microsoft
diff --git a/‎python/src/ccf/ledger.py‎
Lines changed: 86 additions & 28 deletions b/‎python/src/ccf/ledger.py‎
Lines changed: 86 additions & 28 deletions
diff --git a/‎src/node/cose_common.h‎
Lines changed: 9 additions & 0 deletions b/‎src/node/cose_common.h‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/node/node_state.h‎
Lines changed: 4 additions & 5 deletions b/‎src/node/node_state.h‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎src/node/snapshot_serdes.h‎
Lines changed: 111 additions & 29 deletions b/‎src/node/snapshot_serdes.h‎
Lines changed: 111 additions & 29 deletions
@@ -14,6 +14,7 @@
 
 from cryptography.x509 import load_pem_x509_certificate
 from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.backends import default_backend
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives.asymmetric import utils, ec
 
@@ -44,6 +45,7 @@
 WELL_KNOWN_SINGLETON_TABLE_KEY = bytes(bytearray(8))
 
 SHA256_DIGEST_SIZE = sha256().digest_size
+ENCODED_COSE_SIGN1_TAG = 0xD2
 
 
 class NodeStatus(Enum):
@@ -1020,34 +1022,8 @@ def __init__(self, filename: str):
         if self.is_committed() and not self.is_snapshot_file_1_x():
             receipt_pos = entry_start_pos + self._header.size
             receipt_bytes = _peek_all(self._file, pos=receipt_pos)
-
-            try:
-                receipt = json.loads(receipt_bytes.decode("utf-8"))
-            except json.decoder.JSONDecodeError as e:
-                raise InvalidSnapshotException(
-                    f"Cannot read receipt from snapshot {os.path.basename(self._filename)}: Receipt starts at {receipt_pos} (file is {self._file_size} bytes), and contains {receipt_bytes}"
-                ) from e
-
-            # Receipts included in snapshots always contain leaf components,
-            # including a claims digest and commit evidence, from 2.0.0-rc0 onwards.
-            # This verification code deliberately does not support snapshots
-            # produced by 2.0.0-dev* releases.
-            assert "leaf_components" in receipt
-            write_set_digest = bytes.fromhex(
-                receipt["leaf_components"]["write_set_digest"]
-            )
-            claims_digest = bytes.fromhex(receipt["leaf_components"]["claims_digest"])
-            commit_evidence_digest = sha256(
-                receipt["leaf_components"]["commit_evidence"].encode()
-            ).digest()
-            leaf = (
-                sha256(write_set_digest + commit_evidence_digest + claims_digest)
-                .digest()
-                .hex()
-            )
-            root = ccf.receipt.root(leaf, receipt["proof"])
-            node_cert = load_pem_x509_certificate(receipt["cert"].encode())
-            ccf.receipt.verify(root, receipt["signature"], node_cert)
+            snapshot_digest = sha256(_peek(self._file, receipt_pos, pos=0)).digest()
+            self._verify_snapshot_receipt(receipt_bytes, receipt_pos, snapshot_digest)
 
     def is_committed(self):
         return COMMITTED_FILE_SUFFIX in self._filename
@@ -1061,6 +1037,88 @@ def is_snapshot_file_1_x(self):
     def get_len(self) -> int:
         return self._file_size
 
