feature(samples): confidential escrow example - LFX25

go.mod

@@ -23,7 +23,8 @@ replace google.golang.org/grpc => google.golang.org/grpc v1.29.1
 require (
 	github.com/client9/misspell v0.3.4
 	github.com/golang/protobuf v1.5.3
-	github.com/hyperledger/fabric v1.4.0-rc1.0.20230405174026-695dd57e01c2
+	github.com/hyperledger-labs/cc-tools v1.0.2
+	github.com/hyperledger/fabric v2.1.1+incompatible
 	github.com/hyperledger/fabric-chaincode-go v0.0.0-20230228194215-b84622ba6a7a
 	github.com/hyperledger/fabric-contract-api-go v1.2.1
 	github.com/hyperledger/fabric-protos-go v0.3.0
@@ -46,21 +47,12 @@ require (
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
-	github.com/IBM/idemix v0.0.2-0.20231107110441-534ea4193b8f // indirect
-	github.com/IBM/idemix/bccsp/schemes/aries v0.0.0-20231107110234-4cf31dd43660 // indirect
-	github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20231107110234-4cf31dd43660 // indirect
-	github.com/IBM/idemix/bccsp/types v0.0.0-20231107110234-4cf31dd43660 // indirect
-	github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da // indirect
 	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bits-and-blooms/bitset v1.7.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cloudflare/cfssl v1.4.1 // indirect
-	github.com/consensys/bavard v0.1.13 // indirect
-	github.com/consensys/gnark-crypto v0.12.1 // indirect
 	github.com/containerd/containerd v1.7.13 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -85,6 +77,7 @@ require (
 	github.com/google/certificate-transparency-go v1.0.21 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 // indirect
@@ -93,14 +86,12 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/joho/godotenv v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kilic/bls12-381 v0.1.0 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
-	github.com/mmcloughlin/addchain v0.4.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
@@ -145,5 +136,4 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.5.1 // indirect
-	rsc.io/tmplfunc v0.0.3 // indirect
 )

samples/chaincode/confidential-escrow/.env.alice

@@ -0,0 +1,15 @@
+export CC_ID=confidential-escrow
+export CHANNEL_NAME=mychannel
+export CORE_PEER_ADDRESS=localhost:7051
+export CORE_PEER_ID=peer0.org1.example.com
+export CORE_PEER_ORG_NAME=org1
+export CORE_PEER_LOCALMSPID=Org1MSP
+export CORE_PEER_MSPCONFIGPATH=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
+export CORE_PEER_TLS_CERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
+export CORE_PEER_TLS_ENABLED="true"
+export CORE_PEER_TLS_KEY_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
+export CORE_PEER_TLS_ROOTCERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
+export ORDERER_CA=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
+export GATEWAY_CONFIG=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/connection-org1.yaml
+export FPC_ENABLED=true
+export RUN_CCAAS=true

samples/chaincode/confidential-escrow/.env.bob

@@ -0,0 +1,16 @@
+export CC_ID=confidential-escrow
+export CHANNEL_NAME=mychannel
+export CORE_PEER_ADDRESS=localhost:9051
+export CORE_PEER_ID=peer0.org2.example.com
+export CORE_PEER_ORG_NAME=org2
+export CORE_PEER_LOCALMSPID=Org2MSP
+export CORE_PEER_MSPCONFIGPATH=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
+export CORE_PEER_TLS_CERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
+export CORE_PEER_TLS_ENABLED="true"
+export CORE_PEER_TLS_KEY_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
+export CORE_PEER_TLS_ROOTCERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
+export ORDERER_CA=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
+export GATEWAY_CONFIG=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org2.example.com/connection-org2.yaml
+export FPC_ENABLED=true
+export RUN_CCAAS=true
+

samples/chaincode/confidential-escrow/.env.example

@@ -0,0 +1,15 @@
+export CC_ID=confidential-escrow
+export CHANNEL_NAME=mychannel
+export CORE_PEER_ADDRESS=localhost:7051
+export CORE_PEER_ID=peer0.org1.example.com
+export CORE_PEER_ORG_NAME=org1
+export CORE_PEER_LOCALMSPID=Org1MSP
+export CORE_PEER_MSPCONFIGPATH=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
+export CORE_PEER_TLS_CERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
+export CORE_PEER_TLS_ENABLED="true"
+export CORE_PEER_TLS_KEY_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
+export CORE_PEER_TLS_ROOTCERT_FILE=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
+export ORDERER_CA=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
+export GATEWAY_CONFIG=$FPC_PATH/samples/deployment/test-network/fabric-samples/test-network/organizations/peerOrganizations/org1.example.com/connection-org1.yaml
+export FPC_ENABLED=true
+export RUN_CCAAS=true

samples/chaincode/confidential-escrow/.gitignore

@@ -0,0 +1,10 @@
+ecc
+ecc-bundle
+enclave.json
+private.pem
+public.pem
+mrenclave
+details.env
+
+.env
+*.bak

samples/chaincode/confidential-escrow/Makefile

@@ -0,0 +1,7 @@
+TOP = ../../..
+include $(TOP)/ecc_go/build.mk
+
+CC_NAME ?= confidential-escrow
+
+EGO_CONFIG_FILE = $(FPC_PATH)/samples/chaincode/confidential-escrow/confidentialEscrowEnclave.json
+ECC_MAIN_FILES=$(FPC_PATH)/samples/chaincode/confidential-escrow

samples/chaincode/confidential-escrow/README.md

@@ -0,0 +1,141 @@
+# Confidential Escrow Chaincode
+
+A privacy-preserving escrow system built on Hyperledger Fabric Private Chaincode (FPC) that enables secure digital asset management with programmable conditional payments.
+
+## Overview
+
+This chaincode implements a confidential escrow mechanism for digital assets, combining:
+
+- **Privacy-Preserving Transactions**: All transaction data is encrypted within Intel SGX enclaves
+- **Programmable Escrow Contracts**: Automated conditional fund releases based on cryptographic verification
+- **Multi-Asset Support**: Manage multiple token types within individual wallets
+- **Certificate-Based Authorization**: Fine-grained access control using X.509 certificate hashes
+
+## Architecture
+
+### Core Components
+
+**Assets**
+
+- `DigitalAsset`: Fungible tokens with controlled supply (CBDC, stablecoins, etc.)
+- `Wallet`: User accounts supporting multiple asset types with separate available and escrowed balances
+- `Escrow`: Smart contracts holding funds pending condition fulfillment
+- `UserDirectory`: Privacy-preserving public key to wallet UUID mapping
+
+**Transaction Operations**
+
+- Asset lifecycle: Create, mint, transfer, burn
+- Wallet management: Create wallets, query balances
+- Escrow workflow: Lock funds, verify conditions, release or refund
+
+## Project Structure
+
+```
+confidential-escrow/
+├── chaincode/
+│   ├── assets/           # Asset type definitions
+│   ├── transactions/     # Transaction handlers
+│   ├── header/           # Chaincode metadata
+│   ├── escrow.go         # Main chaincode implementation
+│   ├── server.go         # CCaaS server setup
+│   └── setup.go          # Component registration
+├── main.go               # Entry point
+├── main.sh               # Deployment and test automation
+└── README.md             # This file
+```
+
+### Security Model
+
+1. **Access Control**: All operations require valid certificate hash verification
+2. **Atomic Escrow**: Funds move from available to escrowed balance during lock, preventing double-spending
+3. **Condition Verification**: SHA-256 hash of `(secret + parcelId)` ensures only authorized parties can release funds
+4. **Confidential Execution**: FPC ensures transaction details remain private within SGX enclaves
+
+## Running Procedure
+
+### Prerequisites
+
+- FPC is properly set up and built
+- `multi_user_dashboard.sh ` script is placed in the chaincode directory
+- `.env.alice` and `.env.bob` file is present
+
+### Setup Files
+
+**1. Set FPC_PATH:**
+
+```bash
+export FPC_PATH=/project/src/github.com/hyperledger/fabric-private-chaincode
+```
+
+### Running Procedure
+
+#### 1. In 1st terminal window - Setup and Deploy
+
+```bash
+# Get inside dev env
+make -C $FPC_PATH/utils/docker run-dev
+cd samples/chaincode/confidential-escrow
+
+# Interactive menu
+./multi_user_dashboard.sh
+
+# Choose Option 1. or 2. as per your setup condn
+```
+
+#### 2. In 2nd terminal window - Docker Environment (`Alice`)
+
+```bash
+# Enter docker container
+docker exec -it fpc-development-main /bin/bash
+cd samples/chaincode/confidential-escrow
+
+# Interactive menu
+./multi_user_dashboard.sh
+
+# Setup Alice using Option 3.
+```
+
+#### 3. In 3rd terminal window - Docker Environment (`Bob`)
+
+```bash
+# Enter docker container
+docker exec -it fpc-development-main /bin/bash
+cd samples/chaincode/confidential-escrow
+
+# Interactive menu
+./multi_user_dashboard.sh
+
+# Setup Bob using Option 4.
+```
+
+#### 4. In 3rd terminal window - Docker Environment (`Monitor`)
+
+```bash
+# Enter docker container
+docker exec -it fpc-development-main /bin/bash
+cd samples/chaincode/confidential-escrow
+
+# Interactive menu
+./multi_user_dashboard.sh
+
+# Setup Bob using Option 5.
+```
+
+#### 5. Run Tests
+
+```bash
+# Run all basic tests
+./multi_user_dashboard.sh
+
+# Chosing Option 7.
+```
+
+## Contributing
+
+When adding new features:
+
+1. Define asset types in `chaincode/assets/`
+2. Implement transaction logic in `chaincode/transactions/`
+3. Register new components in `chaincode/setup.go`
+4. Add test cases to `main.sh`
+5. Update this README with usage examples

samples/chaincode/confidential-escrow/chaincode/assets/digital_asset.go

@@ -0,0 +1,62 @@
+package assets
+
+import (
+	"github.com/hyperledger-labs/cc-tools/assets"
+)
+
+// DigitalAssetToken defines the asset type for fungible digital tokens.
+// This represents confidential digital currencies such as Central Bank Digital Currencies (CBDC)
+// or tokenized assets. Each token type has a fixed supply controlled by the issuer.
+//
+// Security: The issuerHash ensures only authorized entities can mint/burn tokens.
+var DigitalAssetToken = assets.AssetType{
+	Tag:         "digitalAsset",
+	Label:       "Digital Asset Token",
+	Description: "Confidential digital currency token (e.g., CBDC)",
+
+	Props: []assets.AssetProp{
+		{
+			Tag:      "name",
+			Label:    "Token Name",
+			DataType: "string",
+			Required: true,
+		},
+		{
+			Tag:      "symbol",
+			Label:    "Token Symbol",
+			DataType: "string",
+			Required: true,
+			IsKey:    true,
+		},
+		{
+			Tag:      "decimals",
+			Label:    "Decimal Places",
+			DataType: "number",
+			Required: true,
+		},
+		{
+			Tag:      "totalSupply",
+			Label:    "Total Supply",
+			DataType: "number",
+			Required: true,
+		},
+		{
+			Tag:      "issuerHash",
+			Label:    "Issuer Certificate Hash",
+			DataType: "string",
+			Required: true,
+		},
+		{
+			Tag:      "owner",
+			Label:    "Owner Identity",
+			DataType: "string",
+			Required: true,
+		},
+		{
+			Tag:      "issuedAt",
+			Label:    "Issued At",
+			DataType: "datetime",
+			Required: false,
+		},
+	},
+}