Skip to content

Commit 982c792

Browse files
authored
[release/5.x] Cherry pick: Harden disaster recovery: Ignore duplicate sealed secrets (#6999) (#7001)
1 parent 9d4377d commit 982c792

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

55 files changed

+238
-34
lines changed

CHANGELOG.md

Lines changed: 8 additions & 0 deletions

src/kv/deserialise.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,8 @@ namespace ccf::kv
123123
auto search = changes.find(ccf::Tables::SIGNATURES);
124124
if (search != changes.end())
125125
{
126+
bool has_cose = false;
127+
126128
switch (changes.size())
127129
{
128130
case 2:
@@ -138,6 +140,7 @@ namespace ccf::kv
138140
changes.end() &&
139141
changes.find(ccf::Tables::COSE_SIGNATURES) != changes.end())
140142
{
143+
has_cose = true;
141144
break;
142145
}
143146
default:
@@ -148,7 +151,7 @@ namespace ccf::kv
148151

149152
if (history)
150153
{
151-
if (!history->verify_root_signatures())
154+
if (!history->verify_root_signatures(has_cose))
152155
{
153156
LOG_FAIL_FMT("Failed to deserialise");
154157
LOG_DEBUG_FMT(

src/kv/kv_types.h

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -399,11 +399,7 @@ namespace ccf::kv
399399
};
400400

401401
virtual ~TxHistory() {}
402-
virtual Result verify_and_sign(
403-
ccf::PrimarySignature& signature,
404-
Term* term,
405-
ccf::kv::Configuration::Nodes& nodes) = 0;
406-
virtual bool verify_root_signatures() = 0;
402+
virtual bool verify_root_signatures(bool has_cose) = 0;
407403
virtual void try_emit_signature() = 0;
408404
virtual void emit_signature() = 0;
409405
virtual ccf::crypto::Sha256Hash get_replicated_state_root() = 0;

src/node/history.h

Lines changed: 7 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -146,15 +146,7 @@ namespace ccf
146146
version++;
147147
}
148148

149-
ccf::kv::TxHistory::Result verify_and_sign(
150-
PrimarySignature&,
151-
ccf::kv::Term*,
152-
ccf::kv::Configuration::Nodes&) override
153-
{
154-
return ccf::kv::TxHistory::Result::OK;
155-
}
156-
157-
bool verify_root_signatures() override
149+
bool verify_root_signatures(bool has_cose) override
158150
{
159151
return true;
160152
}
@@ -661,25 +653,7 @@ namespace ccf
661653
term_of_next_version};
662654
}
663655

664-
ccf::kv::TxHistory::Result verify_and_sign(
665-
PrimarySignature& sig,
666-
ccf::kv::Term* term,
667-
ccf::kv::Configuration::Nodes& config) override
668-
{
669-
if (!verify_root_signatures())
670-
{
671-
return ccf::kv::TxHistory::Result::FAIL;
672-
}
673-
674-
ccf::kv::TxHistory::Result result = ccf::kv::TxHistory::Result::OK;
675-
676-
sig.node = id;
677-
sig.sig = kp.sign_hash(sig.root.h.data(), sig.root.h.size());
678-
679-
return result;
680-
}
681-
682-
bool verify_root_signatures() override
656+
bool verify_root_signatures(bool has_cose) override
683657
{
684658
auto tx = store.create_read_only_tx();
685659

@@ -699,6 +673,11 @@ namespace ccf
699673
return false;
700674
}
701675

676+
if (!has_cose)
677+
{
678+
return true;
679+
}
680+
702681
auto cose_signatures =
703682
tx.template ro<ccf::CoseSignatures>(ccf::Tables::COSE_SIGNATURES);
704683
auto cose_sig = cose_signatures->get();

src/node/share_manager.h

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -507,12 +507,27 @@ namespace ccf
507507
it != recovery_ledger_secrets.rend();
508508
it++)
509509
{
510+
LOG_DEBUG_FMT(
511+
"Recovering encrypted ledger secret valid at seqno {}",
512+
it->previous_ledger_secret->version);
513+
510514
if (!it->previous_ledger_secret.has_value())
511515
{
512516
// Very first entry does not encrypt any other ledger secret
513517
break;
514518
}
515519

