a single check failed.
end note
group enclave attestation - evidence validation
ERCC1 -> ERCC1 : verify_evidence(Credentials.Evidence)
note right ERCC1
The evidence check ensures that the evidence is correct (e.g. in
case of EPID-based attestation the evidence must be signed by IAS)
and covers Hash(Credentials.AttestedData).
Note that the IAS verification key is hardcoded in ERCC. This
verification key does not change frequently. In the case the verification
key changes, the ERCC must be updated and upgraded through the normal
chaincode lifecycle upgrade operation.
end note
ERCC1 -> ERCC1 : check Credentials.AttestedData
note right ERCC1
- check that CC_Params match chaincode definition
- Channel_Id should correspond to ERCC's own view
- Channel_hash should corresponds to peers view of the channel id
- MSPID should correspond to the tx sender
- TLCC_MRENCLAVE matches the version baked into ERCC ("full" FPC only, Post-MVP)
- CC_Version matches MRENCLAVE from (validated) Credentials.Evidence
end note
end group
alt Org-Enclave binding verification [MVP: Validation]
ERCC1 -> ERCC1 : check Credentials.Host_Params.Peer_MSP_ID
note right ERCC1
must match msp ID from getCreator of this request
end note
else Org-Enclave binding verification [Post-MVP: Validation]
ERCC1 -> ERCC1 : check Org-Enclave binding certificate
note right ERCC1
- Credentials.AttestedData.CC_Params == Credentials.Certificate.CC_Params
- Credentials.Certificate should be issued by CA owned by Credentials.Host_Params.Peer_MSP_ID
- Credentials.Certificate.role == 'peer'
end note
end
group check consistency of Credentials
create Lifecycle order 55
ERCC1 -> Lifecycle +: queryChaincodeDefinition (Credentials.AttestedData.CC_Params.CC_Id)
return chaincode definition
ERCC1 -> ERCC1 : check Credentials.AttestedData.CC_Params against chaincode definition
note right ERCC1
This check ensures that:
1) the chaincode version (i.e., the MREnclave) matches the
version of the approved chaincode.
2) the chaincode is registered
Note that (1) is security-critical and saves the client from
verifying the chaincode version/MREnclave.
Note that (2) merely prevents spurious chaincode enclaves from
being registered.
end note
end group
group Deployment validation [Post-MVP: Risk-management]
ERCC1 -> ERCC1 : validate FPC deployment (restriction) policy
note right ERCC1
This might cover policies like anti-collocation, risk-budgets for collocated chaincodes or alike.
end note
end group
ERCC1 -> ERCC1 : putState(namespaces/credentials/$CC_Id/$Enclave_Id, Credentials)
note over ERCC1
end note
return proposal response
end loop
Peer_CLI -> Peer_CLI : form transaction
Peer_CLI -> Orderer: submit registerEnclave transaction
return
@enduml