New SVR2 enclaves for staging and production

Author: eager-signal

rust/attest/src/constants.rs

@@ -19,11 +19,16 @@ pub const ENCLAVE_ID_SVR2_STAGING_PREQUANTUM: &[u8] =
 pub const ENCLAVE_ID_SVR2_PROD_PREQUANTUM: &[u8] =
     &hex!("9314436a9a144992bb3680770ea5fd7934a7ffd29257844a33763a238903d570");
 
-pub const ENCLAVE_ID_SVR2_STAGING: &[u8] =
+pub const ENCLAVE_ID_SVR2_STAGING_2025Q2: &[u8] =
     &hex!("2e8cefe6e3f389d8426adb24e9b7fb7adf10902c96f06f7bbcee36277711ed91");
-pub const ENCLAVE_ID_SVR2_PROD: &[u8] =
+pub const ENCLAVE_ID_SVR2_PROD_2025Q2: &[u8] =
     &hex!("093be9ea32405e85ae28dbb48eb668aebeb7dbe29517b9b86ad4bec4dfe0e6a6");
 
+pub const ENCLAVE_ID_SVR2_STAGING: &[u8] =
+    &hex!("a75542d82da9f6914a1e31f8a7407053b99cc99a0e7291d8fbd394253e19b036");
+pub const ENCLAVE_ID_SVR2_PROD: &[u8] =
+    &hex!("29cd63c87bea751e3bfd0fbd401279192e2e5c99948b4ee9437eafc4968355fb");
+
 pub const ENCLAVE_ID_SVRB_STAGING: &[u8] =
     &hex!("fefd012f3792a5ffd7d385171431adcde938ccb1346d1e1d9d2635da9c44da99");
 
@@ -86,7 +91,7 @@ pub const RAFT_CONFIG_SVR2_PROD_PREQUANTUM: &RaftConfig = &RaftConfig {
     attestation_timeout: 604800,
     simulated: false,
 };
-pub const RAFT_CONFIG_SVR2_STAGING: &RaftConfig = &RaftConfig {
+pub const RAFT_CONFIG_SVR2_STAGING_2025Q2: &RaftConfig = &RaftConfig {
     min_voting_replicas: 3,
     max_voting_replicas: 9,
     super_majority: 0,
@@ -96,7 +101,7 @@ pub const RAFT_CONFIG_SVR2_STAGING: &RaftConfig = &RaftConfig {
     simulated: false,
 };
 
-pub const RAFT_CONFIG_SVR2_PROD: &RaftConfig = &RaftConfig {
+pub const RAFT_CONFIG_SVR2_PROD_2025Q2: &RaftConfig = &RaftConfig {
     min_voting_replicas: 4,
     max_voting_replicas: 13,
     super_majority: 2,
@@ -106,6 +111,26 @@ pub const RAFT_CONFIG_SVR2_PROD: &RaftConfig = &RaftConfig {
     simulated: false,
 };
 
+pub const RAFT_CONFIG_SVR2_STAGING: &RaftConfig = &RaftConfig {
+    min_voting_replicas: 3,
+    max_voting_replicas: 9,
+    super_majority: 0,
+    group_id: 14164309227572919775,
+    db_version: 2,
+    attestation_timeout: 604800,
+    simulated: false,
+};
+
+pub const RAFT_CONFIG_SVR2_PROD: &RaftConfig = &RaftConfig {
+    min_voting_replicas: 4,
+    max_voting_replicas: 13,
+    super_majority: 2,
+    group_id: 10263621230883829694,
+    db_version: 2,
+    attestation_timeout: 604800,
+    simulated: false,
+};
+
 pub const RAFT_CONFIG_SVRB_STAGING: &RaftConfig = &RaftConfig {
     min_voting_replicas: 3,
     max_voting_replicas: 9,
@@ -118,7 +143,7 @@ pub const RAFT_CONFIG_SVRB_STAGING: &RaftConfig = &RaftConfig {
 
 // This is left here primarily to support SVR2 bridging code that does
 // not expose the notion of environment to the clients.
-pub(crate) static EXPECTED_RAFT_CONFIG_SVR2: SmallMap<&'static [u8], &'static RaftConfig, 4> =
+pub(crate) static EXPECTED_RAFT_CONFIG_SVR2: SmallMap<&'static [u8], &'static RaftConfig, 6> =
     SmallMap::new([
         (
             ENCLAVE_ID_SVR2_STAGING_PREQUANTUM,
@@ -128,6 +153,11 @@ pub(crate) static EXPECTED_RAFT_CONFIG_SVR2: SmallMap<&'static [u8], &'static Ra
             ENCLAVE_ID_SVR2_PROD_PREQUANTUM,
             RAFT_CONFIG_SVR2_PROD_PREQUANTUM,
         ),
+        (
+            ENCLAVE_ID_SVR2_STAGING_2025Q2,
+            RAFT_CONFIG_SVR2_STAGING_2025Q2,
+        ),
+        (ENCLAVE_ID_SVR2_PROD_2025Q2, RAFT_CONFIG_SVR2_PROD_2025Q2),
         (ENCLAVE_ID_SVR2_STAGING, RAFT_CONFIG_SVR2_STAGING),
         (ENCLAVE_ID_SVR2_PROD, RAFT_CONFIG_SVR2_PROD),
     ]);

rust/net/src/env.rs

@@ -216,13 +216,10 @@ pub(crate) const ENDPOINT_PARAMS_CDSI_PROD: EndpointParams<'static, Cdsi> = Endp
     raft_config: (),
 };
 
-// Currently, the production SVR2 is prequantum while we're testing the postquantum
-// handshakes in staging.
-pub(crate) const ENDPOINT_PARAMS_SVR2_PROD_PREQUANTUM: EndpointParams<'static, SvrSgx> =
-    EndpointParams {
-        mr_enclave: MrEnclave::new(attest::constants::ENCLAVE_ID_SVR2_PROD_PREQUANTUM),
-        raft_config: attest::constants::RAFT_CONFIG_SVR2_PROD_PREQUANTUM,
-    };
+pub(crate) const ENDPOINT_PARAMS_SVR2_PROD: EndpointParams<'static, SvrSgx> = EndpointParams {
+    mr_enclave: MrEnclave::new(attest::constants::ENCLAVE_ID_SVR2_PROD),
+    raft_config: attest::constants::RAFT_CONFIG_SVR2_PROD,
+};
 
 pub(crate) const KEYTRANS_SIGNING_KEY_MATERIAL_STAGING: &[u8; 32] =
     &hex!("ac0de1fd7f33552bbeb6ebc12b9d4ea10bf5f025c45073d3fb5f5648955a749e");
@@ -589,9 +586,7 @@ pub const PROD: Env<'static> = Env {
     },
     svr2: EnclaveEndpoint {
         domain_config: DOMAIN_CONFIG_SVR2,
-        // Currently, the production SVR2 is prequantum while we're testing the postquantum
-        // handshakes in staging.
-        params: ENDPOINT_PARAMS_SVR2_PROD_PREQUANTUM,
+        params: ENDPOINT_PARAMS_SVR2_PROD,
     },
     svr_b: None,
     keytrans_config: KEYTRANS_CONFIG_PROD,