Enable FPC simulation mode using pure Go

Allows to build ercc and FPC go chaincode without SGX deps. This allows
developer to fiddle around with FPC, in particular, prototyping FPC
chaincode, without SGX required on their development machines.
While our FPC Dev container works fine in most cases, developers with
Apple M1 machines cannot use our dockerized environment. This commit
overcomes this issue.

Signed-off-by: Marcus Brandenburger <[email protected]>

Author: mbrandenburger

README.md

@@ -423,7 +423,47 @@ echo 'YOUR_SPID' > $FPC_PATH/config/ias/spid.txt
 ```
 where `YOUR_SPID_TYPE` must be `epid-linkable` or `epid-unlinkable`, depending on the type of your subscription.
 
-### Trouble shooting
+
+### FPC Playground for non-SGX environments
+
+FPC leverages Intel SGX as the Confidential Computing technology to guard Fabric chaincodes.
+Even though the Intel SGX SDK supports a simulation mode, where you can run applications in a simulated enclave, it still requires an x86-based platform to run and compile the enclave code.
+Another limitation comes from the fact that the Intel SGX SDK is only available for Linux and Windows.
+
+To overcome these limitations and allow developers to toy around with the FPC API, we provide two ways to getting started with FPC.
+
+1) Using the [Docker-based FPC Development Environment](#setup-your-development-environment) (works well on x86-based platforms on Linux and Mac).
+2) FPC builds without SGX SDK dependencies (targets x86/arm-based platforms on Linux and Mac).
+
+We now elaborate on how to build the FPC components without the SGX SDK.
+Note that this is indented for developing purpose only and does not provide any protection at all.
+
+In your `config.override.mk` set the following to variables:
+```Makefile
+FPC_CCENV_IMAGE=ubuntu:20.04
+ERCC_GOTAGS=
+```
+This configuration sets a standard Ubuntu image as alternative to our `fabric-private-chaincode-ccenv` image and overrides the default build tags we use to build `ercc`.
+
+Next you can build `ercc` using the following command:
+```bash
+GOOS=linux make -C $FPC_PATH/ercc build docker
+```
+
+For building a chaincode, for instance `$FPC_PATH/samples/chaincode/kv-test-go`, just run: 
+```bash
+GOOS=linux make -C $FPC_PATH/samples/chaincode/kv-test-go with_go docker
+```
+
+You can test your FPC chaincode easily with one of the [sample deployments](samples/deployment) tutorials.
+We recommend to start with [the-simple-testing-network](samples/deployment/fabric-smart-client/the-simple-testing-network).
+
+Notes:
+- On Mac use a recent version of bash (`brew install bash`).
+- TODO more to come
+
+
+### Troubleshooting
 
 This section elaborate on common issues with building Fabric Private Chaincode.
 

config.mk

@@ -69,6 +69,7 @@ PROJECT_NAME=fabric-private-chaincode
 export FABRIC_VERSION ?= 2.3.3
 
 export FPC_VERSION := go-support
+export FPC_CCENV_IMAGE ?= hyperledger/fabric-private-chaincode-ccenv:$(FPC_VERSION)
 
 export FABRIC_PATH ?= ${GOPATH}/src/github.com/hyperledger/fabric
 

ecc_go/Dockerfile

@@ -11,9 +11,9 @@
 #  - sgxmode:                    SGX_MODE
 #  - Chaincode as a Server Port: CAAS_PORT
 
-ARG FPC_VERSION=main
+ARG FPC_CCENV_IMAGE=hyperledger/fabric-private-chaincode-ccenv:main
 
-FROM hyperledger/fabric-private-chaincode-ccenv:${FPC_VERSION}
+FROM ${FPC_CCENV_IMAGE}
 
 ARG SGX_MODE
 ENV SGX_MODE=${SGX_MODE}

ecc_go/build.mk

@@ -53,17 +53,17 @@ endif
 ifdef DOCKER_FORCE_REBUILD
 	DOCKER_BUILD_OPTS += --no-cache
 endif
-DOCKER_BUILD_OPTS += --build-arg FPC_VERSION=$(FPC_VERSION)
+DOCKER_BUILD_OPTS += --build-arg FPC_CCENV_IMAGE=$(FPC_CCENV_IMAGE)
 DOCKER_BUILD_OPTS += --build-arg SGX_MODE=$(SGX_MODE)
 DOCKER_BUILD_OPTS += --build-arg CAAS_PORT=$(CAAS_PORT)
 
-
-
 docker:
-	$(DOCKER) build $(DOCKER_BUILD_OPTS) -t $(DOCKER_IMAGE):$(FPC_VERSION) -f $(DOCKER_FILE)\
-		$(shell if [ "${SGX_MODE}" = "SIM" ]; then echo "--build-arg OE_SIMULATION=1"; fi)\
