Update

microsoft · Dec 18, 2024 · 1228c1d · 1228c1d
1 parent 123387b
commit 1228c1d
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 24 deletions.
diff --git a/.prettierrc.yaml b/.prettierrc.yaml
diff --git a/doc/host_config_schema/cchost_config.json b/doc/host_config_schema/cchost_config.json
@@ -329,7 +329,7 @@
                         "recovery_role": {
                           "type": "string",
                           "enum": ["NonParticipant", "Participant", "Owner"],
-                          "description": "Whether the member acts as a recovery participant and gets assigned a single share or as an owner and gets assigned the full recovery share"
+                          "description": "Whether the member acts as a recovery participant and gets assigned a single share or as an owner and gets assigned the full recovery key"
                         }
                       },
                       "required": ["certificate_file"],

diff --git a/include/ccf/service/tables/members.h b/include/ccf/service/tables/members.h
@@ -24,10 +24,10 @@ namespace ccf
 
   enum class MemberRecoveryRole
   {
-    NonParticipant,
+    NonParticipant = 0,
     Participant,
 
-    /** If set then the member is to receive a full share ("super-share")
+    /** If set then the member is to receive the full wrapper key
        allowing it to single-handedly recover the network without
        requiring any other recovery member to submit their shares. */
     Owner

diff --git a/src/node/gov/handlers/recovery.h b/src/node/gov/handlers/recovery.h
@@ -130,14 +130,13 @@ namespace ccf::gov::endpoints
             params["share"].template get<std::string>());
 
           size_t submitted_shares_count = 0;
-          bool full_share_submitted = false;
+          bool full_key_submitted = false;
           try
           {
             submitted_shares_count = share_manager.submit_recovery_share(
               ctx.tx, member_id, raw_recovery_share);
 
-            full_share_submitted =
-              ShareManager::is_full_share(raw_recovery_share);
+            full_key_submitted = ShareManager::is_full_key(raw_recovery_share);
 
             OPENSSL_cleanse(
               raw_recovery_share.data(), raw_recovery_share.size());
@@ -168,11 +167,11 @@ namespace ccf::gov::endpoints
             submitted_shares_count,
             threshold);
 
-          if (submitted_shares_count >= threshold || full_share_submitted)
+          if (submitted_shares_count >= threshold || full_key_submitted)
           {
-            if (full_share_submitted)
+            if (full_key_submitted)
             {
-              message += "\nFull recovery share successfully submitted";
+              message += "\nFull recovery key successfully submitted";
             }
 
             message += "\nEnd of recovery procedure initiated";
@@ -205,7 +204,7 @@ namespace ccf::gov::endpoints
           response_body["message"] = message;
           response_body["submittedCount"] = submitted_shares_count;
           response_body["recoveryThreshold"] = threshold;
-          response_body["fullShareSubmitted"] = full_share_submitted;
+          response_body["fullKeySubmitted"] = full_key_submitted;
 
           ctx.rpc_ctx->set_response_json(response_body, HTTP_STATUS_OK);
           return;

diff --git a/src/node/gov/handlers/service_state.h b/src/node/gov/handlers/service_state.h
@@ -35,21 +35,15 @@ namespace ccf::gov::endpoints
       member["publicEncryptionKey"] = enc_key.value().str();
     }
 
-    ccf::MemberRecoveryRole recovery_role;
+    ccf::MemberRecoveryRole recovery_role =
+      ccf::MemberRecoveryRole::NonParticipant;
     if (member_details.recovery_role.has_value())
     {
       recovery_role = member_details.recovery_role.value();
     }
-    else
+    else if (enc_key.has_value())
     {
-      if (enc_key.has_value())
-      {
-        recovery_role = ccf::MemberRecoveryRole::Participant;
-      }
-      else
-      {
-        recovery_role = ccf::MemberRecoveryRole::NonParticipant;
-      }
+      recovery_role = ccf::MemberRecoveryRole::Participant;
     }
 
     member["recoveryRole"] = recovery_role;

diff --git a/src/node/share_manager.h b/src/node/share_manager.h
@@ -581,7 +581,7 @@ namespace ccf
       return restored_ledger_secrets;
     }
 
-    static bool is_full_share(
+    static bool is_full_key(
       const std::vector<uint8_t>& submitted_recovery_share)
     {
       if (
@@ -591,7 +591,7 @@ namespace ccf
         auto share = ccf::crypto::sharing::Share(submitted_recovery_share);
         if (share.x == 0)
         {
-          // Index value of 0 indicates a full share.
+          // Index value of 0 indicates a full key.
           return true;
         }
       }

diff --git a/tests/infra/consortium.py b/tests/infra/consortium.py
@@ -763,7 +763,7 @@ def recover_with_owner_share(self, remote_node):
             assert (
                 f"{submitted_shares_count}/{self.recovery_threshold}" in r.body.text()
             )
-            assert "Full recovery share successfully submitted" in r.body.text()
+            assert "Full recovery key successfully submitted" in r.body.text()
             assert "End of recovery procedure initiated" in r.body.text()
 
     def set_recovery_threshold(self, remote_node, recovery_threshold):