microsoft
/
CCF
зеркало из https://github.com/microsoft/CCF.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 168 коммитов 10 Ветки 297 Теги 836 MiB
Граф коммитов

335 Коммитов

Автор SHA1 Сообщение Дата
Eddy Ashton 4c64932ec8
Fix typo, referring to wrong const (#6200) 2024-05-22 12:20:52 +01:00
Amaury Chamayou 5bbf9c1171
Define and use constructors for COSE identities (#6171) 2024-05-08 12:50:28 +01:00
Amaury Chamayou 2d45a6489f
Fix value narrowing in comparisons (#6170) 2024-05-08 12:50:12 +01:00
Eddy Ashton 5f2f77c615
Towards a reusable public-header JS interpreter (#6155) 
Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>
 2024-04-30 14:28:20 +00:00
Amaury Chamayou c6815f30d0
ETag demo in logging sample (#6110) 2024-04-17 07:48:38 +00:00
Eddy Ashton dac39e3c56
Make Accepted proposal details visible to constitution's `apply()` (#6114) 2024-04-17 07:41:58 +01:00
Eddy Ashton 9b92d7db27
JS redirections (#6109) 2024-04-12 13:30:34 +01:00
Eddy Ashton c1f8bd2d61
Remove unused `ProposalInfoDetails` type (#6112) 2024-04-09 11:55:04 +01:00
Eddy Ashton f29a0c8ec9
Add `AllOf` authentication policy (#6102) 2024-04-03 13:16:55 +01:00
Eddy Ashton 9a0b25a013
Redirection support, as alternative to request forwarding (#6050) 2024-03-25 14:47:03 +00:00
Amaury Chamayou 68d5937e39
Service cert subject name is configurable (#5993) 2024-03-18 17:59:32 +00:00
Amaury Chamayou 7aea8e9175
Add get_create_tx_claims_digest to the research API (#6061) 2024-03-13 17:03:59 +00:00
Amaury Chamayou 78a64caa1e
Improvements to secret sharing following review (#6005) 2024-02-12 11:27:01 +00:00
Eddy Ashton 38b054853b
Add `contains_globally_committed` to `kv::Set` (#5928) 2024-01-15 17:19:29 +00:00
Amaury Chamayou 2faaec358d
Remove now-unused security_context_directory (#5868) 2023-12-19 13:30:59 +00:00
Amaury Chamayou bf36385bf8
Remove get_rpc_handler declaration (#5874) 2023-12-19 10:31:31 +00:00
Amaury Chamayou 2ea38678f2
Remove ccf::historical::adapter_v2 (#5873) 2023-12-19 10:20:49 +00:00
Amaury Chamayou 3c5168d9bc
Remove deprecated EnclaveAttestationProvider (#5872) 2023-12-19 10:15:43 +00:00
Amaury Chamayou 7b3f22fb62
Pin UVM roots of trust and add snp_uvm_endorsements_file to configuration (#5867) 2023-12-15 16:12:43 +00:00
Amaury Chamayou ccc9c3170d
Add snp_security_policy_file to configuration (#5865) 2023-12-13 10:37:14 +00:00
Amaury Chamayou 98091b5ce5
Resolve env vars in SNP endorsements (#5862) 2023-12-12 11:36:27 +00:00
Amaury Chamayou 5c11f4778d
Allow explicit port in SNP endorsements config (#5858) 2023-12-08 10:50:25 +00:00
Amaury Chamayou 71194e42a0
Add support for THIM as a source of collateral (#5854) 2023-12-06 16:55:12 +00:00
Amaury Chamayou 1b9be61c81
Add support for SEV attestion in 6.x kernels (#5848) 2023-12-04 11:55:33 +00:00
Amaury Chamayou 3882284f14
Allow creating x25519 key pairs from JS (#5846) 2023-11-28 17:23:47 +00:00
Amaury Chamayou d0f79627c7
Do not enforce default parsing limits on forwarded traffic (#5803) 2023-11-01 14:17:38 +00:00
Eddy Ashton 8f7afdb164
