Skip to content

4.0.0-dev4

Pre-release
Pre-release
Compare
Choose a tag to compare
released this 07 Feb 14:26
ccf-4.0.0-dev4
90f566a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changed

  • ccf::RpcContext::set_response() has been renamed to ccf::RpcContext::set_response_json() (#4813).
  • The built-in authentication policies for JWTs and certs will now enforce expiry times, based on the current time received from the host. JWTs must contain "nbf" and "exp" claims, and if those are outside the current time then the request will get an authentication error (#4786).
  • ccf.crypto.sign() previously returned DER-encoded ECDSA signatures and now returns IEEE P1363 encoded signatures, aligning with the behavior of the Web Crypto API and ccf.crypto.verifySignature() (#4829).
  • Proposals authenticated with COSE Sign1 must now contain a ccf.gov.msg.created_at header parameter, set to a positive integer number of seconds since epoch. This timestamp is used to detect potential proposal replay. The ccf_cose_sign1* scripts have been updated accordingly and require a --ccf-gov-msg-created_at.
  • Updated Clang version requirement to >= 10 in cmake.

Added

  • Added ccf.enableUntrustedDateTime to JS API. After calling ccf.enableUntrustedDateTime(true), the Date global object will use the untrusted host time to retrieve the current time.
  • Add new ccf.crypto.jwkToPem, ccf.crypto.pubJwkToPem, ccf.crypto.rsaJwkToPem, ccf.crypto.pubRsaJwkToPem, ccf.crypto.eddsaJwkToPem, ccf.crypto.pubEddsaJwkToPem to JavaScript/TypesScript API to convert EC/RSA/EdDSA keys from PEM to Json Web Key (#4876).
  • Add new constructors to cryptography C++ API to generate EC/RSA/EdDSA keys from Json Web Key (#4876).
Assets 14
Loading