Skip to content
This repository has been archived by the owner on Jun 23, 2021. It is now read-only.

Latest commit

 

History

History
82 lines (66 loc) · 10 KB

M2_code_documentation.md

File metadata and controls

82 lines (66 loc) · 10 KB

Code Documentation for M2

This page describes the implemented functions of M2 with corresponding code references.

substraTEE-node

substraTEE-worker

Description of the functionality

The substraTEE-worker implements three main functions:

  1. Instruct the enclave to generate a RSA3072 key pair which is used for encrypting the payload sent from the substraTEE-client to the substraTEE-worker. This is done with the command getpublickey.

    • Important: only the public key leaves the enclave while the private key stays in the enclave.
  2. Instruct the enclave to generate a ED25519 key pair which is used for signing the extrinsic sent from the substraTEE-worker to the substraTEE-node. This is done with the command getsignkey.

    • Important: only the public key leaves the enclave while the private key stays in the enclave.
  3. Subscribe to substraTEE-proxy events, forward any received payload to the enclave and send the extrinsic (that is composed in the enclave) back to the substraTEE-node. This is done with the command worker.

    For M2, the substraTEE-worker compares the SHA256 hash of the WASM to be executed to the SHA256 hash given by the substraTEE-client. The code is executed only if the two hashes match - this gives the end user the confirmation and trust that the correct STF is executed.

Implementation

The functions are implemented at the following places:

Important: Only the functions defined in enclave/Enclave.edl are allowed to be called in the enclave. The return values also have to be defined here.

Funtion 1: RSA3072 key pair generation

Function 2: ED25519 key pair generation

Same principle as Function 1 but starting at line 164 in the [worker/src/enclave_wrappers.rs]((https://github.com/scs/substraTEE-worker/blob/M2/worker/src/enclave_wrappers.rs#L164)

Function 3: Process encrypted payload from the substraTEE-node

substraTEE-client

The client is a sample implementation and only serves the purpose to demonstrate the functionalities of the substraTEE-node and substraTEE–worker. It implements the following sequence:

  • client/src/main.rs:73: The length of the provided argument sha256wasm is checked
  • client/src/main.rs:88: The free balance from //Alice is queried
  • client/src/main.rs:91: The current account nonce of //Alice is queried
  • client/src/main.rs:94: The account //Alice is funded with 1_000_000
  • client/src/main.rs:99: 1000 units are transferred from //Alice to the account of the TEE (identified by the public ED25519 key of the enclave)
  • client/src/main.rs:73: An extrinsic with an encrypted payload (using the public RSA3072 key of the enclave) is composed
    • The payload contains the account (default //Alice), the increment (default 42) and the SHA256 hash of the WASM provided by the user
  • client/src/main.rs:116: The extrinsic is sent to the substraTEE-node to the function “call_worker” of the substratee-proxy module. The client waits for the confirmation that the transaction got finalized
  • client/src/main.rs:123: Use the substrate-api-client to subscribe to the event CallConfirmed of the substraTEE-node
  • client/src/main.rs:125: When the event was received, print out the calculated and the received hash of the (unencrypted) payload