Don't store temporary pointers in JSValues (#5740) 2023-11-01 09:54:29 +00:00
Eddy Ashton e73cf2f4cf
Use new governance API throughout our infra (#5698) 2023-10-04 15:43:32 +01:00
Amaury Chamayou d1d9d8eb05
Add basic backpressure mechanism if primary has too many in-flight transactions (#5692) 2023-09-28 17:28:49 +01:00
Dominic Ayre b1fa955287
Fix out of bounds copy in SNP attestation report req (#5693) 2023-09-28 13:01:18 +01:00
Eddy Ashton 88cb1eaecc
Implement Azure-compliant governance interface (#5660) 2023-09-27 13:58:04 +01:00
Dominic Ayre 6e7caf0098
Expose SNP Attestation validation in TS (#5653) 2023-09-26 08:39:56 +01:00
Amaury Chamayou d224a32ecc
Replace Secret Sharing implementation (#5655) 2023-09-21 16:30:49 +01:00
Julien Maffre c49ca859c6
SEV-SNP: Make UVM endorsements SVN an arbitrary string (#5620) 2023-09-05 18:26:01 +01:00
Julien Maffre 25b6efc252
Update `llhttp` from `6.0.9` to `9.0.1` (#5607) 2023-09-04 12:39:07 +00:00
Julien Maffre a9a979813e
Update `fmt` library from `9.1.0` to `10.1.1` (#5605) 2023-09-04 10:41:37 +00:00
Eddy Ashton a0dfdfdf7b
Allow JS interpreters (and global state) to be reused (#5564) 2023-08-25 15:06:30 +01:00
Julien Maffre 440621635c
Fix SNP reconfiguration test error (#5577) 2023-08-23 11:22:30 +01:00
Julien Maffre 054356bb08
JWT auth: cache verifiers (#5575) 2023-08-21 19:29:47 +01:00
Amaury Chamayou 03de8d2efd
Use endpoint path in statistics (#5543) 2023-08-17 08:21:54 +01:00
Amaury Chamayou 97cda1351e
Add follow_redirect option for Join (#5524) 2023-08-09 17:04:00 +01:00
Eddy Ashton 62921134e0
Fix `channels_test` (#5433) 2023-07-10 17:57:14 +01:00
Eddy Ashton cd33041505
Permit Trace+Debug logging in all non-SGX builds (#5375) 2023-07-07 15:13:51 +01:00
Amaury Chamayou 84277950b4
Fix unsafe inline assembly usage (#5408) 2023-07-04 08:27:41 +01:00
Amaury Chamayou 9982a21c01
Update TypeScript to expose COSE authentication policies (#5403) 2023-06-29 11:19:55 +01:00
Julien Maffre 623bf162d4
Update OpenSSL SHA digest API (#5336) 2023-06-12 11:23:19 +01:00
Christoph M. Wintersteiger f9b8325c5f
Research API: custom protocol improvements (#5302) 2023-05-24 17:32:47 +01:00
Christoph M. Wintersteiger 78bfb14b1b
Experimental: support for custom protocols (#5274) 2023-05-22 19:51:27 +01:00
Amaury Chamayou c0fd950b12
User cose sign1 (#5248) 2023-05-12 15:32:15 +01:00
Eddy Ashton 8e780c24b4
Add `populate_service_endorsements` to public headers (#5242) 2023-05-05 14:16:14 +01:00
Amaury Chamayou 084a4fd4d6
JS runtime traces in responses (#5237) 2023-05-05 10:50:47 +01:00
Amaury Chamayou a5958f2793
Make consensus type optional in join and ledger types (#5232) 2023-05-02 11:03:49 +01:00
Julien Maffre 6c8937eefb
SEV-SNP: Remove ability to read policy and endorsements from distinct environment variables (#5217) 2023-04-28 11:01:12 +00:00
Amaury Chamayou 4c6ebeebc4
Raft tracing (#5201) 2023-04-26 13:04:04 +01:00
Amaury Chamayou d71d0a8a53
Remove unused membership states (#5207) 2023-04-25 18:42:38 +01:00
Amaury Chamayou 35cb1ae6b2
Make kid more clearly mandatory in COSE headers (#5199) 2023-04-25 16:35:25 +00:00
Julien Maffre 482fd30919
SNP: add support to read UVM security context from files rather than environment (#5175) 2023-04-21 15:53:26 +01:00
Markus Alexander Kuppe c2208dc6ee
Validate several happy-path scenarios in `tests/raft_scenarios/`. (#5187) 2023-04-19 19:28:00 +01:00
Amaury Chamayou 5b1c504cdb
Remove signed HTTP request support (#5137) 2023-04-19 11:47:44 +01:00
Amaury Chamayou 7dd5e9a809
Remove unused re-sharing logic (#5174) 2023-04-13 17:25:34 +01:00
Takuro Sato 274683ff46
Fix TSAN warnings in indexing_test (#5149) 2023-04-03 11:41:05 +01:00
Eddy Ashton efa475f99e
Capped queue for node-to-node forwarding, and live key exchange (#4986) 2023-03-23 14:48:54 +00:00
Amaury Chamayou 159f9b1dbc
Clear headers on error during handler execution (#5122) 2023-03-20 19:18:12 +00:00
Takuro Sato 714feaf7b1
Suppress ASAN errors (#5089) 2023-03-10 08:55:59 +00:00
Eddy Ashton 6eb3137723
Add `/gov/kv/endpoints` endpoint to access JS endpoint metadata (#5068) 2023-03-03 10:06:07 +00:00
Christoph M. Wintersteiger 84288d7659
Add configuration option for the timeout of forwarded RPC calls (#5066) 
Co-authored-by: Amaury Chamayou <amaury@xargs.fr>
 2023-03-01 13:05:18 +00:00
Paul Liétar 946112884f
Add support for host process stdio. (#5056) 2023-02-28 22:12:28 +00:00
Julien Maffre 23dfa31620
SEV-SNP: support for multiple measurement types on same node (#5063) 2023-02-28 21:34:27 +00:00
Eddy Ashton 8168ce9282
Add a builtin endpoint describing installed indexing strategies (#5061) 2023-02-27 10:19:22 +00:00
Julien Maffre 48ca1e2bfc
SEV-SNP ACI: Store and cross-verify UVM endorsements (#5022) 2023-02-22 10:38:33 +00:00
Mahati Chamarthy 4fee345d85
Multi-container: Index improvements (#4978) 2023-02-20 20:36:32 +00:00
Christoph M. Wintersteiger f36f37fe1b
Add option to use node client certificates to ACME HTTP interface (#4974) 
Co-authored-by: Amaury Chamayou <amaury@xargs.fr>
 2023-02-20 16:01:51 +00:00
Julien Maffre 572964a84c
SEV-SNP: Tighten attestation verification (#5024) 2023-02-20 10:29:24 +00:00
Amaury Chamayou d13233667e
Improve error messages in COSE Sign Auth policies (#5019) 2023-02-17 09:59:22 +00:00
Julien Maffre e02dbdeaee
SEV-SNP ACI: Verify UVM endorsements (#4915) 2023-02-14 17:27:42 +00:00
Takuro Sato eac45b5c4c
Change static variables accessed concurrently to thread_local (#4980) 2023-02-09 15:27:25 +00:00
Julien Maffre 7801b5de1c
SEV-SNP ACI: Retrieve attestation report endorsements from environment (#4940) 2023-02-07 15:36:18 +00:00
Mahati Chamarthy 2d7382a50b
Remove duplicate governance endpoints (#4941) 
Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>
 2023-02-07 14:21:46 +00:00
Eddy Ashton 4790a6a879
Fixes for thread ID assignment (#4952) 2023-02-06 09:13:05 +00:00
Paul Liétar feffb205c5
Allow applications to add .well-known endpoints. (#4949) 
The ACME frontend was binding to the entire `.well-known` directory,
intercepting any requests make to it, including to paths outside of the
particular `acme-challenge` sub-directory.

