Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign get chunks #1022

Merged
merged 10 commits into from
Dec 19, 2024
Merged

Sign get chunks #1022

merged 10 commits into from
Dec 19, 2024

Conversation

cody-littley
Copy link
Contributor

@cody-littley cody-littley commented Dec 17, 2024

Why are these changes needed?

Enable request signing for GetChunks() requests.

Companion PR to update the relay helm chart: https://github.com/Layr-Labs/eigenda-devops/pull/1256

Checks

  • I've made sure the tests are passing. Note that there might be a few flaky tests, in that case, please comment that they are not relevant.
  • I've checked the new test coverage and the coverage percentage didn't drop.
  • Testing Strategy
    • Unit tests
    • Integration tests
    • This PR is not tested :(

Signed-off-by: Cody Littley <[email protected]>
Signed-off-by: Cody Littley <[email protected]>
@cody-littley cody-littley self-assigned this Dec 17, 2024
@@ -135,9 +135,18 @@ var _ = Describe("Inabox v2 Integration", func() {
}
}

// These values are only used by the relay client to get chunks, which we do not call from the relay
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks just because of missing test coverage, then shall we add a call to test GetChunks?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked to @ian-shim about this. He said the calls to GetChunks() are made from the operator nodes, not from this client instance. We are only using this client instance to call GetBlobs().

func NewRelayClient(config *RelayClientConfig, logger logging.Logger) (*relayClient, error) {
if config == nil || len(config.Sockets) <= 0 {
func NewRelayClient(config *RelayClientConfig, logger logging.Logger) (RelayClient, error) {
if config == nil || len(config.Sockets) <= 0 || config.OperatorID == nil || config.MessageSigner == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we move this check config.OperatorID == nil || config.MessageSigner == nil to GetChunks methods?
Other methods like GetBlob should work with nil operator ID and nil signer

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've moved these checks out of the constructor. They will cause the methods that get chunks to return an error if they are not properly configured.

@@ -30,6 +30,7 @@ func defaultConfig() *Config {
ChunkCacheSize: 1024 * 1024,
ChunkMaxConcurrency: 32,
MaxKeysPerGetChunksRequest: 1024,
AuthenticationDisabled: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we set this to false, does integration test fail?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disabling authentication doesn't cause signed requests to be rejected, it just causes signatures to be entirely ignored by the relay.

That being said, disabling authentication in the relay tests was a bit of a shortcut (the bad kind). I've modified the code in this test file to properly enable authentication.

// signGetChunksRequest signs the GetChunksRequest with the operator's private key
// and sets the signature in the request.
func (c *relayClient) signGetChunksRequest(ctx context.Context, request *relaygrpc.GetChunksRequest) error {
hash := auth.HashGetChunksRequest(request)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To confirm, all the values of the request are being hashed right ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, as long as I didn't make a mistake when coding the hashing function. Makes me nervous writing these types of things by hand due to the possibility of human error.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good area to focus for auditors

@@ -0,0 +1,68 @@
package mock
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need a separate mock for relay?
don't we have an existing mock for IndexedChainState?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existing ChainDataMock struct has a bunch of internal logic that looks like it was written to support specific unit tests. I just need a mock implementation where I can use the pattern when X method is called with Y arguments, return Z.

// signGetChunksRequest signs the GetChunksRequest with the operator's private key
// and sets the signature in the request.
func (c *relayClient) signGetChunksRequest(ctx context.Context, request *relaygrpc.GetChunksRequest) error {
hash := auth.HashGetChunksRequest(request)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good area to focus for auditors

@cody-littley cody-littley merged commit ca5f699 into Layr-Labs:master Dec 19, 2024
8 checks passed
@cody-littley cody-littley deleted the sign-get-chunks branch December 19, 2024 14:49
@anupsv
Copy link
Contributor

anupsv commented Dec 19, 2024

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants