Skip to content

adds feature-gate code to enforce retransmitter signature verification#1840

Merged
behzadnouri merged 1 commit intoanza-xyz:masterfrom
behzadnouri:verify-retransmitter-signature-force
Jun 27, 2024
Merged

adds feature-gate code to enforce retransmitter signature verification#1840
behzadnouri merged 1 commit intoanza-xyz:masterfrom
behzadnouri:verify-retransmitter-signature-force

Conversation

@behzadnouri
Copy link
Copy Markdown

@behzadnouri behzadnouri commented Jun 24, 2024

Problem

Need to verify if the shred is retransmitted by the expected parent node in Turbine tree.

Summary of Changes

Added feature-gate code to enforce retransmitter signature verification

@behzadnouri behzadnouri force-pushed the verify-retransmitter-signature-force branch 2 times, most recently from 8abd1d5 to 3c11dfb Compare June 24, 2024 16:25
@behzadnouri behzadnouri force-pushed the verify-retransmitter-signature-force branch from 3c11dfb to 761f5fe Compare June 24, 2024 19:44
AshwinSekar
AshwinSekar approved these changes Jun 26, 2024
View reviewed changes
Copy link
Copy Markdown

@AshwinSekar AshwinSekar left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

The last step is then for replay to check if the last FEC set is of the resigned variant when this feature flag is turned on, similar to

agave/ledger/src/blockstore.rs

Line 3691 in 9ee36fa

pub fn is_last_fec_set_full(&self, slot: Slot) -> Result<bool> {
?

Or would we prefer to wait until the resigned variant is turned on, and discard any shred that is not resigned, similar to how we discard legacy shreds, which skips us having to check during replay.

@behzadnouri
Copy link
Copy Markdown
Author

behzadnouri commented Jun 27, 2024

wait until the resigned variant is turned on, and discard any shred that is not resigned, similar to how we discard legacy shreds, which skips us having to check during replay.

I don't think that would work.
We only require the very last erasure batch to be of resigned variant. But when you receive a shred you cannot tell if it belongs to the last erasure batch until you have received the data shred with LAST_SHRED_IN_SLOT flag.
So at the moment that you receive a shred, you cannot tell if it was supposed to be of resigned variant, and determine to drop or not if it is not resigned.

So I think we actually need to do what you described earlier:

for replay to check if the last FEC set is of the resigned variant when this feature flag is turned on

@behzadnouri behzadnouri merged commit 79cb077 into anza-xyz:master Jun 27, 2024
@behzadnouri behzadnouri deleted the verify-retransmitter-signature-force branch June 27, 2024 14:00
@behzadnouri behzadnouri mentioned this pull request Jul 19, 2024
Merged
samkim-crypto pushed a commit to samkim-crypto/agave that referenced this pull request Jul 31, 2024
@behzadnouri @samkim-crypto
adds feature-gate code to enforce retransmitter signature verification (
0667c1b 
anza-xyz#1840)
@mergify
Copy link
Copy Markdown

mergify Bot commented Aug 2, 2024

Backports to the beta branch are to be avoided unless absolutely necessary for fixing bugs, security issues, and perf regressions. Changes intended for backport should be structured such that a minimum effective diff can be committed separately from any refactoring, plumbing, cleanup, etc that are not strictly necessary to achieve the goal. Any of the latter should go only into master and ride the normal stabilization schedule. Exceptions include CI/metrics changes, CLI improvements and documentation updates on a case by case basis.

mergify Bot pushed a commit that referenced this pull request Aug 2, 2024
@behzadnouri @mergify
adds feature-gate code to enforce retransmitter signature verification (
e25812a 
#1840)

(cherry picked from commit 79cb077)

# Conflicts:
#	sdk/src/feature_set.rs
@mergify mergify Bot mentioned this pull request Aug 2, 2024
Merged
mergify Bot added a commit that referenced this pull request Aug 14, 2024
@mergify @behzadnouri
v2.0: adds feature-gate code to enforce retransmitter signature verif…
54d08d7 
…ication (backport of #1840) (#2415)

* adds feature-gate code to enforce retransmitter signature verification (#1840)

(cherry picked from commit 79cb077)

# Conflicts:
#	sdk/src/feature_set.rs

* resolves merge conflicts

---------

Co-authored-by: behzad nouri <behzadnouri@gmail.com>
@behzadnouri behzadnouri mentioned this pull request Nov 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AshwinSekar AshwinSekar AshwinSekar approved these changes

@carllin carllin Awaiting requested review from carllin

@bw-solana bw-solana Awaiting requested review from bw-solana

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@behzadnouri @AshwinSekar