feat(confidentialrelay): vendor SignedComputeRequest + Hash (PRIV-433)#2109
feat(confidentialrelay): vendor SignedComputeRequest + Hash (PRIV-433)#2109nadahalli wants to merge 5 commits into
Conversation
The relay DON (chainlink/core) cannot import confidential-compute (the dependency runs the other way), so vendor ComputeRequest/SignedComputeRequest and the canonical ComputeRequest.Hash into the confidentialrelay package. This lets the relay verify the Workflow DON's F+1 signatures over a forwarded compute request directly, the basis for replacing the separate WorkflowAuthz blob. Hash reuses this package's existing length-prefix helpers (byte-identical to the source's writeWithLength/writeLengthPrefix), so no duplicate helpers. Tests cover determinism, field-binding, and the intentional exclusion of EncryptedDecryptionKeyShares. Byte-for-byte conformance with the source Hash will be enforced by a test in confidential-compute (which can import this package); common cannot import CC.
|
👋 nadahalli, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
✅ API Diff Results -
|
There was a problem hiding this comment.
Pull request overview
This PR vendors the minimal ComputeRequest/SignedComputeRequest types and canonical ComputeRequest.Hash() logic into pkg/capabilities/v2/actions/confidentialrelay so the relay DON can verify the workflow DON’s existing F+1-signed compute request (without introducing a separate WorkflowAuthz blob and without adding a dependency from chainlink-common to confidential-compute).
Changes:
- Added vendored
ComputeRequest+SignedComputeRequesttypes andComputeRequest.Hash()implementation (intended to be byte-identical to confidential-compute). - Added self-contained tests covering hash determinism, field binding, and intentional exclusion of
EncryptedDecryptionKeyShares.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/capabilities/v2/actions/confidentialrelay/computerequest.go | Introduces vendored compute-request structs plus canonical hashing logic and domain separator. |
| pkg/capabilities/v2/actions/confidentialrelay/computerequest_test.go | Adds tests to lock in hashing behavior (determinism, field binding, excluded fields). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RequestID [32]byte `json:"requestID"` | ||
| PublicData []byte `json:"publicData"` | ||
| Ciphertexts [][]byte `json:"ciphertexts"` | ||
| CiphertextNames []string `json:"CiphertextNames"` | ||
| EncryptedDecryptionKeyShares [][][]byte `json:"encryptedDecryptionKeyShares"` |
There was a problem hiding this comment.
Intentional. This type is vendored verbatim from confidential-compute types.ComputeRequest, where the tag is json:"CiphertextNames" (capital C). The relay must marshal and unmarshal exactly what the enclave emits, so the tag has to match the source byte for byte. The capital C is a quirk in the source, but matching it is what preserves wire compatibility; changing it here is what would break it. Leaving as-is.
…tParams Add SignedComputeRequests []SignedComputeRequest to SecretsRequestParams: the F+1 Workflow-DON-signed compute requests the enclave forwards for the relay DON to verify. Excluded from the response hash, matching Attestation/EnclaveConfig.
…elper The relay DON verifies the F+1 Workflow DON signatures over a forwarded SignedComputeRequest by reconstructing the peerid domain-separated payload the nodes signed. Adds SignedComputeRequestSignaturePayload + the vendored prefix CONFIDENTIAL_COMPUTE_PAYLOAD_ (from CC util.GetConfidentialComputePayloadPrefix). The relay cannot import confidential-compute, so this lives here.
…-compute-request # Conflicts: # pkg/capabilities/v2/actions/confidentialrelay/types.go
Relay DON will verify the Workflow DON's existing F+1-signed SignedComputeRequest, which already carries
the authorized identity (owner/orgid/workflowID/executionID) in PublicData (the WorkflowExecution proto).
The relay DON lives in chainlink/core, which cannot import confidential-compute (the
dependency runs the other way). So this vendors the minimum from CC's types/types.go into
the confidentialrelay package:
to the source's), so no duplicate helpers
Tests are self-contained: determinism, field-binding, and the intentional exclusion of
EncryptedDecryptionKeyShares. chainlink-common cannot import confidential-compute, so the
byte-for-byte conformance check between this vendored Hash and the source belongs in
confidential-compute (which imports this package), as a follow-up.
Supersedes the WorkflowAuthz approach in #2108 (now draft). Follow-ups: the CC-side
conformance test, a SecretsRequestParams carrier field for the forwarded signed request(s),
and the relay-DON verifier.