520+
if (
521+
restored_ledger_secrets.find(it->previous_ledger_secret->version) !=
522+
restored_ledger_secrets.end())
523+
{
524+
// Already decrypted this ledger secret
525+
LOG_INFO_FMT(
526+
"Skipping, already decrypted ledger secret with version {}",
527+
it->previous_ledger_secret->version);
528+
continue;
529+
}
530+
516531
auto decrypted_ls_raw = decrypt_previous_ledger_secret_raw(
517532
latest_ls, it->previous_ledger_secret->encrypted_data);
518533

tests/recovery.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -814,6 +814,10 @@ def run(args):
814814
args, "sgx_service", expected_recovery_count=3, test_receipt=False
815815
)
816816

817+
test_recover_service_from_files(
818+
args, "double_sealed_service", expected_recovery_count=2, test_receipt=False
819+
)
820+
817821

818822
def run_recover_snapshot_alone(args):
819823
"""
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIBtjCCATygAwIBAgIUCp/pWk6MnuAKOk3hk+IHzRMNJnowCgYIKoZIzj0EAwMw
3+
EjEQMA4GA1UEAwwHbWVtYmVyMDAeFw0yNTA1MDgxMjMxNTNaFw0yNjA1MDgxMjMx
4+
NTNaMBIxEDAOBgNVBAMMB21lbWJlcjAwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASN
5+
dA7cD9L+dx0fw8fJcuZzvhM3D2Nfla5/joZKleT4jwBo/YOKgOg8u5vcOccwxucO
6+
AiXXHNJ2dr+7FUPd+vg6N0AnIaOXDFHROXK2ylmT4l8oQMMw5kpXp6N2gS6AVBaj
7+
UzBRMB0GA1UdDgQWBBSV5wIP6S1xoYNM5aFl3BxL7LTSzzAfBgNVHSMEGDAWgBSV
8+
5wIP6S1xoYNM5aFl3BxL7LTSzzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMD
9+
A2gAMGUCMGzigYRi6rNHp2XnHUJ4dz1ah/osEEnoDLOp1btD/UauD14XGugvD0vL
10+
vCE0myL25AIxAM5Qkii6F7SQ7J62Tg3/NYrcJ7L6XbkSUK3o1Whgv5POVQG/Eymw
11+
+GgkVACatEnxsw==
12+
-----END CERTIFICATE-----
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD2qQjwy8D1vEgf
3+
5dAUJxleME52tzNp2IjuTi96APNMFPlOtBrT4x1MsOUeixDa0phHO+hOt/3kxVXm
4+
DInWWcbbewF9jlk8R4k3LXJPseDS9LBftaTC9G3JA8enzFjAbHOyVu76vA0BqiSH
5+
f+SgWd72eai+4mQf0gcMiPYkoDXoFWTst7l6IUc3i8iheaFRC2x/QGzNtI6PgPPQ
6+
bRMIQOD5wa1I6hw85VpclVylSlw1/Eq8y9DwMKzX5u+QxwWaSszgRLjPKSrSDyTu
7+
tMPHkCOiFTW9/s9hJ7Afqff0TPn2EdgFwdD5t3EmQxeG6Nu9y00RuLA64iyDxiYT
8+
hQntCJ7VAgMBAAECggEAeGw2TTlsz4xIuin82JnuLKnw5My0cSyiTZYmX64vGinz
