CCF
CCF copied to clipboard
microsoft
Confidential Consortium Framework
List of problems to solve while refactoring the interface for **signature verification** * `RSAPublicKey` and `RSAKeyPair` both **define** `verify(signature_args..., md_type, salt_length)`, is it even legit?.. * `RSAKeyPair_OpenSSL` **implements** `verify(signature_args..., md_type,...
Based on [this](https://github.com/microsoft/CCF/pull/6680#discussion_r1873006358) discussion in #6680 We may either rewrite or fulfil the existing JWK code in `jwk.h` to be able to easily parse and work with different JWK instances.
Mentioned by @achamayou here: https://github.com/microsoft/CCF/pull/6680/files#r1873482195 However, I don't find anything in the JWT/JWT RFCs about EdDSA, according to the [table](https://datatracker.ietf.org/doc/html/rfc7518#section-3.1), there's no corresponding `alg` to specify that. ``` +--------------+-------------------------------+--------------------+ |...
See https://github.com/microsoft/scitt-ccf-ledger/issues/247 We would need to add a check in https://github.com/microsoft/CCF/blob/93f3ae44097440a2e3ce55e4bf9537008b91bf99/src/http/http_parser.h#L196 for content-length, and terminate early there. At the moment, this is checked later on, while the body is appended...
**Is your feature request related to a problem? Please describe.** while refactoring TPAL because of single registry all handlers are of the type DynamicJSEndpoint and registered there. Not all handlers...
Although cose_auth currently uses 4(kid) to look up the member key, some signing tools may embed x5t/x5chain, which currently causes the qcbor spiffy parser to fail. We should allow them...
It's possible for a number of join attempts to be made that do not result in a node being trusted. Those have to be manually deleted by the operator at...
This unit test currently runs a fixed number of threads for a fixed number of writes, and expects that this produces at least one conflict. Usually it produces several hundred,...
This introduces a race condition for early requests - who gets to populate the `history` variable? We should instead let each fetch it on-demand, or _push_ the initialised history value...
If the path under https://github.com/microsoft/CCF/blob/f1bd349ba7de81fcc56fd23670ce49ff4dd42a52/src/host/ledger.h#L321 gets hit then the malformed/corrupt ledger file is not getting ignored when a node starts from a later snapshot but has this older uncommitted ledger...
