Skip to content

Commit

Permalink
Update replication.proto with range-based fields for batch processing…
Browse files Browse the repository at this point in the history 
… of authorization requests.

Change-Id: Ic0bcf337be5bf3491613d0f33f81898e2df4bca2
  • Loading branch information
@rakshita-tandon
rakshita-tandon committed Oct 14, 2024
1 parent 9b77aca commit e7e5e34
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 8 deletions.
76 changes: 69 additions & 7 deletions ledger_service/proto/replication.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,14 @@ message CreateKeyEvent {
google.protobuf.Timestamp expiration = 4;
}

// Range of records with an inclusive start and exclusive end.
message Range {
// Beginning of the range, inclusive.
bytes start = 1;
// End of the range, exclusive.
bytes end = 2;
}

// Replication event generated in response to processing AuthorizeAccess
// request.
//
Expand All @@ -60,26 +68,59 @@ message AuthorizeAccessEvent {
uint64 transform_index = 3;

// The serialized fcp.confidentialcompute.BlobHeader of the blob being
// accessed.
bytes blob_header = 4;
// accessed. Deprecated, use BlobMetadata.blob_header instead.
bytes blob_header = 4 [deprecated = true];

// Encapsulated HPKE secret key used (along with one of the Ledger's private
// keys) to decrypt `encrypted_symmetric_key`. The encapsulated key will have
// been produced as part of encrypting the blob's symmetric key using HPKE.
bytes encapsulated_key = 5;
// Deprecated, use BlobMetadata.encapsulated_key instead.
bytes encapsulated_key = 5 [deprecated = true];

// The blob's encrypted symmetric key, used to encrypt the blob data using
// AEAD. This symmetric key should have been encrypted using the Ledger-owned
// public key indicated in the blob header.
bytes encrypted_symmetric_key = 6;
// Deprecated, use BlobMetadata.encrypted_symmetric_key instead.
bytes encrypted_symmetric_key = 6 [deprecated = true];

// The public key to use to encrypt the response.
bytes recipient_public_key = 7;

// Nonce used by the recipient to ensure the same AuthorizeAccessResponse
// cannot be replayed multiple times by an unsealed portion of the stack to
// cause it to process the same data multiple times.
bytes recipient_nonce = 8;
// Deprecated, use BlobMetadata.recipient_nonce instead.
bytes recipient_nonce = 8 [deprecated = true];

// Optional. The range of blobs to authorize access to in batches.
// If there is only a single blob, this field can be left unset.
Range blob_range = 9;

// The metadata of the blobs pertaining to the given range. This MUST be
// provided for range-based batch authorization requests.
repeated BlobMetadata blob_metadata = 10;

message BlobMetadata {
// The serialized fcp.confidentialcompute.BlobHeader of the blob being
// accessed.
bytes blob_header = 1;

// Encapsulated HPKE secret key used (along with one of the Ledger's private
// keys) to decrypt `encrypted_symmetric_key`. The encapsulated key will
// have been produced as part of encrypting the blob's symmetric key using
// HPKE.
bytes encapsulated_key = 2;

// The blob's encrypted symmetric key, used to encrypt the blob data using
// AEAD. This symmetric key should have been encrypted using the
// Ledger-owned public key indicated in the blob header.
bytes encrypted_symmetric_key = 3;

// Nonce used by the recipient to ensure the same AuthorizeAccessResponse
// cannot be replayed multiple times by an unsealed portion of the stack to
// cause it to process the same data multiple times.
bytes recipient_nonce = 4;
}
}

// Combined replication event - this is used to propagate the pending command
Expand Down Expand Up @@ -110,13 +151,34 @@ message BlobBudgetSnapshot {
repeated uint32 shared_access_budgets = 3;
}

// Snapshot of the range budget.
message RangeBudgetSnapshot {
// Beginning of all ranges, inclusive.
repeated bytes start = 1;
// End (exclusive) of all ranges corresponding to each `start` above.
// This list must be the same length as `start`.
repeated bytes end = 2;
// Remaining budget for each range above. This list must be the same length as
// `start` and `end`.
repeated uint32 remaining_budget = 3;
// Default budget that all entries not covered by any ranges above will use.
uint32 default_budget = 4;
}

// Snapshot of state associated with a single access policy.
message PerPolicyBudgetSnapshot {
// Access policy SHA-256 hash
bytes access_policy_sha256 = 1;

// Per-blob budgets.
repeated BlobBudgetSnapshot budgets = 2;
// Per-blob budgets. Deprected, use `transform_access_budgets` and
// `shared_access_budgets` instead.
repeated BlobBudgetSnapshot budgets = 2 [deprecated = true];

// Per-transform budgets.
repeated RangeBudgetSnapshot transform_access_budgets = 3;

// Budgets that are shared between transforms.
repeated RangeBudgetSnapshot shared_access_budgets = 4;
}

// Snapshot of budget state.
Expand Down
7 changes: 7 additions & 0 deletions ledger_service/src/budget.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -866,6 +866,7 @@ mod tests {
transform_access_budgets: vec![1],
shared_access_budgets: vec![],
}],
..Default::default()
}],
consumed_budgets: vec![],
}
Expand Down Expand Up @@ -905,6 +906,7 @@ mod tests {
per_policy_snapshots: vec![PerPolicyBudgetSnapshot {
access_policy_sha256: policy_hash.to_vec(),
budgets: vec![],
..Default::default()
}],
consumed_budgets: vec![blob_id.to_vec()],
}
Expand All @@ -926,6 +928,7 @@ mod tests {
transform_access_budgets: vec![1],
shared_access_budgets: vec![],
}],
..Default::default()
},
PerPolicyBudgetSnapshot {
access_policy_sha256: b"hash2".to_vec(),
Expand All @@ -941,6 +944,7 @@ mod tests {
shared_access_budgets: vec![12, 13, 14],
},
],
..Default::default()
},
],
consumed_budgets: vec![b"_____blob_____4_".to_vec(), b"_____blob_____5_".to_vec()],
Expand Down Expand Up @@ -993,10 +997,12 @@ mod tests {
PerPolicyBudgetSnapshot {
access_policy_sha256: b"hash1".to_vec(),
budgets: vec![],
..Default::default()
},
PerPolicyBudgetSnapshot {
access_policy_sha256: b"hash1".to_vec(),
budgets: vec![],
..Default::default()
}
],
consumed_budgets: vec![]
Expand All @@ -1017,6 +1023,7 @@ mod tests {
BlobBudgetSnapshot { blob_id: b"blob1".to_vec(), ..Default::default() },
BlobBudgetSnapshot { blob_id: b"blob1".to_vec(), ..Default::default() },
],
..Default::default()
},],
consumed_budgets: vec![]
}),
Expand Down
6 changes: 5 additions & 1 deletion ledger_service/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ impl LedgerService {
encrypted_symmetric_key: request.encrypted_symmetric_key,
recipient_public_key: request.recipient_public_key,
recipient_nonce: request.recipient_nonce,
..Default::default()
})
}

Expand Down Expand Up @@ -1694,7 +1695,8 @@ mod tests {
blob_id: "blob-id\0\0\0\0\0\0\0\0\0".into(),
transform_access_budgets: vec![0],
shared_access_budgets: vec![],
}]
}],
..Default::default()
}],
consumed_budgets: vec![],
}),
Expand Down Expand Up @@ -1727,6 +1729,7 @@ mod tests {
blob_id: b"_____blob_____1_".to_vec(),
..Default::default()
}],
..Default::default()
}],
consumed_budgets: vec![],
}),
Expand Down Expand Up @@ -1822,6 +1825,7 @@ mod tests {
blob_id: b"blob-id".to_vec(),
..Default::default()
}],
..Default::default()
}],
consumed_budgets: vec![],
}),
Expand Down

0 comments on commit e7e5e34

Please sign in to comment.