Merge pull request #8 from mbrandenburger/master

fix ercc and update docu
hyperledger · Jan 14, 2019 · e1182f1 · e1182f1
2 parents ea03009 + d1136c6
commit e1182f1
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 18 deletions.
diff --git a/ecc/README.md b/ecc/README.md
@@ -9,20 +9,51 @@ chaincode implementation see ecc_encalve/.
 
 The following steps guide you through the build phase. Make sure this project is on your GOPATH.
 
-First, build the chaincode and the validiation plugin
+First, build the chaincode and the validation plugin
 
     $ make
-
-Next, build the chaincode docker image. Note that normally the fabric peer
-itself creates the docker image when a new chaincode is installed. However, we
-use a custom chaincode environment docker image that has SGX support enabled.
-You can define the peer name and the chaincode name using PEER_NAME and
-CC_NAME.
-
-    $ make docker DOCKER_IMAGE=dev-jdoe-ecc-0
+
+Next, build the chaincode docker image that is used by a fabric peer
+to run our chaincode.  Normally, the peer creates the docker image
+automatically when a new chaincode is installed.  In particular, it
+fetches the source code, builds the chaincode binary, and copies them
+into a new docker images based on fabric-ccenv.  Note that, since the
+peer is lazy, the docker image is only created when the chaincode is
+installed and it is not already existing.  The image name comprise of
+the peer name, the chaincode name, and a hash.
+
+However, we use a custom chaincode environment docker image that has
+SGX-support enabled.  In order to tell a peer to use our SGX chaincode
+image, we need to override an existing chaincode image.
+
+For example: ``dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7``
+
+Therefore, first install some chaincode, which we are going to override,
+and check if the corresponding docker image has been created
+successfully.
+
+    $ peer chaincode install -n ecc -v 0 -p github.com/hyperledger/fabric/examples/chaincode/go/example02/cmd 
     $ docker images
-
-Now you should see ``ecc`` in the list of docker images ``$ docker images``.
+    REPOSITORY
+    TAG                 IMAGE ID
+    dev-jdoe-ercc-0-a5a84629692f2ed6e111c44bd91e8c3e0906deb39d9e16f7acd5aefc51303184
+    latest              7a5ea0677404
+    dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7
+    latest              0c18434ae5e3
+
+Next, just run ```make docker`` to override the existing docker image with
+our SGX chaincode. To verify that the image contains our enclave
+code, let's have a look inside the image and see if we can see an
+enclave folder.
+
+    $ make docker
+    $ docker run -i -t --entrypoint ls dev-jdoe-ecc-0-8bdbb434df41902eb2d2b2e2f10f6b0504b63f56eb98582f307c11a15fc14eb7:latest
+    chaincode  chaintool  enclave  node  npm  npx  protoc-gen-go
+
+You can define the peer and the chaincode name also manually.
+
+    $ make docker DOCKER_IMAGE=my-peername-ecc-0
+
 For debugging you can also start the docker image.
 
     $ make docker-run
diff --git a/ercc/ercc.go b/ercc/ercc.go
@@ -200,8 +200,8 @@ func (ercc *EnclaveRegistryCC) getSPID(stub shim.ChaincodeStubInterface, args []
 
 func main() {
 	// start chaincode
-	err := shim.Start(NewTestErcc())
-	// err := shim.Start(NewErcc())
+	// err := shim.Start(NewTestErcc())
+	err := shim.Start(NewErcc())
 	if err != nil {
 		logger.Errorf("Error starting registry chaincode: %s", err)
 	}

diff --git a/fabric/README.md b/fabric/README.md
@@ -29,9 +29,16 @@ to run the auction demo.
 
 ### IAS
 
-In order to use Intel's Attestation Service (IAS) you can register
-[here](https://software.intel.com/en-us/sgx).  Place your client certificate
-and your SPID in the ``ias`` folder.
+In order to use Intel's Attestation Service (IAS) you need to register
+with Intel. [Here](https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example)
+you can find more details on how to obtain a signed client certificate,
+registering it and get a SPID.
+
+Place your client certificate and your SPID in the ``ias`` folder.
+
+    cp client.crt /path-to/fabric/sgxconfig/ias/client.crt
+    cp client.key /path-to/fabric/sgxconfig/ias/client.key
+    echo 'YOURSPID' | xxd -r -p > /path-to/fabric/sgxconfig/ias/spid.txt
 
 ## Run the Auction
 
@@ -49,18 +56,37 @@ the peer in two separate terminals using the corresponding scripts.  In a
 third terminal, you can you run the auction demo with ``run_sgx_auction.sh``.
 Please edit ``start_peer.sh`` and point LD_LIBRARY_PATH to the tlcc enclave lib.
 
+Note that when you run ``run_sgx_auction.sh`` the first time, you may
+see the following error:
+
+    ../.build/bin/peer chaincode instantiate -o localhost:7050 -C mychannel -n ecc -v 0 -c '{"args":["init"]}' -V ecc-vscc
+    Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg transaction returned with failure:
+    Incorrect number of arguments. Expecting 4 
+
+Don't worry, that is OK! :) The short answer to resolve this is to just
+rebuild ecc. Go to ``path-to/fabric-secure-chaincode/ecc`` and run
+``make docker``.  You can, then, re-run ``run_sgx_auction.sh`` and the
+error is gone.
+
+The long answer is the following: When a new chaincode is installed, the
+Fabric peer takes care of building the corresponding docker image that
+is used to execute the chaincode.  As we need a custom SGX-enabled
+environment to execute our chaincode inside an enclave, we need to tell
+the peer to use our custom docker image.
+
 * Terminal 1
 
         $ cd fabric/sgxconfig
         $ ./demo/create_channel.sh
         $ ./demo/start_orderer.sh
-        
+
 * Terminal 2
 
         $ cd fabric/sgxconfig
         $ ./demo/start_peer.sh
-    
+
 * Terminal 3
 
         $ cd fabric/sgxconfig
         $ ./demo/run_sgx_auction.sh
+