Alan-Jowett / sonde / 26137457623
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 129
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 82.902%. Remained the same
26137457623

push

github

web-flow 
docs: escrow subsystem redesign specification (evolve-962) (#1016)

* docs: add evolve-962 escrow redesign specification

Redesign the PSK key escrow subsystem specified in evolve-887 to use a
declarative ACTUAL_STATE/DESIRED_STATE convergence model instead of
imperative connector messages. Treat the gateway as a first-class entity
in the state model.

Key changes from evolve-887:
- Unify \GatewayIdentity\ with escrow keypair (single seed, dual Ed25519/X25519)
- Replace \key_version\ counters with opaque \master_key_id\ + monotonic \master_key_epoch\
- Remove 5-state lifecycle machine (\EscrowState\) — track rotation via \pending_rotation\ table
- Add rotation-code authentication (physical-presence proof via modem display)
- Remove imperative messages: \KEY_ESCROW_PUBKEY\ (0x10), \KEY_ESCROW_REQUEST\ (0x11),
  \KEY_ESCROW_RESPONSE\ (0x12), \MASTER_KEY_INSTALL\ (0x13)
- Gateway ACTUAL_STATE: channel, \master_key_id\, epoch, X25519 public key,
  \missing_key_hints\, versions, salt/KDF params
- Gateway DESIRED_STATE: channel changes, rotation payload, recovered PSKs, salt
- Declarative node recovery via \missing_key_hints\ → \ecovered_psks\
- Provisional recovery PSKs (promote only after successful frame auth)
- Fully specified \RotationPayloadV1\ binary format
- 3-phase crash-safe rotation with explicit phase markers
- gRPC \SubmitRotation\ API for \sonde-admin\ (no Azure dependency)

Supersedes evolve-887 escrow sections (§§20.1–20.12, §§2.2–2.4,
§§3.1, §§4.1, §§5.1, §§6.1, §§7 T-2000–T-2009, §§8).

Resolves: #962

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* docs: address PR review comments on evolve-962 spec

- Fix \kdf_params\ key 4 naming: use \kdf_version\ consistently
- Specify \current_master_key_epoch_be64\ encoding in §2.6.2 (match §2.6.1)
- Split Azure \gateway_version\/\modem_firmware_version\ into separate
  version and commit columns to match CBOR field defi... (continued)

37733 of 45515 relevant lines covered (82.9%)

248.85 hits per line

Jobs
ID Job ID Ran Files Coverage
1 26137457623.1 129
82.9
 GitHub Action Run
Source Files on build 26137457623