+    def _verify_snapshot_receipt(
+        self, receipt_bytes: bytes, receipt_pos: int, snapshot_digest: bytes
+    ):
+        if not receipt_bytes:
+            raise InvalidSnapshotException("Empty snapshot receipt")
+
+        first_byte = receipt_bytes[0]
+        if first_byte == ENCODED_COSE_SIGN1_TAG:
+            self._verify_cose_snapshot_receipt(receipt_bytes, snapshot_digest)
+        elif first_byte == ord("{"):
+            self._verify_json_snapshot_receipt(
+                receipt_bytes, receipt_pos, snapshot_digest
+            )
+        else:
+            raise InvalidSnapshotException(
+                f"Invalid snapshot receipt: unrecognised format (first byte: 0x{first_byte:02X})"
+            )
+
+    def _service_public_key(self):
+        service_info_table = (
+            self.get_public_domain().get_tables().get(SERVICE_INFO_TABLE_NAME)
+        )
+        if service_info_table is None:
+            raise InvalidSnapshotException(
+                "Snapshot is missing service info table for COSE receipt verification"
+            )
+
+        service_info = service_info_table.get(WELL_KNOWN_SINGLETON_TABLE_KEY)
+        if service_info is None:
+            raise InvalidSnapshotException(
+                "Snapshot is missing service info for COSE receipt verification"
+            )
+
+        service_info_json = json.loads(service_info)
+        cert = load_pem_x509_certificate(
+            service_info_json["cert"].encode("ascii"), default_backend()
+        )
+        return cert.public_key()
+
+    def _verify_cose_snapshot_receipt(
+        self, receipt_bytes: bytes, snapshot_digest: bytes
+    ):
+        ccf.cose.verify_receipt(
+            receipt_bytes, self._service_public_key(), snapshot_digest
+        )
+
+    def _verify_json_snapshot_receipt(
+        self, receipt_bytes: bytes, receipt_pos: int, snapshot_digest: bytes
+    ):
+        try:
+            receipt = json.loads(receipt_bytes.decode("utf-8"))
+        except json.decoder.JSONDecodeError as e:
+            raise InvalidSnapshotException(
+                f"Cannot read receipt from snapshot {os.path.basename(self._filename)}: Receipt starts at {receipt_pos} (file is {self._file_size} bytes), and contains {receipt_bytes!r}"
+            ) from e
+
+        # Receipts included in snapshots always contain leaf components,
+        # including a claims digest and commit evidence, from 2.0.0-rc0 onwards.
+        # This verification code deliberately does not support snapshots
+        # produced by 2.0.0-dev* releases.
+        assert "leaf_components" in receipt
+        write_set_digest = bytes.fromhex(receipt["leaf_components"]["write_set_digest"])
+        claims_digest = bytes.fromhex(receipt["leaf_components"]["claims_digest"])
+        if snapshot_digest != claims_digest:
+            raise InvalidSnapshotException(
+                f"Snapshot digest ({snapshot_digest.hex()}) does not match receipt claim ({claims_digest.hex()})"
+            )
+
+        commit_evidence_digest = sha256(
+            receipt["leaf_components"]["commit_evidence"].encode()
+        ).digest()
+        leaf = (
+            sha256(write_set_digest + commit_evidence_digest + claims_digest)
+            .digest()
+            .hex()
+        )
+        root = ccf.receipt.root(leaf, receipt["proof"])
+        node_cert = load_pem_x509_certificate(
+            receipt["cert"].encode(), default_backend()
+        )
+        ccf.receipt.verify(root, receipt["signature"], node_cert)
+
 
 class TransactionIterator:
     _positions: list[int]
 
@@ -194,6 +194,7 @@ namespace ccf::cose
   {
     CcfCoseReceiptPhdr phdr;
     std::vector<uint8_t> merkle_root;
+    std::vector<uint8_t> claims_digest;
   };
 
   static std::vector<uint8_t> recompute_merkle_root(const MerkleProof& proof)
@@ -446,6 +447,7 @@ namespace ccf::cose
       }
 
       receipt.merkle_root = recompute_merkle_root(proofs[0]);
+      receipt.claims_digest = proofs[0].leaf.claims_digest;
       for (size_t i = 1; i < proofs.size(); ++i)
       {
         auto root = recompute_merkle_root(proofs[i]);
@@ -454,6 +456,13 @@ namespace ccf::cose
           throw COSEDecodeError(
             "Inconsistent Merkle roots computed from COSE receipt proofs");
         }
+        if (proofs[i].leaf.claims_digest != receipt.claims_digest)
+        {
+          throw COSEDecodeError(fmt::format(
+            "Claims from proofs don't match: {} != {}",
+            ds::to_hex(receipt.claims_digest),
+            ds::to_hex(proofs[i].leaf.claims_digest)));
+        }
       }
     }
 
 
@@ -3038,14 +3038,13 @@ namespace ccf
       // are always written by each signature transaction.
 
       network.tables->set_map_hook(
-        network.signatures.get_name(),
-        Signatures::wrap_map_hook(
+        network.cose_signatures.get_name(),
+        CoseSignatures::wrap_map_hook(
           [s = this->snapshotter](
             ccf::kv::Version version,
-            const Signatures::Write& w) -> ccf::kv::ConsensusHookPtr {
+            const CoseSignatures::Write& w) -> ccf::kv::ConsensusHookPtr {
             assert(w.has_value());
-            auto sig = w.value();
-            s->record_signature(version, sig.sig, sig.node, sig.cert);
+            s->record_cose_signature(version, w.value());
             return {nullptr};
           }));
 
