Enable message encryption and chaincode request message consistency check #516
Conversation
bvavala
force-pushed
the
bruno.20122020.message-encryption
branch
from
3e50bda to
208e9e7
Compare
bvavala
changed the title
Signed-off-by: Bruno Vavala <[email protected]>
Signed-off-by: Bruno Vavala <[email protected]>
bvavala
force-pushed
the
bruno.20122020.message-encryption
branch
from
208e9e7 to
8485afd
Compare
There was a problem hiding this comment.
Looks very good and should make complete now FPC 1.0 from an end-to-end security perspective! Also works nicely in HW mode for both (automated) integration test and (manual) test-net test. A few comments/observations/suggestions, though; none of them a show-stopper. So take it or leave it.
BTW: i think this should also close #412? Also #486, i guess we could move to FPC 1.1?
| @@ -45,6 +45,9 @@ class cc_data | |||
| ByteArray get_state_encryption_key(); | |||
| std::string get_enclave_id(); | |||
| bool sign_message(const ByteArray& message, ByteArray& signature) const; | |||
| bool decrypt_cc_message(const ByteArray& encrypted_message, ByteArray& message) const; | |||
There was a problem hiding this comment.
the _cc_ seems a bit inconsistent given that we don't do it for sign and encrypt ...
There was a problem hiding this comment.
I kind of agree.
Thing is that encrypt_message uses just symmetric crypto and passes a key, while decrypt_cc_message uses (for now just) asymmetric crypto.
So the "inconsistency" aims actually at differentiating this aspect.
There was a problem hiding this comment.
not that the name does reflect this distinction? (for that i would have expected something like _sym_ and _pk_ or alike). BTW: also realize now that given that you pass the key (rather taking it from object like for decrypt), it's also less obvious why it is even a method of that object? Arguably, one could also have set the return key as object field, in which case arguably the sym vs pk distinction at this level of abstraction is actually completely irrelevant? All that said, the current naming certainly shouldn't lead to any confusion, so no real issue by leaving it as-is, just a bit nitpicking ;-)
… move get-request-from-proposal to proto utils Signed-off-by: Bruno Vavala <[email protected]>
|
FYI travis fails due to some reached quotas enforced by docker. Given where it failed, I would call it successful. |
This dockerhub limit i've also encountered (regularly) on my local tests. There i solved it by doing a |
BTW: as you labelled this as security-related issue, should maybe @mbrandenburger also have a look for a second pair? (Not sure when he is back). Otherwise, i'll merge ... |
I would prefer to merge this, as well the upcoming one on mock_enclave, and do additional revisions/modifications post-facto. |
ok, i'll merge
As mentioned on slack, i'm off work this and next week, so will do unlikely much until Jan 11th, so will do unlikely much before second week of jan |
(self-explanatory)
This PR addresses #504 (consistency check), part of #486 (message encryption), and maintains the limitations described in #478 (message size).
Also, see comment below, closes #412, and #486 can be moved to next release