Add EnclaveConfig to confidentialrelay request params (PRIV-458)#2063
Open
nadahalli wants to merge 1 commit into
Open
Add EnclaveConfig to confidentialrelay request params (PRIV-458)#2063nadahalli wants to merge 1 commit into
nadahalli wants to merge 1 commit into
Conversation
SecretsRequestParams and CapabilityRequestParams now carry an EnclaveConfig field describing the enclave's current Signers, MasterPublicKey, T, and F. The relay-DON handler in chainlink/core uses this to compare against onchain DON state before treating an attested request as trusted. Without this field, the request's Nitro attestation cryptographically binds the request hash but does not let the relay see the enclave's config. A malicious host can produce a genuinely-attested request over a forged enclave config and have it accepted. This closes the gap Sigma Prime CL112-01 identified, mirroring the pool.go-side hardening in confidential-compute #329. EnclaveConfig is defined as a parallel struct in this package rather than imported from confidential-compute to keep the dependency direction one-way. The fields match types.EnclaveConfig there and the enclave fills this struct from its local instance before sending. Validate enforces non-empty Signers, F > 0, and non-empty MasterPublicKey. The canonical hash for relay-response signing now binds every field with Signers sorted so that two logically-equivalent configs hash the same regardless of Signer ordering.
|
👋 nadahalli, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens confidential relay requests by requiring callers to include an EnclaveConfig payload (signers, master public key, and threshold parameters) so downstream relay handlers can verify the enclave configuration against on-chain DON state after attestation validation (PRIV-458 / Sigma Prime CL112-01).
Changes:
- Added
EnclaveConfigtoSecretsRequestParamsandCapabilityRequestParamsand made it required viaValidate(). - Included
EnclaveConfigin the canonical response-hash input (with signer ordering canonicalized by sorting). - Added focused unit tests covering validation requirements and hash binding / stability under signer reordering.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
pkg/capabilities/v2/actions/confidentialrelay/types.go |
Adds EnclaveConfig, validates it, and binds it into canonical hashing with order-independent signer handling. |
pkg/capabilities/v2/actions/confidentialrelay/types_test.go |
Updates request param fixtures and adds tests for EnclaveConfig validation and hash binding/canonicalization. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SecretsRequestParams and CapabilityRequestParams now carry an
EnclaveConfig field describing the enclave's current Signers,
MasterPublicKey, T, and F. The relay-DON handler in chainlink/core
will use this to compare against onchain DON state before treating
an attested request as trusted.
Without this field, the request's Nitro attestation binds the request
hash but does not let the relay see the enclave's config. A malicious
host can produce a genuinely-attested request over a forged enclave
config and have it accepted. This closes the gap Sigma Prime CL112-01
identified, mirroring the pool.go-side hardening in
smartcontractkit/confidential-compute#329.
EnclaveConfig is a parallel struct in this package, not imported from
confidential-compute, to keep the dependency direction one-way. Fields
match types.EnclaveConfig there; the enclave will fill this struct
from its local instance before sending. Validate enforces non-empty
Signers, F > 0, non-empty MasterPublicKey. The relay-response hash
binds every field with Signers sorted so logically-equivalent configs
hash the same regardless of Signer ordering.
Rollout (Stage 2 of PRIV-458):
on every outgoing relay request.
onchain DON state in handleSecretsGet and handleCapabilityExecute.
Existing callers that do not set EnclaveConfig will now fail
Validate. This is intentional: the field is required for the relay
to perform the audit-recommended check.
Jira: https://smartcontract-it.atlassian.net/browse/PRIV-458