This was preventing applications from handling any paths inside the
`.well-known`, which may be necessary to implement certain protocols,
such as did:web.

The code to extract the actor name from an incoming request is special
cased for the .well-known directory, in which case it will include the
second path component in the actor's name. THe ACME frontend's actor is
now the full `.well-known/acme-challenge`.

We did consider implementing this by instead moving the ACME endpoints
into the CommonEndpointRegistry, indirectly making them part of the
application frontend, and removing the .well-known actor. Unfortunately
this would make the endpoints accessible only once the application
frontend has been opened, which would prevent a service from obtaining
an ACME certificate early in its lifecycle.
 2023-02-03 12:17:31 +00:00
Eddy Ashton 7f8615e0b7
Simplify assignment of thread IDs (#4900) 2023-01-31 13:36:54 +00:00
Christoph M. Wintersteiger f925b2d3fe
Add SANs to ACME client (#4910) 2023-01-30 12:10:22 +00:00
Julien Maffre 3e17ebcfee
Setup environment variables for ACI (#4888) 2023-01-27 10:41:40 +00:00
Amaury Chamayou 86c6d2d931
Add ccf gov msg created at (#4823) 2023-01-24 11:37:22 +00:00
Julien Maffre a5ccb03e35
Add JWK to PEM converters (#4876) 2023-01-24 09:40:43 +00:00
Christoph M. Wintersteiger 8f191cec9c
Add support for external service CSRs in ACME client (#4856) 2023-01-17 16:28:32 +00:00
Takuro Sato 139121a46d
Use p1363 encoding for sign() JS API with ECDSA (#4829) 2023-01-12 22:05:47 +00:00
Eddy Ashton 5d7d81a646
Check validity times in default auth policies (#4786) 2023-01-12 13:18:58 +00:00
Julien Maffre 5e0d4f34bf
Automatically return gRPC errors for framework-level errors (#4813) 2023-01-10 16:15:03 +00:00
Julien Maffre 24d5e88dbf
HTTP/2: Further configuration options (#4790) 2023-01-03 15:43:25 +00:00
Julien Maffre f60b35c706
HTTP/2: return error for to-be-forwarded requests (#4787) 2022-12-22 15:21:27 +00:00
Julien Maffre 1f5e00ea92
HTTP/2: support for configuration and error reporting (#4779) 2022-12-22 10:37:11 +00:00
Eddy Ashton 0b92c31503
Multi-Container: Use detached streams to send user requests directly to executors, rather than queuing (#4780) 2022-12-22 09:49:52 +00:00
Julien Maffre 16a5defab0
Fix issues with snapshot generation for CHAMP (#4730) 2022-12-14 17:30:24 +00:00
Eddy Ashton 1ebcd07839
Remove unintended time checks from node-to-node validation (#4733) 2022-12-13 16:28:22 +00:00
Julien Maffre a2fed9a30a
gRPC server streaming on close callback (#4713) 2022-12-13 12:04:49 +00:00
Julien Maffre a55efd25d5
Fix compilation error with undefined variables in SNP builds (#4704) 2022-12-09 13:07:56 +00:00
Julien Maffre e638c5edca
Allow for SEV-SNP attestation report verification on non SEV-SNP platforms (#4679) 2022-12-06 22:49:42 +00:00
Julien Maffre 03e6f50032
gRPC server streaming (#4537) 2022-12-06 09:26:53 +00:00
Amaury Chamayou 65e36e917a
Add summary and description to openapi (#4654) 2022-12-06 08:50:24 +00:00