 
@@ -2,12 +2,16 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/cose.h"
+#include "ccf/crypto/cose_verifier.h"
 #include "ccf/historical_queries_adapter.h"
 #include "ccf/service/tables/nodes.h"
+#include "crypto/cose.h"
 #include "ds/internal_logger.h"
 #include "ds/serialized.h"
 #include "kv/kv_types.h"
 #include "kv/serialised_entry_format.h"
+#include "node/cose_common.h"
 #include "node/history.h"
 #include "node/tx_receipt_impl.h"
 
@@ -61,29 +65,47 @@ namespace ccf
     return SnapshotSegments{header_and_body, receipt};
   }
 
-  static void verify_snapshot(
+  static void verify_cose_snapshot_receipt(
     const SnapshotSegments& segments,
-    std::optional<std::vector<uint8_t>> prev_service_identity = std::nullopt)
+    const std::optional<std::vector<uint8_t>>& prev_service_identity)
   {
-    LOG_INFO_FMT(
-      "Deserialising snapshot receipt (size: {}).", segments.receipt.size());
-    constexpr size_t max_printed_size = 1024;
-    if (segments.receipt.size() > max_printed_size)
+    auto receipt = ccf::cose::decode_ccf_receipt(
+      {segments.receipt.begin(), segments.receipt.end()},
+      /* recompute_root */ true);
+
+    auto snapshot_digest = ccf::crypto::Sha256Hash(
+      segments.header_and_body.data(), segments.header_and_body.size());
+    if (
+      receipt.claims_digest.size() != ccf::crypto::Sha256Hash::SIZE ||
+      std::memcmp(
+        snapshot_digest.h.data(),
+        receipt.claims_digest.data(),
+        ccf::crypto::Sha256Hash::SIZE) != 0)
     {
-      LOG_INFO_FMT(
-        "Receipt size ({}) exceeds max printed size ({}), only printing "
-        "first {} bytes",
-        segments.receipt.size(),
-        max_printed_size,
-        max_printed_size);
+      throw std::logic_error(fmt::format(
+        "Snapshot digest ({}) does not match receipt claim ({})",
+        snapshot_digest,
+        ds::to_hex(receipt.claims_digest)));
     }
-    auto printed_size =
-      std::min<size_t>(segments.receipt.size(), max_printed_size);
-    LOG_INFO_FMT(
-      "{}",
-      ds::to_hex(
-        segments.receipt.data(), segments.receipt.data() + printed_size));
 
+    if (prev_service_identity)
+    {
+      auto verifier =
+        ccf::crypto::make_cose_verifier_from_cert(*prev_service_identity);
+      if (!verifier->verify_detached(segments.receipt, receipt.merkle_root))
+      {
+        throw std::logic_error(
+          "Previous service identity does not match the service identity that "
+          "signed the snapshot");
+      }
+      LOG_DEBUG_FMT("Previous service identity matches snapshot signer");
+    }
+  }
+
+  static void verify_json_snapshot_receipt(
+    const SnapshotSegments& segments,
+    const std::optional<std::vector<uint8_t>>& prev_service_identity)
+  {
     auto j =
       nlohmann::json::parse(segments.receipt.begin(), segments.receipt.end());
     auto receipt_p = j.get<ReceiptPtr>();
@@ -106,7 +128,6 @@ namespace ccf
     }
 
     auto root = receipt->calculate_root();
-    auto raw_sig = receipt->signature;
 
     auto v = ccf::crypto::make_unique_verifier(receipt->cert);
     if (!v->verify_hash(
@@ -135,6 +156,54 @@ namespace ccf
     }
   }
 
+  static void verify_snapshot(
+    const SnapshotSegments& segments,
+    std::optional<std::vector<uint8_t>> prev_service_identity = std::nullopt)
+  {
+    LOG_INFO_FMT(
+      "Deserialising snapshot receipt (size: {}).", segments.receipt.size());
+    constexpr size_t max_printed_size = 1024;
+    if (segments.receipt.size() > max_printed_size)
+    {
+      LOG_INFO_FMT(
+        "Receipt size ({}) exceeds max printed size ({}), only printing "
+        "first {} bytes",
+        segments.receipt.size(),
+        max_printed_size,
+        max_printed_size);
+    }
+    auto printed_size =
+      std::min<size_t>(segments.receipt.size(), max_printed_size);
+    LOG_INFO_FMT(
+      "{}",
+      ds::to_hex(
+        segments.receipt.data(), segments.receipt.data() + printed_size));
+
+    if (segments.receipt.empty())
+    {
+      throw std::logic_error("Empty snapshot receipt");
+    }
+
+    auto first_byte = segments.receipt[0];
+    constexpr uint8_t ENCODED_COSE_SIGN1_TAG = 0xD2;
+    if (first_byte == ENCODED_COSE_SIGN1_TAG)
+    {
+      LOG_DEBUG_FMT("Snapshot with COSE receipt detected");
+      verify_cose_snapshot_receipt(segments, prev_service_identity);
+    }
+    else if (first_byte == '{')
+    {
+      LOG_DEBUG_FMT("Snapshot with JSON receipt detected");
+      verify_json_snapshot_receipt(segments, prev_service_identity);
+    }
+    else
+    {
+      throw std::logic_error(fmt::format(
+        "Invalid snapshot receipt: unrecognised format (first byte: 0x{:02X})",
+        first_byte));
+    }
+  }
+
   static void deserialise_snapshot(
     const std::shared_ptr<ccf::kv::Store>& store,
     const SnapshotSegments& segments,
@@ -176,10 +245,8 @@ namespace ccf
   }
 
