Skip to content

Commit 4e94df5

Browse files
CopiloteddyashtonCopilot
authored
Add multiple verification levels to read_ledger.py (#7674)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com> Co-authored-by: Eddy Ashton <edashton@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent d532ab4 commit 4e94df5

5 files changed

Lines changed: 384 additions & 102 deletions

File tree

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
1414
- `GET` and `HEAD` `/node/ledger-chunk?since={seqno}` and `/node/ledger-chunk/{chunk_name}` endpoints, gated by the `LedgerChunkDownload` RPC interface operator feature. See [documentation](https://microsoft.github.io/CCF/main/operations/ledger_snapshot.html#download-endpoints) for more detail.
1515
- `GET` and `HEAD` `/node/ledger-chunk/{chunk_name}` and `/node/snapshot/{snapshot_name}` now support the `Want-Repr-Digest` request header and return the `Repr-Digest` response header accordingly (RFC 9530). Supported algorithms are `sha-256`, `sha-384`, and `sha-512`. If no supported algorithm is requested, the server defaults to `sha-256` (#7650).
1616
- `ETag` and `If-None-Match` support on `GET /node/ledger-chunk/{chunk_name}`, using SHA-256 by default for the `ETag` response header. Clients can supply `If-None-Match` with `sha-256`, `sha-384`, or `sha-512` digest ETags to avoid re-downloading unchanged content (#7652).
17+
- `read_ledger.py` now supports multiple verification levels via the `--verification-level` option (NONE, OFFSETS, HEADERS, MERKLE, FULL), allowing users to trade off between computation cost and security guarantees. The default remains FULL verification for backward compatibility. The `--insecure-skip-verification` flag is deprecated in favor of `--verification-level=NONE`.
1718

1819
### Changed
1920

doc/audit/python_library.rst

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,31 @@ The ``read_ledger.py`` command line utility can be used to parse, verify the int
7979
8080
By default, non-committed ledger files are ignored, unless the ``--uncommitted`` command line argument is specified.
8181
82+
Verification Levels
83+
~~~~~~~~~~~~~~~~~~~
84+
85+
The ``read_ledger.py`` utility supports multiple verification levels via the ``--verification-level`` option, allowing you to trade off between computation cost and security guarantees:
86+
87+
- ``NONE``: No verification, just parse the ledger structure. Use this for quickly reading individual ledger chunks or when integrity is not a concern.
88+
- ``OFFSETS``: Validate that the offset table is consistent and points to valid transaction boundaries.
89+
- ``HEADERS``: Validate transaction headers (size, version, and flags are valid values).
90+
- ``MERKLE``: Validate merkle tree consistency by checking that each signature's merkle root matches the computed tree (trusts the first signature).
91+
- ``FULL`` (default): Full cryptographic verification including signature validation and node certificate checks.
92+
93+
.. code-block:: bash
94+
95+
# Parse a single ledger chunk without verification
96+
$ read_ledger.py /path/to/ledger/chunk --verification-level=NONE
97+
98+
# Validate structure but skip expensive cryptographic operations
99+
$ read_ledger.py /path/to/ledger/dir --verification-level=HEADERS
100+
101+
# Full verification (default)
102+
$ read_ledger.py /path/to/ledger/dir --verification-level=FULL
103+
104+
.. note::
105+
The ``--insecure-skip-verification`` flag is deprecated. Use ``--verification-level=NONE`` instead.
106+
82107
Alternatively, ``read_ledger.py`` can parse the content of a snapshot file:
83108
84109
.. code-block:: bash
@@ -141,6 +166,10 @@ As with ``read_ledger.py``, non-committed ledger files are ignored, unless the `
141166
API
142167
---
143168
169+
.. autoclass:: ccf.ledger.VerificationLevel
170+
:members:
171+
:undoc-members:
172+
144173
.. autoclass:: ccf.ledger.Ledger
145174
:members:
146175

0 commit comments

Comments
 (0)