SEV-SNP: Make UVM endorsements SVN an arbitrary string (#5620)

.snpcc_canary

@@ -1,4 +1,4 @@
   ___         ___    ___
- (. =)     Y (9 3)  (* *)    Y
+ (. =)     Y (0 0)  (* *)    Y
    O     \     .      |    /
 /-xXx--//-----x=x--/-xXx--/---x---->xxxx

CHANGELOG.md

@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Updated `fmt` library from `9.1.0` to `10.1.1`.
 - Updated QCBOR from `1.1` to `1.2`.
 - Updated `nghttp2` from `1.51.0` to `1.55.1`.
+- Converted SNP attestation UVM endorsements from integer to arbitrary string.
 
 ## [5.0.0-dev1]
 

doc/schemas/gov_openapi.json

@@ -1156,7 +1156,7 @@
       "UVMEndorsementsData": {
         "properties": {
           "svn": {
-            "$ref": "#/components/schemas/uint64"
+            "$ref": "#/components/schemas/string"
           }
         },
         "required": [
@@ -1283,7 +1283,7 @@
   "info": {
     "description": "This API is used to submit and query proposals which affect CCF's public governance tables.",
     "title": "CCF Governance API",
-    "version": "4.1.2"
+    "version": "4.1.3"
   },
   "openapi": "3.0.0",
   "paths": {

include/ccf/service/tables/uvm_endorsements.h

@@ -10,7 +10,7 @@ namespace ccf
 {
   struct UVMEndorsementsData
   {
-    size_t svn;
+    std::string svn;
 
     bool operator==(const UVMEndorsementsData&) const = default;
   };

samples/constitutions/default/actions.js

@@ -1006,8 +1006,7 @@ const actions = new Map([
       function (args) {
         checkType(args.did, "string", "did");
         checkType(args.feed, "string", "feed");
-        checkType(args.svn, "integer", "svn");
-        checkBounds(args.svn, 0, null, "svn");
+        checkType(args.svn, "string", "svn");
       },
       function (args, proposalId) {
         let uvmEndorsementsForDID = ccf.kv[

src/node/quote.cpp

@@ -31,9 +31,7 @@ namespace ccf
       if (uvm_endorsements_data.did == did)
       {
         auto search = value.find(uvm_endorsements_data.feed);
-        if (
-          search != value.end() &&
-          uvm_endorsements_data.svn >= search->second.svn)
+        if (search != value.end())
         {
           match = true;
           return false;

src/node/rpc/member_frontend.h

@@ -573,7 +573,7 @@ namespace ccf
       openapi_info.description =
         "This API is used to submit and query proposals which affect CCF's "
         "public governance tables.";
-      openapi_info.document_version = "4.1.2";
+      openapi_info.document_version = "4.1.3";
     }
 
     static std::optional<MemberId> get_caller_member_id(

src/node/uvm_endorsements.h

@@ -22,7 +22,7 @@ namespace ccf
   {
     DID did;
     Feed feed;
-    size_t svn;
+    std::string svn;
 
     bool operator==(const UVMEndorsements&) const = default;
   };
@@ -311,6 +311,6 @@ namespace ccf
       phdr.feed,
       payload.sevsnpvm_guest_svn);
 
-    return {did, phdr.feed, std::stoul(payload.sevsnpvm_guest_svn)};
+    return {did, phdr.feed, payload.sevsnpvm_guest_svn};
   }
 }

tests/code_update.py

@@ -109,17 +109,17 @@ def test_snp_measurements_tables(network, args):
     assert len(value) == 2
     assert value[new_feed]["svn"] == svn
 
-    LOG.debug("Bump SVN for new feed")
-    bumped_svn = svn + 1
+    LOG.debug("Change SVN for new feed")
+    new_svn = f"{svn}_2"
     network.consortium.add_snp_uvm_endorsement(
-        primary, did=did, feed=new_feed, svn=bumped_svn
+        primary, did=did, feed=new_feed, svn=new_svn
     )
     uvm_endorsements = get_trusted_uvm_endorsements(primary)
     assert (
         len(uvm_endorsements) == 1
     ), f"Expected one UVM endorsement, {uvm_endorsements}"
     did, value = next(iter(uvm_endorsements.items()))
-    assert value[new_feed]["svn"] == bumped_svn
+    assert value[new_feed]["svn"] == new_svn
 
     LOG.debug("Add new DID")
     new_did = "did:x509:newdid"