feat(confidentialrelay): WorkflowAuthz authorization blob (PRIV-433)#2108
feat(confidentialrelay): WorkflowAuthz authorization blob (PRIV-433)#2108nadahalli wants to merge 5 commits into
Conversation
WorkflowAuthz binds {owner, orgid, workflowID, executionID, expiry} and is
F+1-signed by the Workflow DON. The relay reconstructs it from the GetSecrets
request and verifies the signatures so a compromised enclave cannot self-assert
a different owner. Adds the type, Validate, canonical Hash, the domain-separated
signing-payload helper, WorkflowAuthzSignature, and Expiry/AuthzSignatures on
SecretsRequestParams. Types only; mint (CC) and verify (core) follow.
|
👋 nadahalli, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
✅ API Diff Results -
|
There was a problem hiding this comment.
Pull request overview
Adds foundational types and hashing/validation logic for a workflow-DON-to-relay-DON authorization blob (“WorkflowAuthz” / WRAB) used to authorize confidential relay secrets requests beyond attestation, enabling the relay to verify F+1 workflow DON signatures over a canonical authorization hash.
Changes:
- Introduces
WorkflowAuthz,WorkflowAuthzSignature, and a domain-separated signing payload prefix for WRAB signatures. - Extends
SecretsRequestParamswithExpiryandAuthzSignatures, plusWorkflowAuthz()reconstruction from request params. - Adds unit tests for WRAB validation, determinism, field-binding, reconstruction, and domain separation.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/capabilities/v2/actions/confidentialrelay/types.go | Adds WRAB types, validation, hashing, and signature payload helper; extends secrets request params to carry WRAB data. |
| pkg/capabilities/v2/actions/confidentialrelay/types_test.go | Adds tests covering WRAB hash/validation/reconstruction and signature payload domain separation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ComputeRequest carries no signature expiry; matching that, WorkflowAuthz drops Expiry rather than introduce a clock value the F+1 Workflow DON signers would have to agree on. The blob stays bound to ExecutionID. Removes Expiry from WorkflowAuthz and SecretsRequestParams, the hash, Validate, and the reconstruction helper, plus tests.
Owner and ExecutionID validators accept any hex case, so the same logical value could hash differently across signer and verifier and break F+1 agreement. Lowercase both before hashing; OrgID and WorkflowID are opaque and hashed as-is. Addresses Copilot review on #2108.
First piece of PRIV-433 (relay DON validates enclave requests beyond attestation).
Adds the WorkflowAuthz contract to confidentialrelay: the workflow-DON-to-relay-DON
authorization blob binding {owner, orgid, workflowID, executionID}. Each Workflow DON
node signs WorkflowAuthz.Hash(); the relay reconstructs it from the GetSecrets request
and verifies F+1 signatures against EnclaveConfig.Signers, so a compromised enclave
cannot self-assert a different owner than the Workflow DON authorized. owner is the
gate; orgid is bound but not gating (deprecated for ownership).
The Vault DON only ever returns secrets belonging to the requested owner, via its own
keying/matching logic (Owner::Namespace::Key). WorkflowAuthz is what guarantees that
requested owner is the one the Workflow DON authorized rather than one a compromised
enclave asserted; the Vault DON's matching then scopes retrieval to that owner.
No expiry on the blob: ComputeRequest carries no signature expiry, and an expiry would
force the F+1 Workflow DON signers to agree on a clock value. The blob is bound to
ExecutionID instead.
Types only:
Mint+sign (confidential-compute) and the relay verifier (chainlink core) land in follow-ups.