CDDL schema and tests for COSE endorsements

microsoft / CCF

Confidential Consortium Framework

https://microsoft.github.io/CCF/

Apache License 2.0

782 stars 211 forks source link

CDDL schema and tests for COSE endorsements #6561

Closed maxtropets closed 2 weeks ago

maxtropets commented 4 weeks ago

@maxtropets we should have an endpoint that takes a historical service identity, and returns the chain of endorsements up to the current service, if found, and a clear message otherwise. This will be useful for users who have large amounts of receipts, and want to quickly check/confirm that a new service endorses them.

We also want a CDDL schema of the endorsements, with an automatic test, and Merkle root chaining as discussed.

Originally posted by @achamayou in #6500

Prerequisites

[x] Define COSE endorsement schema
[x] Do we need COSE signature schema too? Define if yes
[x] CDDL schema and test for COSE signature
[x] CDDL schema and test for COSE endorsement

maxtropets commented 3 weeks ago

COSE signature currently

uhdr: nil
phdr: {
  4 (int) -> key digest (tstr)
  395 (int) -> int: VDS
  "iat" (tstr) -> int: issued at, standard (coming in #6565)
  "ccf.txid" (tstr) -> signed transaction id
}
payload: root (bstr) (detached, therefore 'nil' de facto)

achamayou commented 3 weeks ago

To clarify:

Yes, we should should have a CDDL of schema for every bit of CBOR (including COSE) we emit (and ideally every bit of COSE we accept too)
Like our other schemas, this must be validated in automated tests to make sure it does not go out of date

maxtropets commented 3 weeks ago

COSE endorsement currently

uhdr: nil
phdr: {
  "iat" (tstr) -> int: issued at, standard (coming in #6565)
  "ccf.merkle.root" (tstr) -> root (bstr): last signed merkle root of previous epoch
  "ccf.epoch.begin" (tstr) -> tx id (tstr) : signed epoch start
  "ccf.epoch.end" (tstr) -> tx id (tstr) : signed epoch end
}
payload: root (bstr) (attached)

maxtropets commented 3 weeks ago

Proposed schema for cose signature

uhdr: nil
phdr: {
    1 (int) -> signing algorithm (int)
    4 (int) -> key digest (tstr)
    15 (int) -> CWT claims map {
        6 (int) -> IAT (int)
    }
    395 (int) -> int: VDS
    "ccf.v1" (tstr) -> CCF specific claims {
        tx.id (tstr) -> last TxID signed (tstr)
    }
}
payload: root (bstr) (detached, therefore 'nil' de facto)

maxtropets commented 3 weeks ago

Proposed schema for cose endorsement

uhdr: nil
phdr: {
    1 (int) -> signing algorithm (int)
    4 (int) -> key digest (tstr)
    15 (int) -> CWT claims map {
        6 (int) -> IAT (int)
    }
    "ccf.v1" (tstr) -> CCF specific claims map {
        "epoch.begin" (tstr) -> first TX in the endorsed epoch (tstr)
        [optional] "epoch.end" (tstr) -> first TX in the endorsed epoch (tstr)
        [optional] "last.root" (tstr) -> root (bstr)
    }
}
payload: root (bstr) (detached, therefore 'nil' de facto)

achamayou commented 3 weeks ago

Suggest:

"epoch.txid.first" "epoch.txid.last" "epoch.root.last"

"epoch.first.txid" "epoch.last.txid" "epoch.last.root"

not keen on begin/end, because that would typically exclude end.

achamayou commented 3 weeks ago

epoch.first.txid epoch.last.txid epoch.last.root.digest range.last.txid

Where range is the range of transactions that's being signed, and an epoch the full range signed by a given service identity followed by at least one DR.