Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: node signature verification for queries #784

Merged
merged 36 commits into from
Nov 7, 2023
Merged

feat: node signature verification for queries #784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
58aba0a
feat: adds node signatures to query response types
krpeacock Oct 3, 2023
c6b21bf
verification wip
krpeacock Oct 6, 2023
55f3f88
refactor using node keys and domain separator - still not working
krpeacock Oct 6, 2023
72dd661
uncommenting status, more useful test case
krpeacock Oct 6, 2023
53a2658
trimming der prefix from pubkey
krpeacock Oct 6, 2023
ecf5ef4
hash of map for reply
krpeacock Oct 18, 2023
2a10ed9
reject status flow
krpeacock Oct 18, 2023
fa18735
moving fetchNodeKeys to canisterStatus
krpeacock Oct 18, 2023
06f5845
updating e2e tests
krpeacock Oct 20, 2023
3d110e5
type safety
krpeacock Oct 20, 2023
cadc406
mitm wip
krpeacock Oct 23, 2023
95f8ad2
e2e tests using vitest
krpeacock Oct 23, 2023
5da9f94
fixing browser tests
krpeacock Oct 23, 2023
831d951
more test changes
krpeacock Oct 23, 2023
0379d81
size limit
krpeacock Oct 23, 2023
80bef81
mitmdump
krpeacock Oct 24, 2023
f34e122
replaces tweetnacl with @noble/curves
krpeacock Oct 24, 2023
a0f2ebd
more ed25519 tests and compatibility with previous stored JSON
krpeacock Oct 24, 2023
2e81ce2
updating browser tests to use direct host
krpeacock Oct 24, 2023
6969bbc
changelog
krpeacock Oct 24, 2023
bbc7f28
Merge branch 'main' into kyle/SDK-1216-node-signature-verification
krpeacock Oct 31, 2023
a26a7e4
Merge branch 'main' into kyle/SDK-1216-node-signature-verification
krpeacock Nov 1, 2023
40fa5d8
http test cleanup
krpeacock Nov 1, 2023
65204ef
moving public key into agent
krpeacock Nov 1, 2023
5cf8707
simplifying @dfinity/identity with agent exports
krpeacock Nov 2, 2023
a29dd77
Update packages/agent/src/agent/http/index.ts
krpeacock Nov 2, 2023
a493bf8
finalizing der transfer from @dfinity/identity
krpeacock Nov 2, 2023
fba09bf
subnetStatus mapping node id to publc key
krpeacock Nov 2, 2023
c22c4e7
lookup_path now returns tree by default
krpeacock Nov 2, 2023
f22c502
fix: hashOfMap should recursively handle passed objects
krpeacock Nov 3, 2023
aac5d6f
bumping size limit
krpeacock Nov 3, 2023
a899a3c
query correctly fails when subnetStatus fails
krpeacock Nov 3, 2023
c0ff8dc
fix: canister ranges checked for root subnet
krpeacock Nov 6, 2023
8916a98
Merge branch 'main' into kyle/SDK-1216-node-signature-verification
krpeacock Nov 6, 2023
7cf9f9f
fix: sets maxAge for delegation certificates to
krpeacock Nov 6, 2023
cc92ea5
changelog update
krpeacock Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions canister_ids.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
{
"counter": {
"ic": "tnnnb-2yaaa-aaaab-qaiiq-cai"
},
"docs": {
"ic": "erxue-5aaaa-aaaab-qaagq-cai"
}
Expand Down
21 changes: 21 additions & 0 deletions docs/generated/changelog.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,27 @@ <h1>Agent-JS Changelog</h1>
<section>
<h2>Version x.x.x</h2>
<ul>
<ul>
<strong>feat!: node signature verification</strong
><br />
This feature includes additional changes in support of testing and releasing the feature:
<br />
<li>Mainnet e2e tests for queries and calls</li>
<li>published counter canister</li>
<li>
New HttpAgent option - verifyQuerySignatures. Defaults to true, but allows you to opt
out of verification. Useful for testing against older replica versions
</li>
<li>Introducing ed25519 logic to agent for validating node signatures</li>
<li>Standardizing around @noble/curves instead of tweetnacl in @dfinity/identity</li>
<li>
new export - hashOfMap from agent, matching the naming used in the interface
specification
</li>
<li>new unit tests</li>
<li>new Verify export on ed25519 because why not</li>
</ul>
<li>Adds support for Uint8Arrays in Principal.from()</li>
<li>
chore: increases size limit for agent-js to allow for Ed25519 support for node key
signature verification
Expand Down
11 changes: 11 additions & 0 deletions e2e/node/basic/mitm.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,14 @@ mitmTest(
},
{ timeout: 30000 },
);

mitmTest('mitm with query verification', async () => {
const counter = await createActor('tnnnb-2yaaa-aaaab-qaiiq-cai', {
agent: await makeAgent({
host: 'http://127.0.0.1:8888',
verifyQuerySignatures: true,
}),
});
await expect(counter.greet('counter')).rejects.toThrow(/Invalid certificate/);
await expect(counter.queryGreet('counter')).rejects.toThrow(/Invalid certificate/);
});
2 changes: 2 additions & 0 deletions e2e/node/utils/agent.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ if (Number.isNaN(port)) {
export const makeAgent = async (options?: HttpAgentOptions) => {
const agent = new HttpAgent({
host: `http://127.0.0.1:${process.env.REPLICA_PORT ?? 4943}`,
// TODO - remove this when the dfx replica supports it
verifyQuerySignatures: false,
...options,
});
try {
Expand Down