   static std::vector<uint8_t> build_and_serialise_receipt(
-    const std::vector<uint8_t>& sig,
+    const std::vector<uint8_t>& cose_sig,
     const std::vector<uint8_t>& tree,
-    const NodeId& node_id,
-    const ccf::crypto::Pem& node_cert,
     ccf::kv::Version seqno,
     const ccf::crypto::Sha256Hash& write_set_digest,
     const std::string& commit_evidence,
@@ -191,18 +258,33 @@ namespace ccf
     // NOLINTNEXTLINE(performance-move-const-arg)
     cd.set(std::move(claims_digest));
     ccf::TxReceiptImpl tx_receipt(
-      sig,
-      std::nullopt, // cose
+      {},
+      cose_sig,
       proof.get_root(),
       proof.get_path(),
-      node_id,
-      node_cert,
+      {},
+      std::nullopt,
       write_set_digest,
       commit_evidence,
       cd);
 
-    auto receipt = ccf::describe_receipt_v1(tx_receipt);
-    const auto receipt_str = receipt.dump();
-    return {receipt_str.begin(), receipt_str.end()};
+    // To be replaced with 'describe_cose_receipt' once 7700 is merged.
+    auto cose_signature = ccf::describe_cose_signature_v1(tx_receipt);
+    if (!cose_signature.has_value())
+    {
+      throw std::logic_error(
+        "No COSE signature available for snapshot receipt");
+    }
+    auto merkle_proof = ccf::describe_merkle_proof_v1(tx_receipt);
+    if (!merkle_proof.has_value())
+    {
+      return *cose_signature;
+    }
+
+    ccf::cose::edit::desc::Value desc{
+      ccf::cose::edit::pos::AtKey{ccf::cose::header::iana::INCLUSION_PROOFS},
+      ccf::cose::header::iana::VDP,
+      *merkle_proof};
+    return ccf::cose::edit::set_unprotected_header(*cose_signature, desc);
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -194,6 +194,7 @@ namespace ccf::cose`
`194`	`194`	`{`
`195`	`195`	`CcfCoseReceiptPhdr phdr;`
`196`	`196`	`std::vector<uint8_t> merkle_root;`
	`197`	`+ std::vector<uint8_t> claims_digest;`
`197`	`198`	`};`
`198`	`199`
`199`	`200`	`static std::vector<uint8_t> recompute_merkle_root(const MerkleProof& proof)`
`@@ -446,6 +447,7 @@ namespace ccf::cose`
`446`	`447`	`}`
`447`	`448`
`448`	`449`	`receipt.merkle_root = recompute_merkle_root(proofs[0]);`
	`450`	`+ receipt.claims_digest = proofs[0].leaf.claims_digest;`
`449`	`451`	`for (size_t i = 1; i < proofs.size(); ++i)`
`450`	`452`	`{`
`451`	`453`	`auto root = recompute_merkle_root(proofs[i]);`
`@@ -454,6 +456,13 @@ namespace ccf::cose`
`454`	`456`	`throw COSEDecodeError(`
`455`	`457`	`"Inconsistent Merkle roots computed from COSE receipt proofs");`
`456`	`458`	`}`
	`459`	`+ if (proofs[i].leaf.claims_digest != receipt.claims_digest)`
	`460`	`+ {`
	`461`	`+ throw COSEDecodeError(fmt::format(`
	`462`	`+ "Claims from proofs don't match: {} != {}",`
	`463`	`+ ds::to_hex(receipt.claims_digest),`
	`464`	`+ ds::to_hex(proofs[i].leaf.claims_digest)));`
	`465`	`+ }`
`457`	`466`	`}`
`458`	`467`	`}`
`459`	`468`