Ccf

Changed

- `/gov/members` endpoint is deprecated. It is replaced by `/gov/kv/members/certs`, `/gov/kv/members/encryption_public_keys`, `/gov/kv/members/info`.
- `/gov/code` endpoint is deprecated. It is replaced by `/gov/kv/nodes/code_ids`.
- `/gov/jwt_keys/all` endpoint is deprecated. It is replaced by `/gov/kv/jwt/public_signing_keys`, `/gov/kv/jwt/public_signing_key_issue`, and `/gov/kv/jwt/issuers`
- `ccf::RpcContext::set_response()` has been renamed to `ccf::RpcContext::set_response_json()` (4813).
- The built-in authentication policies for JWTs and certs will now enforce expiry times, based on the current time received from the host. JWTs must contain "nbf" and "exp" claims, and if those are outside the current time then the request will get an authentication error (4786).
- `ccf.crypto.sign()` previously returned DER-encoded ECDSA signatures and now returns IEEE P1363 encoded signatures, aligning with the behavior of the Web Crypto API and `ccf.crypto.verifySignature()` (4829).
- Proposals authenticated with COSE Sign1 must now contain a `ccf.gov.msg.created_at` header parameter, set to a positive integer number of seconds since epoch. This timestamp is used to detect potential proposal replay. The `ccf_cose_sign1*` scripts have been updated accordingly and require a `--ccf-gov-msg-created_at`.
- Updated Clang version requirement to >= 10 in cmake.

Added

- Added `ccf.enableUntrustedDateTime` to JS API. After calling `ccf.enableUntrustedDateTime(true)`, the `Date` global object will use the untrusted host time to retrieve the current time.
- Add new `ccf.crypto.jwkToPem`, `ccf.crypto.pubJwkToPem`, `ccf.crypto.rsaJwkToPem`, `ccf.crypto.pubRsaJwkToPem`, `ccf.crypto.eddsaJwkToPem`, `ccf.crypto.pubEddsaJwkToPem` to JavaScript/TypesScript API to convert EC/RSA/EdDSA keys from PEM to Json Web Key (4876).
- Add new constructors to cryptography C++ API to generate EC/RSA/EdDSA keys from Json Web Key (4876).
- Endorsement certificates for SEV-SNP attestation report can now be retrieved via an environment variable, as specified by `attestation.environment.report_endorsements` configuration entry (4940).

Fixed

- Node-to-node channels no longer check certificate expiry times. This previously caused "Peer certificate verification failed" error messages when node or service certs expired. (4733)
- `node_data_json_file` configuration option is now correctly applied in `Start` and `Recover` modes (4761).

Changed

- Increased default NumHeapPages (heap size) for js_generic from 131072 (500MB) to 524288 (2GB).
- `TCP_NODELAY` is now set for all incoming and outgoing TCP connections (4717).

Added

- The [ccf Python package](https://pypi.org/project/ccf/) now includes a `ccf_cose_sign1` CLI tool, to facilitate the creation of [COSE Sign1](https://www.rfc-editor.org/rfc/rfc8152#page-18) requests for governance purposes. It also includes `ccf_cose_sign1_prepare` and `ccf_cose_sign1_finish` CLI tools, to facilitate the creation of [COSE Sign1](https://www.rfc-editor.org/rfc/rfc8152#page-18) requests for governance purposes, signed with external key management systems such as AKV. See [documentation](https://microsoft.github.io/CCF/main/governance/hsm_keys.html#cose-signing) for details.
- Builtin governance tables now have endpoints for accessing their content directly from the KV, under `/gov/kv`. For instance, `/gov/kv/constitution` will read the current constitution.

Fixed

- Session consistency is now provided even across elections. If session consistency would be broken, the inconsistent request will return an error and the TLS session will be terminated.
- Fixed issue where invalid snapshots could be generated depending on the pattern of additions/removals of keys in a given key-value map (4730).

Added

- Added `view_history` and `view_history_since` query parameters to `/app/commit` endpoint for retrieving the full view history and the view history since a certain view (4580)
- Added `BaseEndpointRegistry::get_view_history_v1` function to get the view history since a given revision (4580)

Changed

- `enclave.type` configuration entry now only supports `Debug` or `Release`. Trusted Execution Environment platform should be specified via new `enclave.platform` configuration entry (`SGX`, `SNP` or `Virtual`) (4569).

Fixed

- Fix issue with large snapshots that may cause node crash on startup (join/recover) if configured stack size was too low (4566).

Added

- `sandbox.sh` now accepts a `--consensus-update-timeout-ms` to modify the `consensus.message_timeout` value in each node's configuration. This can be used to alter multi-node commit latency.
- Add `ccf.crypto.sign()` API in the JavaScript runtime (4454).

Changed

- CCF is now a separate CMake project and Debian package per platform (sgx, snp and virtual), rather than the same project and package with a decorated version, to prevent accidental misuse and narrow down dependencies. (4421).
- C++ applications should find the appropriate CCF package in CMake with `find_package("ccf_<platform>" REQUIRED)`.
- CCF Debian packages are now installed at `/opt/ccf_<platform>` rather than `/opt/ccf`.
- We now support QuickJS runtime caps such as `max_heap_bytes`, `max_stack_bytes` and `max_execution_time_ms`. These can be set via a governance proposal. They can also be fetched via the `GET /node/js_metrics` endpoint (4396).