-		. &&\
-	$(DOCKER) tag $(DOCKER_IMAGE):$(FPC_VERSION) $(DOCKER_IMAGE):latest
+	$(DOCKER) build $(DOCKER_BUILD_OPTS) \
+		$(shell if [ "${SGX_MODE}" = "SIM" ]; then echo "--build-arg OE_SIMULATION=1"; fi) \
+		-t $(DOCKER_IMAGE):$(FPC_VERSION) \
+		-f $(DOCKER_FILE) \
+		. \
+	&& $(DOCKER) tag $(DOCKER_IMAGE):$(FPC_VERSION) $(DOCKER_IMAGE):latest
 
 clean:
 	$(GO) clean

ercc/Dockerfile

@@ -3,9 +3,9 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-ARG FPC_VERSION=main
+ARG FPC_CCENV_IMAGE=hyperledger/fabric-private-chaincode-ccenv:main
 
-FROM hyperledger/fabric-private-chaincode-ccenv:${FPC_VERSION}
+FROM ${FPC_CCENV_IMAGE}
 
 ENV PATH=/opt/ercc:$PATH
 

ercc/Makefile

@@ -6,7 +6,8 @@
 TOP = ..
 include $(TOP)/build.mk
 
-GOTAGS += -tags WITH_PDO_CRYPTO
+ERCC_GOTAGS ?= -tags WITH_PDO_CRYPTO
+GOTAGS += $(ERCC_GOTAGS)
 
 build: ercc
 
@@ -34,7 +35,7 @@ DOCKER_IMAGE?=fpc/ercc
 
 docker: ercc
 	$(DOCKER) build $(DOCKER_BUILD_OPTS) \
-		--build-arg FPC_VERSION=$(FPC_VERSION) \
+		--build-arg FPC_CCENV_IMAGE=$(FPC_CCENV_IMAGE) \
 		-t $(DOCKER_IMAGE):$(FPC_VERSION) \
 		. \
 	&& $(DOCKER) tag $(DOCKER_IMAGE):$(FPC_VERSION) $(DOCKER_IMAGE):latest

ercc/attestation/pdo.go

@@ -0,0 +1,18 @@
+//go:build WITH_PDO_CRYPTO
+
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package attestation
+
+import (
+	"github.com/hyperledger/fabric-private-chaincode/internal/attestation/epid/pdo"
+)
+
+func init() {
+	registry.add(pdo.NewEpidLinkableVerifier())
+	registry.add(pdo.NewEpidUnlinkableVerifier())
+}

ercc/attestation/simulation.go

@@ -0,0 +1,13 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package attestation
+
+import "github.com/hyperledger/fabric-private-chaincode/internal/attestation/simulation"
+
+func init() {
+	registry.add(simulation.NewSimulationVerifier())
+}

ercc/attestation/verifier.go

@@ -0,0 +1,34 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package attestation
+
+import (
+	"github.com/hyperledger/fabric-private-chaincode/internal/attestation"
+	"github.com/hyperledger/fabric-private-chaincode/internal/attestation/types"
+	"github.com/pkg/errors"
+)
+
+var registry verifierRegistry
+
+type verifierRegistry struct {
+	verifiers []*types.Verifier
+}
+
+func (vr *verifierRegistry) add(verifier *types.Verifier) {
+	for _, v := range vr.verifiers {
+		if v.Type == verifier.Type {
+			// this type of verifier is already registered
+			panic(errors.Errorf("credential verifier of type '%v' already registered!", verifier.Type))
+		}
+	}
+
+	vr.verifiers = append(vr.verifiers, verifier)
+}
+
+func GetAvailableVerifier() *attestation.CredentialVerifier {
+	return attestation.NewCredentialVerifier(registry.verifiers...)
+}

ercc/main.go

@@ -11,10 +11,8 @@ import (
 
 	"github.com/hyperledger/fabric-chaincode-go/shim"
 	"github.com/hyperledger/fabric-contract-api-go/contractapi"
+	"github.com/hyperledger/fabric-private-chaincode/ercc/attestation"
 	"github.com/hyperledger/fabric-private-chaincode/ercc/registry"
-	"github.com/hyperledger/fabric-private-chaincode/internal/attestation"
-	"github.com/hyperledger/fabric-private-chaincode/internal/attestation/epid/pdo"
-	"github.com/hyperledger/fabric-private-chaincode/internal/attestation/simulation"
 	"github.com/hyperledger/fabric-private-chaincode/internal/utils"
 	"github.com/hyperledger/fabric/common/flogging"
 )
@@ -28,11 +26,7 @@ func main() {
 	// For example: FABRIC_LOGGING_SPEC=ecc=DEBUG:ecc_enclave=ERROR
 
 	c := &registry.Contract{}
-	c.Verifier = attestation.NewCredentialVerifier(
-		simulation.NewSimulationVerifier(),
-		pdo.NewEpidLinkableVerifier(),
-		pdo.NewEpidUnlinkableVerifier(),
-	)
+	c.Verifier = attestation.GetAvailableVerifier()
 	c.IEvaluator = &utils.IdentityEvaluator{}
 	c.BeforeTransaction = registry.MyBeforeTransaction
 

internal/crypto/crypto_go.go

@@ -6,7 +6,6 @@ SPDX-License-Identifier: Apache-2.0
 
 package crypto
 
-import "C"
 import (
 	"crypto/aes"
 	"crypto/cipher"