-
Notifications
You must be signed in to change notification settings - Fork 90
/
Copy pathfpc-cc-execution.puml
103 lines (81 loc) · 2.7 KB
/
fpc-cc-execution.puml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/'
Copyright 2020 Intel Corporation
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
'/
@startuml
'- force wrapping of longer text
'skinparam wrapWidth 400
!pragma teoz true
hide footbox
title Foot Box removed
title Fabric Private Chaincode - Chaincode execution
participant "FPC_stub_enclave" as Enclave1 order 10 #99FF99
participant "FPC_chaincode" as Chaincode order 30 #99FF99
participant "FPC_stub" as ECC1 order 31
database "Peer_state" as storage1 order 40
participant "Ledger_enclave" as TLCC1 order 41 #99FF99
activate Enclave1
ref over Enclave1, TLCC1
see fpc-cc-invocation.puml
end
note over TLCC1
"Full" FPC only (Post-MVP)
end note
Enclave1 -> Chaincode : invoke (args, CTX)
activate Chaincode
note right
FPC_stub_enclave calls invoke of the FPC_chaincode,
which implements the actual application logic.
Context (CTX) is used to retrieve state and the
corresponding integrity-metadata from the same view.
end note
loop
note over Chaincode
This loop denotes the application logic as it
may perform multiple getState and putState operations.
Note that these operations are over the secure channel,
see fpc-cc-invocation.puml for its establishment.
end note
alt getState
Chaincode -> Enclave1 ++ : getState(key, CTX)
Enclave1 -> Enclave1 : update readset
Enclave1 -> ECC1 ++ : getState(key, CTX)
ECC1 -> storage1 ++ : getState(key, CTX)
return value_enc
return value_enc
alt "Full" FPC (Post-MVP)
Enclave1 -> TLCC1 ++ : getMetadata(key, CTX)
note over Enclave1: this request is via the enclave-tlcc secure channel
return integrity-metadata
Enclave1 -> Enclave1 : check value_enc using integrity-data
end
Enclave1 -> Enclave1 : value <- decrypt value_enc with SEK
Enclave1 -> Enclave1 : update readset
return value
note right
Application logic can now use value for
some computation; the value is in clear
and validated with the help of Ledger_enclave.
end note
else putState
Chaincode -> Enclave1 ++ : putState(key, value, CTX)
Enclave1 -> Enclave1 : value_enc <- encrypt value with SEK
Enclave1 -> ECC1 ++: putState(key, value_enc, CTX)
note right
NOTE that with putState operations, only encrypted
data leaves the enclave.
end note
ECC1 -> ECC1 : putState(key, value_enc, CTX)
return
Enclave1 -> Enclave1 : update writeset
return
end
end
Chaincode -> Chaincode : compute some result
note right
The application logic may also return some result
end note
Chaincode --> Enclave1 : return result
deactivate Chaincode
@enduml