-
Notifications
You must be signed in to change notification settings - Fork 90
/
Copy pathfpc.proto
152 lines (117 loc) · 5.19 KB
/
fpc.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
// Copyright IBM Corp. All Rights Reserved.
// Copyright 2020 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0
syntax = "proto3";
import "google/protobuf/any.proto";
// Imports from fabric ..
// - 'protos' package
import "peer/chaincode.proto";
import "peer/proposal.proto";
import "peer/proposal_response.proto";
// - 'kvrwset' package
import "ledger/rwset/kvrwset/kv_rwset.proto";
package fpc;
option go_package = "github.com/hyperledger/fabric-private-chaincode/internal/protos";
message CCParameters {
// name of the chaincode
string chaincode_id = 1;
// version of chaincode, this is the expected mrenclave
// encoded as hexstring (as generated by common/enclave/generate_mrenclave.sh)
string version = 2;
// chaincode sequence number
int64 sequence = 3;
// name of channel
string channel_id = 4;
}
message HostParameters {
// MSP ID of organization hosting (embracing) the peer with corresponding enclave
// TODO: rename to `creator_msp_id` because this value will be set to the creator's mspid (not the peer's)
string peer_msp_id = 1;
// the (externally accessible) address of the peer endpoint in format <ip-addr|hostname>:<port-number>
string peer_endpoint = 2;
// Post-MVP: This will be a X509 peer certificate on
// Enclave_VK and CCParameters signed by a CA rooted in
// the MSP of the Organization hosting the peer running the FPC
// Chaincode enclave. This shows the "ownership" of Org for that
//particular FPC Chaincode enclave. See additional information in
// fpc-registration.puml in the 'Org-Enclave binding/certification' group.
// Note that this field may be moved elsewhere.
bytes certificate = 3;
}
message AttestedData {
CCParameters cc_params = 1;
HostParameters host_params = 2;
// chaincode enclave public key
bytes enclave_vk = 3;
// SHA256 hash of the channel genesis block;
bytes channel_hash = 4;
// expected TLCC mrenclave
// encoded as hexstring (as generated by common/enclave/generate_mrenclave.sh)
string tlcc_mrenclave = 5;
// chaincode encryption key
// NOTE: This is a (momentary) short-cut over the FPC and FPC Lite specification in `docs/design/fabric-v2+/fpc-registration.puml` and `docs/design/fabric-v2+/fpc-key-dist.puml`
bytes chaincode_ek = 6;
}
message Credentials {
// serialization of type **AttestedData**
google.protobuf.Any serialized_attested_data = 1;
// serialized attestation/quote as output by `get_attestatation`, see `interfaces.attestation.md`
bytes attestation = 2;
// serialized attestation evidence as output by `AttestationToEvidence`, see `interfaces.attestation.md`
bytes evidence = 3;
}
message InitEnclaveMessage {
// the (externally accessible) address of the peer endpoint in format <ip-addr|hostname>:<port-number>
string peer_endpoint = 1;
// parameters passed for initialization of the attestation API as required by that API
// (i.e., a base64-encoded json string, see 'interfaces.attestation.md' and 'common/crypto/attestation-api')
bytes attestation_params = 2;
}
message CleartextChaincodeRequest {
// the function and args to invoke
protos.ChaincodeInput input = 1;
}
message ChaincodeRequestMessage {
// an encryption (symmetric) of the serialization of CleartextChaincodeRequest with KeyTransportMessage.request_encryption_key
bytes encrypted_request = 1;
// an encryption (asymmetric) of the serialization of request KeyTransportMessage with AttestedData.chaincode_ek
bytes encrypted_key_transport_message = 2;
}
message KeyTransportMessage {
// key to decrypt CleartextChaincodeRequest
bytes request_encryption_key = 1;
// key to encrypt CleartextChaincodeResponse
bytes response_encryption_key = 2;
}
message CleartextChaincodeResponse {
// the response of the chaincode invocation
protos.Response response = 1;
}
// FPCKVSet augments the Fabric kvrwset.KVRWSet protobuf to include the hash of the value of each read.
// Specifically, read_value_hashes[i] is the hash of the value associated to rw_set.reads[i].key
message FPCKVSet {
kvrwset.KVRWSet rw_set = 1;
repeated bytes read_value_hashes = 2;
}
message ChaincodeResponseMessage {
// an encryption (symmetric) of the serialization of CleartextChaincodeRequest with KeyTransportMessage.response_encryption_key
bytes encrypted_response = 1;
// R/W set (of cleartext keys but encrypted values)
// This field is only valid for the FPC Lite variant but absent from the full version with in-peer FPC validation
FPCKVSet fpc_rw_set = 2;
// signed proposal for this request
protos.SignedProposal proposal = 3;
// hash of the proposal's input request
// this field is required because input request is passed alongside the proposal
// and not extracted from it; validation chaincode will check for consistency
bytes chaincode_request_message_hash = 4;
// identity for public key used to sign
string enclave_id = 5;
}
message SignedChaincodeResponseMessage {
// binary encoding of a ChaincodeResponseMessage protobuf
bytes chaincode_response_message = 1;
// signature over the chaincode response message
bytes signature = 2;
}