-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/solution skvs #766
base: main
Are you sure you want to change the base?
Feature/solution skvs #766
Conversation
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
05c5cd2
to
8fb8b84
Compare
Signed-off-by: chenchanglew <[email protected]>
// chaincode := fpc.NewPrivateChaincode(secretChaincode) | ||
skvsChaincode := fpc.NewSkvsChaincode(secretChaincode) | ||
|
||
// start chaincode as a service | ||
server := &shim.ChaincodeServer{ | ||
CCID: ccid, | ||
Address: addr, | ||
CC: chaincode, | ||
CC: skvsChaincode, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering if we want multiple main files? So we have an example to run secret keeper with and without skvs?
/samples/chaincode/secret-keeper-go/cmd/simple/main.go
/samples/chaincode/secret-keeper-go/cmd/skvs/main.go
A few words in the secret-keeper readme would be nice as well.
"github.com/pkg/errors" | ||
) | ||
|
||
type SkvsStubInterface struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the name of this file should be all small caps
return &skvsStub{enclaveStub} | ||
} | ||
|
||
func (e *skvsStub) ChaincodeInvoke(stub shim.ChaincodeStubInterface, chaincodeRequestMessageBytes []byte) ([]byte, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have the feeling that we should remove this wrapper and instead just inject a provider function for the stub that we can set externally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no sure about this one, might need to ask more insight
9cb49d8
to
dbe4851
Compare
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
dbe4851
to
754f02d
Compare
@chenchanglew can you please rebase in resolve the conflict within |
@munapower can you also please have look at this PR. Thanks! |
@mbrandenburger @chenchanglew not sure what I am supposed to test. @chenchanglew did you resolve the conflict Marcus mentions? What am I supposed to test? Should I follow the Readme or what? |
DEFAULT= cmd/naive/main.go | ||
SKVS_PATH = cmd/skvs/main.go | ||
|
||
MAIN_GO_PATH ?=$(DEFAULT) | ||
|
||
include $(TOP)/ecc_go/build.mk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add a small section in the readme of this demo to explain how to build the chaincode with these different options.
For example:
MAIN_GO_PATH=cmd/naive/main.go make
or
MAIN_GO_PATH=cmd/skvs/main.go make
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is nothing else the user need to change in order to use skvs, right?
func NewSkvsChaincode(cc shim.Chaincode) *chaincode.EnclaveChaincode { | ||
logger.Info("Creating new SKVS Chaincode") | ||
ecc := &chaincode.EnclaveChaincode{ | ||
Enclave: enclave_go.NewSkvsStub(cc), | ||
Validator: endorsement.NewValidator(), | ||
Extractor: &chaincode.ExtractorImpl{}, | ||
Ercc: &ercc.StubImpl{}, | ||
} | ||
return ecc | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am wondering if it would be better to add an option to the NewPrivateChaincode
method to instantiate the with SKVS rather than creating this new constructor.
It could look like ...
func NewPrivateChaincode(cc shim.Chaincode, options ...func(*chaincode.EnclaveChaincode)) *chaincode.EnclaveChaincode {
ecc := &chaincode.EnclaveChaincode{
Enclave: enclave_go.NewSkvsStub(cc),
Validator: endorsement.NewValidator(),
Extractor: &chaincode.ExtractorImpl{},
Ercc: &ercc.StubImpl{},
}
for _, o := range options {
o(ecc)
}
return ecc
}
func WithSKVS() func(*chaincode.EnclaveChaincode) {
return func(ecc *chaincode.EnclaveChaincode) {
ecc.Enclave = enclave_go.NewSkvsStub(cc)
}
}
and in the chaincode main.go
, the developer would write something like that ...
// naive
chaincode := fpc.NewPrivateChaincode(secretChaincode)
// with SKVS
chaincode := fpc.NewPrivateChaincode(secretChaincode, fpc.WithSKVS)
See this article https://golang.cafe/blog/golang-functional-options-pattern.html
WDYT?
What this PR does / why we need it:
Implement a Rollback attack protection solution for FPC: SKVS.
Single Key-Value Storage (SKVS) is a naive approach for rollback attacks. All key-value pairs are encapsulated and stored in this approach with a single call to put_state(). During execution, the enclave must load the entire state before accessing individual key-value pairs. While this approach prevents the rollback attack, applications with large states and multiple writers will experience bad performance, as the use of a single key-value pair will cause transactions to fail due to concurrent write issues.
A user can use it by changing the chain code to SVKS chaincode
ex:
skvsChaincode := fpc.NewSkvsChaincode(secretChaincode)
Which issue(s) this PR fixes:
Fixes #484
Special notes for your reviewer:
Loom demonstration video: Watch here