Conversation
diegomrsantos
force-pushed
the
signature-verification
branch
3 times, most recently
from
1a02e0e to
25b3396
Compare
diegomrsantos
force-pushed
the
signature-verification
branch
from
25b3396 to
0e59810
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the SSV message validation flow by introducing a new ValidationContext and integrating signature verification using OpenSSL. Key changes include:
- Replacing multiple function parameters with a unified ValidationContext across validation functions.
- Adding signature verification logic using OpenSSL in the consensus message validation.
- Updating tests and documentation to align with the new ValidationContext approach.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| anchor/message_validator/src/partial_signature.rs | Refactored usage of parameters to use ValidationContext in partial signature validation. |
| anchor/message_validator/src/lib.rs | Introduced the ValidationContext struct and updated operator public key retrieval. |
| anchor/message_validator/src/consensus_state.rs | Enhanced documentation and minor refactoring in operator and signer state handling. |
| anchor/message_validator/src/consensus_message.rs | Integrated ValidationContext into consensus message validation and added signature verification using OpenSSL. |
| anchor/message_validator/Cargo.toml | Added OpenSSL dependency and cleaned up dev-dependencies. |
Comments suppressed due to low confidence (2)
anchor/message_validator/src/consensus_state.rs:205
- Review the use of 'into()' on the slice of OperatorId; ensure that the conversion to the type used in 'seen_signers' is correct and functions as expected.
self.seen_signers.contains(&operators.into())
anchor/message_validator/src/consensus_message.rs:267
- [nitpick] Consider aligning the naming of the parameter 'operators_pks' with the field 'operators_pk' in ValidationContext for consistency.
if signatures.len() != operators_pks.len() {
d7f0caa to
ec34b0f
Compare
# Conflicts: # anchor/client/src/config.rs # anchor/message_validator/src/consensus_message.rs # anchor/message_validator/src/consensus_state.rs # anchor/message_validator/src/lib.rs # anchor/message_validator/src/partial_signature.rs # anchor/network/src/network.rs # anchor/validator_store/src/lib.rs
There was a problem hiding this comment.
Pull Request Overview
This pull request refactors the signature verification logic by introducing a centralized ValidationContext and updates several message validation functions and tests to use this new context. Key changes include:
- Replacing multiple function parameters with a single ValidationContext struct in partial signature and consensus message verification.
- Integrating OpenSSL-based signature verification into the validation flows.
- Updating tests to reflect the new ValidationContext usage and enhanced signature verification.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| anchor/message_validator/src/partial_signature.rs | Refactored validation functions to use the new ValidationContext. |
| anchor/message_validator/src/lib.rs | Introduced helper functions for signature verification using OpenSSL. |
| anchor/message_validator/src/consensus_state.rs | Updated documentation and minor code improvements. |
| anchor/message_validator/src/consensus_message.rs | Updated consensus message validation to use ValidationContext; added signature verification. |
| anchor/message_validator/Cargo.toml | Added OpenSSL dependency and removed unused dev-dependencies. |
Comments suppressed due to low confidence (1)
anchor/message_validator/src/lib.rs:363
- Consider including additional context, such as the operator ID if available, in the 'Signature verification failed' error message to assist in debugging.
Ok(false) => Err(ValidationFailure::SignatureVerificationFailed {
Zacholme7
left a comment
Zacholme7
left a comment
There was a problem hiding this comment.
small comments, otherwise looking good!
| Processor(#[from] ::processor::Error), | ||
| } | ||
|
|
||
| struct ValidationContext<'a> { |
There was a problem hiding this comment.
Are the borrows here just to reduce some clone overheads?
| } | ||
| } | ||
|
|
||
| fn get_operator_pks( |
There was a problem hiding this comment.
nit: I would probably extract this into a function in state.rs instead of keeping it here.
There was a problem hiding this comment.
why? It's not related to the consensus state
There was a problem hiding this comment.
I meant state.rs in the database as this function deals with fetching state. But if this is the only place this is needed then there is not much point in moving it I suppose
There was a problem hiding this comment.
I see, yeah it's used only here
anchor/message_validator/src/lib.rs
Outdated
| signed_ssv_message: &SignedSSVMessage, | ||
| committee_info: &CommitteeInfo, | ||
| role: Role, | ||
| validation_context: &ValidationContext, |
There was a problem hiding this comment.
I like that the ValidationContext borrows its contents, but borrowing again here basically creates a double indirection. Wdyt about passing the context by value?
There was a problem hiding this comment.
Or, alternatively, having the Context own the values and passing around a reference, which is maybe even better.
There was a problem hiding this comment.
Good catch! But if it owns the values, we'll have to copy it when creating the struct. Is it necessary?
There was a problem hiding this comment.
Moving the values once might have better performance than having one additional level of pointer indirection during the whole of validation. But I don't know. We can also go ahead with my first suggestion if you prefer that.
There was a problem hiding this comment.
Now I remember that the reason I passed it as a ref is to avoid it being moved. Doesn't the compiler optimize away the indirections?
There was a problem hiding this comment.
If I move it to a function, it can't be used anymore
There was a problem hiding this comment.
Ah, you mean the indirections. The contents of the struct aren’t mutated anywhere, so there’s no reason to keep loading them from memory many times.
|
@dknopik @Zacholme7 is there anything pending? |
|
Gonna test it on interop tomorrow, after that I think we are good to go imo |
Issue Addressed
#161
Proposed Changes
This pull request adds signature verification and refactors the validation logic by introducing a centralized ValidationContext and updates several message validation functions and tests to use this new context. Key changes include: