-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add confidentiality feature to the EVM module #855
Conversation
Codecov Report
@@ Coverage Diff @@
## main #855 +/- ##
==========================================
+ Coverage 67.58% 67.72% +0.14%
==========================================
Files 123 124 +1
Lines 9707 9742 +35
==========================================
+ Hits 6560 6598 +38
+ Misses 3122 3119 -3
Partials 25 25
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, let's go with the feature flag for now.
Would be great to have some E2E tests as well just to make sure that this actually works.
0628af2
to
cd8ff98
Compare
@kostko want to take a second pass? I made the confidentiality into a config option and added tests. I think we should be good now? |
cd8ff98
to
e33ce42
Compare
]); | ||
let keypair = kmgr_client | ||
.get_or_create_keys(key_id) | ||
.expect("unable to retrieve confidential storage keys"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is even better to propagate a proper aborting error (e.g. see the Abort
error in the contracts
module) as a panic will trigger a runtime restart.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with you, but it doesn't look like that's quite possible given that the evm
crate expects fetching storage to be infallible.
If this stateless code is the right approach, I don't want modify the evm
crate for this strange requirement, as changing the trait will introduce a lot of noise that might make it hard to rebase onto upstream. Why not modify dispatch_tx
to also std::panic::catch_unwind
and turn it into a batch failure? That would solve the symptom.
Alternatively, key fetch can be preflighted at the start of the batch where it aborts. That'd rule out permanent failures, but there can still be transients that would cause abort. Is it really that bad?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not modify dispatch_tx to also std::panic::catch_unwind and turn it into a batch failure? That would solve the symptom.
Ah yes, that would also work, can you open an issue for this?
e33ce42
to
c94b02f
Compare
c94b02f
to
0487bf6
Compare
This PR adds a feature flag,
confidential
, to the EVM module such that when it's enabled, all stores will be made to confidential storage. If the key manager isn't dispensing keys, the requester will receive zeros.