Skip to content

Commit

Permalink
SEV-SNP: Make UVM endorsements SVN an arbitrary string (#5620)
Browse files Browse the repository at this point in the history
  • Loading branch information
jumaffre authored Sep 5, 2023
1 parent 2fbf878 commit c49ca85
Show file tree
Hide file tree
Showing 9 changed files with 14 additions and 16 deletions.
2 changes: 1 addition & 1 deletion .snpcc_canary
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
___ ___ ___
(. =) Y (9 3) (* *) Y
(. =) Y (0 0) (* *) Y
O \ . | /
/-xXx--//-----x=x--/-xXx--/---x---->xxxx
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Updated `fmt` library from `9.1.0` to `10.1.1`.
- Updated QCBOR from `1.1` to `1.2`.
- Updated `nghttp2` from `1.51.0` to `1.55.1`.
- Converted SNP attestation UVM endorsements from integer to arbitrary string.

## [5.0.0-dev1]

Expand Down
4 changes: 2 additions & 2 deletions doc/schemas/gov_openapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -1156,7 +1156,7 @@
"UVMEndorsementsData": {
"properties": {
"svn": {
"$ref": "#/components/schemas/uint64"
"$ref": "#/components/schemas/string"
}
},
"required": [
Expand Down Expand Up @@ -1283,7 +1283,7 @@
"info": {
"description": "This API is used to submit and query proposals which affect CCF's public governance tables.",
"title": "CCF Governance API",
"version": "4.1.2"
"version": "4.1.3"
},
"openapi": "3.0.0",
"paths": {
Expand Down
2 changes: 1 addition & 1 deletion include/ccf/service/tables/uvm_endorsements.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ namespace ccf
{
struct UVMEndorsementsData
{
size_t svn;
std::string svn;

bool operator==(const UVMEndorsementsData&) const = default;
};
Expand Down
3 changes: 1 addition & 2 deletions samples/constitutions/default/actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -1006,8 +1006,7 @@ const actions = new Map([
function (args) {
checkType(args.did, "string", "did");
checkType(args.feed, "string", "feed");
checkType(args.svn, "integer", "svn");
checkBounds(args.svn, 0, null, "svn");
checkType(args.svn, "string", "svn");
},
function (args, proposalId) {
let uvmEndorsementsForDID = ccf.kv[
Expand Down
4 changes: 1 addition & 3 deletions src/node/quote.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,7 @@ namespace ccf
if (uvm_endorsements_data.did == did)
{
auto search = value.find(uvm_endorsements_data.feed);
if (
search != value.end() &&
uvm_endorsements_data.svn >= search->second.svn)
if (search != value.end())
{
match = true;
return false;
Expand Down
2 changes: 1 addition & 1 deletion src/node/rpc/member_frontend.h
Original file line number Diff line number Diff line change
Expand Up @@ -573,7 +573,7 @@ namespace ccf
openapi_info.description =
"This API is used to submit and query proposals which affect CCF's "
"public governance tables.";
openapi_info.document_version = "4.1.2";
openapi_info.document_version = "4.1.3";
}

static std::optional<MemberId> get_caller_member_id(
Expand Down
4 changes: 2 additions & 2 deletions src/node/uvm_endorsements.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ namespace ccf
{
DID did;
Feed feed;
size_t svn;
std::string svn;

bool operator==(const UVMEndorsements&) const = default;
};
Expand Down Expand Up @@ -311,6 +311,6 @@ namespace ccf
phdr.feed,
payload.sevsnpvm_guest_svn);

return {did, phdr.feed, std::stoul(payload.sevsnpvm_guest_svn)};
return {did, phdr.feed, payload.sevsnpvm_guest_svn};
}
}
8 changes: 4 additions & 4 deletions tests/code_update.py
Original file line number Diff line number Diff line change
Expand Up @@ -109,17 +109,17 @@ def get_trusted_uvm_endorsements(node):
assert len(value) == 2
assert value[new_feed]["svn"] == svn

LOG.debug("Bump SVN for new feed")
bumped_svn = svn + 1
LOG.debug("Change SVN for new feed")
new_svn = f"{svn}_2"
network.consortium.add_snp_uvm_endorsement(
primary, did=did, feed=new_feed, svn=bumped_svn
primary, did=did, feed=new_feed, svn=new_svn
)
uvm_endorsements = get_trusted_uvm_endorsements(primary)
assert (
len(uvm_endorsements) == 1
), f"Expected one UVM endorsement, {uvm_endorsements}"
did, value = next(iter(uvm_endorsements.items()))
assert value[new_feed]["svn"] == bumped_svn
assert value[new_feed]["svn"] == new_svn

LOG.debug("Add new DID")
new_did = "did:x509:newdid"
Expand Down

0 comments on commit c49ca85

Please sign in to comment.