9+
PZV4s5HiMBr9AVhrtimy5rQ8ypHRhutA8LuWX+wcxfLb22yv7FoQh7vMX1Q8q0GD
10+
CncoJXYoU0dhJm8BtZA9PAhtTESbJQDoLK8n85Fs5XCoDemBcHedsWT8pw0AxHkY
11+
GWqYA+RiilJp2pGxg50ce9362fSZ9TmuBZscNtS9FefHzkER/RTHttWpBR/aVyyC
12+
FnjyB9p4cELSwbZeFHRAX3v4Ba8KUeF8r3wh0qlBJRnM4fw/8kp1wW3dFA0L39zN
13+
jHuSYCPt7IQn1dR1rNuw34fHU2egRRPMrx7sVEqm0QKBgQD9Htw/gRjrQKKWmEIJ
14+
B8g/dYmvy4WBzEwqGWyyG7hGvnSxKQ5VaJna0lVDctaV27b5SLdNbyWNHlMrbPMF
15+
l51SA3HOLTjDzN4Fp2aotTKG558yZMaDe4nyX4B9REf9RmI8ld+/KVy05k0D36Xv
16+
TlUNPeP/7Y+2i+rUQ29PnllutwKBgQD5d1xovBgFkGT8Sx31gN1GP9AYgiwS/Rq1
17+
8Sz6RYdzdCIFlNN8VriX7h+2J4gqZ6hcR2kIQBJCK96RP9KX8WB4wKApgdi4LNB7
18+
SEI4x/a4jZFcUkQXKoBkpwKK1ZM+1M4gsQCUGr7Lm7M3tLuVJmLG7C4+ufO7SIGZ
19+
KIwNC0KS0wKBgHvW3Ws0fjybIvELDUPdyttBZlvb9zXJ/nmadtOtPDtgczc6Hwkq
20+
ZBvrTEvzo4kuNhdAvG3mMzkX3Rkh9MSHqTC2/rcg6OTjFr0tacyg2lemevzs0TMC
21+
/jrW/sZK4e3IwcdijFW6puDazFNY2JZ8fKA9548Pa4Ckc//l/k+16YuBAoGANzxt
22+
kqcrLng1VAOR450f4YEZo4OXHLE8K9L14YhpoG+zZMb6OMq+3q0UCnIgXTtMdPo+
23+
0FvXbx1lj4WxLIF+md4U2Hvur4EEvHdYalgkUeLOr8FrYDHB8gdksbbufngCGAz5
24+
EtIFMvILsabr7e9s6Zy79JmZ1PsN7wqiT/URTY8CgYAn603wR9ZZP5g4Zsauqh9Z
25+
skIRQZOQgvakpwl6IRDr9aLoekgl0gYy+uQKylDsy7h89dwqPK+Y8Ut/1y+OQl6S
26+
KD2Gc/8dHKuNSwrzcOI4dx/5RPUVddj8rNexBnafaitKB77nRbXSd8B7HNXYm3U6
27+
fqB1wFF2nyI3xWHMZMXagg==
28+
-----END PRIVATE KEY-----
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9qkI8MvA9bxIH+XQFCcZ
3+
XjBOdrczadiI7k4vegDzTBT5TrQa0+MdTLDlHosQ2tKYRzvoTrf95MVV5gyJ1lnG
4+
23sBfY5ZPEeJNy1yT7Hg0vSwX7WkwvRtyQPHp8xYwGxzslbu+rwNAaokh3/koFne
5+
9nmovuJkH9IHDIj2JKA16BVk7Le5eiFHN4vIoXmhUQtsf0BszbSOj4Dz0G0TCEDg
6+
+cGtSOocPOVaXJVcpUpcNfxKvMvQ8DCs1+bvkMcFmkrM4ES4zykq0g8k7rTDx5Aj
7+
ohU1vf7PYSewH6n39Ez59hHYBcHQ+bdxJkMXhujbvctNEbiwOuIsg8YmE4UJ7Qie
8+
1QIDAQAB
9+
-----END PUBLIC KEY-----
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
-----BEGIN EC PARAMETERS-----
2+
BgUrgQQAIg==
3+
-----END EC PARAMETERS-----
4+
-----BEGIN EC PRIVATE KEY-----
5+
MD4CAQEEMCNoAj3RDb9ksY2F0Z3rOstsugsQOmgkcrtDwI0Wv9GsgOiwD2xwLR1b
6+
RxQuM608naAHBgUrgQQAIg==
7+
-----END EC PRIVATE KEY-----

0 commit comments

Comments
 (0)