COSE-only ledgers

Author: maxtropets

doc/host_config_schema/cchost_config.json

@@ -623,6 +623,12 @@
           "type": "string",
           "default": "1000ms",
           "description": "Maximum duration after which a signature transaction is automatically generated"
+        },
+        "mode": {
+          "type": "string",
+          "enum": ["Dual", "COSE"],
+          "default": "Dual",
+          "description": "Ledger signature mode. Dual emits both regular and COSE signatures. COSE emits only COSE signatures."
         }
       },
       "description": "This section includes configuration for the ledger signatures emitted by this node (note: should be the same for all other nodes in the service). Transaction commit latency in a CCF network is primarily a function of signature frequency. A network emitting signatures more frequently will be able to commit transactions faster, but will spend a larger proportion of its execution resources creating and verifying signatures. Setting signature frequency is a trade-off between transaction latency and throughput",

doc/schemas/app_openapi.json

@@ -1692,6 +1692,34 @@
         }
       }
     },
+    "/app/receipt/cose": {
+      "get": {
+        "description": "A COSE Sign1 envelope containing a signed statement from the service over a transaction entry in the ledger, with a Merkle proof in the unprotected header.",
+        "operationId": "GetAppReceiptCose",
+        "parameters": [
+          {
+            "in": "query",
+            "name": "transaction_id",
+            "required": true,
+            "schema": {
+              "$ref": "#/components/schemas/TransactionId"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Default response description"
+          },
+          "default": {
+            "$ref": "#/components/responses/default"
+          }
+        },
+        "summary": "COSE receipt for a transaction",
+        "x-ccf-forwarding": {
+          "$ref": "#/components/x-ccf-forwarding/sometimes"
+        }
+      }
+    },
     "/app/tx": {
       "get": {
         "description": "Possible statuses returned are Unknown, Pending, Committed or Invalid.",

doc/schemas/node_openapi.json

@@ -1683,6 +1683,34 @@
         }
       }
     },
+    "/node/receipt/cose": {
+      "get": {
+        "description": "A COSE Sign1 envelope containing a signed statement from the service over a transaction entry in the ledger, with a Merkle proof in the unprotected header.",
+        "operationId": "GetNodeReceiptCose",
+        "parameters": [
+          {
+            "in": "query",
+            "name": "transaction_id",
+            "required": true,
+            "schema": {
+              "$ref": "#/components/schemas/TransactionId"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Default response description"
+          },
+          "default": {
+            "$ref": "#/components/responses/default"
+          }
+        },
+        "summary": "COSE receipt for a transaction",
+        "x-ccf-forwarding": {
+          "$ref": "#/components/x-ccf-forwarding/sometimes"
+        }
+      }
+    },
     "/node/self_signed_certificate": {
       "get": {
         "operationId": "GetNodeSelfSignedCertificate",

include/ccf/node/startup_config.h

@@ -53,10 +53,17 @@ namespace ccf
     };
     Ledger ledger = {};
 
+    enum class LedgerSignMode
+    {
+      Dual = 0,
+      COSE = 1
+    };
+
     struct LedgerSignatures
     {
       size_t tx_count = 5000;
       ccf::ds::TimeString delay = {"1000ms"};
+      LedgerSignMode mode = LedgerSignMode::Dual;
 
       bool operator==(const LedgerSignatures&) const = default;
     };

python/src/ccf/cose.py

@@ -195,6 +195,8 @@ def verify_receipt(
     """
     Verify a COSE Sign1 receipt as defined in https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs/,
     using the CCF tree algorithm defined in https://datatracker.ietf.org/doc/draft-birkholz-cose-receipts-ccf-profile/
+
+    If claim_digest is None, the claims digest in the leaf is not verified.
     """
     key_pem = key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode(
         "ascii"
@@ -227,7 +229,7 @@ def verify_receipt(
         proof = cbor2.loads(inclusion_proof)
         assert CCF_PROOF_LEAF_LABEL in proof, "Leaf must be present"
         leaf = proof[CCF_PROOF_LEAF_LABEL]
-        if claim_digest != leaf[2]:
+        if claim_digest and claim_digest != leaf[2]:
             raise ValueError(f"Claim digest mismatch: {leaf[2]!r} != {claim_digest!r}")
         accumulator = hashlib.sha256(
             leaf[0] + hashlib.sha256(leaf[1].encode()).digest() + leaf[2]

python/src/ccf/ledger.py

@@ -724,10 +724,15 @@ def add_transaction(self, transaction):
                 else:
                     self.node_certificates[node_id] = endorsed_node_cert
 
-        # This is a merkle root/signature tx if the table exists
-        if SIGNATURE_TX_TABLE_NAME in tables:
+        # This is a merkle root/signature tx if either signature table exists
+        is_signature_tx = (
+            SIGNATURE_TX_TABLE_NAME in tables
+            or COSE_SIGNATURE_TX_TABLE_NAME in tables
+        )
+        if is_signature_tx:
             self.signature_count += 1
 
+        if SIGNATURE_TX_TABLE_NAME in tables:
             if self.verification_level >= VerificationLevel.MERKLE:
                 signature_table = tables[SIGNATURE_TX_TABLE_NAME]
 

samples/config/join_config.json

@@ -42,7 +42,8 @@
   },
   "ledger_signatures": {
     "tx_count": 5000,
-    "delay": "1s"
+    "delay": "1s",
+    "mode": "Dual"
   },
   "jwt": {
     "key_refresh_interval": "30min"

samples/config/recover_config.json

@@ -42,7 +42,8 @@
   },
   "ledger_signatures": {
     "tx_count": 5000,
-    "delay": "1s"
+    "delay": "1s",
+    "mode": "Dual"
   },
   "jwt": {
     "key_refresh_interval": "30min"

samples/config/start_config.json

@@ -71,7 +71,8 @@
   },
   "ledger_signatures": {
     "tx_count": 5000,
-    "delay": "1s"
+    "delay": "1s",
+    "mode": "Dual"
   },
   "jwt": {
     "key_refresh_interval": "30min"

src/common/configuration.h

@@ -67,9 +67,15 @@ namespace ccf
   DECLARE_JSON_OPTIONAL_FIELDS(
     CCFConfig::Ledger, directory, read_only_directories, chunk_size);
 
+  DECLARE_JSON_ENUM(
+    CCFConfig::LedgerSignMode,
+    {{CCFConfig::LedgerSignMode::Dual, "Dual"},
+     {CCFConfig::LedgerSignMode::COSE, "COSE"}});
+
   DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCFConfig::LedgerSignatures);
   DECLARE_JSON_REQUIRED_FIELDS(CCFConfig::LedgerSignatures);
-  DECLARE_JSON_OPTIONAL_FIELDS(CCFConfig::LedgerSignatures, tx_count, delay);
+  DECLARE_JSON_OPTIONAL_FIELDS(
+    CCFConfig::LedgerSignatures, tx_count, delay, mode);
 
   DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(CCFConfig::JWT);
   DECLARE_JSON_REQUIRED_FIELDS(CCFConfig::JWT);