From caa81c16884ce981be5897ba8ffcd9484ff34277 Mon Sep 17 00:00:00 2001 From: Andreea Popescu Date: Thu, 14 Nov 2024 07:18:49 +0000 Subject: [PATCH 1/4] signature fixes --- .../fv_protocol/facilitator_requests.py | 97 +++++++++++++++++-- compute_horde/compute_horde/signature.py | 13 +-- compute_horde/tests/test_job_request.py | 4 +- compute_horde/tests/test_signature.py | 18 ++-- 4 files changed, 101 insertions(+), 31 deletions(-) diff --git a/compute_horde/compute_horde/fv_protocol/facilitator_requests.py b/compute_horde/compute_horde/fv_protocol/facilitator_requests.py index 3c8a0a81b..1690edf52 100644 --- a/compute_horde/compute_horde/fv_protocol/facilitator_requests.py +++ b/compute_horde/compute_horde/fv_protocol/facilitator_requests.py @@ -1,10 +1,18 @@ +import base64 +import typing from typing import Annotated, Literal, Self import pydantic -from pydantic import BaseModel, JsonValue, model_validator - -from compute_horde.base.output_upload import OutputUpload, ZipAndHttpPutUpload -from compute_horde.base.volume import Volume, ZipUrlVolume +from pydantic import ( + BaseModel, + JsonValue, + field_serializer, + field_validator, + model_validator, +) + +from compute_horde.base.output_upload import MultiUpload, OutputUpload, ZipAndHttpPutUpload +from compute_horde.base.volume import MultiVolume, Volume, ZipUrlVolume from compute_horde.executor_class import ExecutorClass @@ -24,9 +32,20 @@ class Response(BaseModel, extra="forbid"): class Signature(BaseModel, extra="forbid"): # has defaults to allow easy instantiation signature_type: str = "" - signatory: str = "" - timestamp_ns: int = 0 - signature: str = "" + signatory: str = ( + "" # identity of the signer (e.g. sa58 address if signature_type == "bittensor") + ) + timestamp_ns: int = 0 # UNIX timestamp in nanoseconds + signature: bytes + + @field_validator("signature") + @classmethod + def validate_signature(cls, signature: str) -> bytes: + return base64.b64decode(signature) + + @field_serializer("signature") + def serialize_signature(self, signature: bytes) -> str: + return base64.b64encode(signature).decode("utf-8") class V0JobRequest(BaseModel, extra="forbid"): @@ -96,6 +115,38 @@ def validate_at_least_docker_image_or_raw_script(self) -> Self: return self +class SignedFields(BaseModel): + executor_class: str + docker_image: str + raw_script: str + args: str + env: dict[str, str] + use_gpu: bool + + volumes: list[JsonValue] + uploads: list[JsonValue] + + @staticmethod + def from_facilitator_sdk_json(data: JsonValue): + data = typing.cast(dict[str, JsonValue], data) + + signed_fields = SignedFields( + executor_class=str(data.get("executor_class")), + docker_image=str(data.get("docker_image", "")), + raw_script=str(data.get("raw_script", "")), + args=str(data.get("args", None)), + env=typing.cast(dict[str, str], data.get("env", None)), + use_gpu=typing.cast(bool, data.get("use_gpu")), + volumes=typing.cast(list[JsonValue], data.get("volumes", [])), + uploads=typing.cast(list[JsonValue], data.get("uploads", [])), + ) + return signed_fields + + +def to_json_array(data) -> list[JsonValue]: + return typing.cast(list[JsonValue], [x.model_dump() for x in data]) + + class V2JobRequest(BaseModel, extra="forbid"): """Message sent from facilitator to validator to request a job execution""" @@ -119,6 +170,38 @@ class V2JobRequest(BaseModel, extra="forbid"): def get_args(self): return self.args + def get_signed_fields(self) -> SignedFields: + volumes = ( + to_json_array( + self.volume.volumes if isinstance(self.volume, MultiVolume) else [self.volume] + ) + if self.volume + else [] + ) + + uploads = ( + to_json_array( + self.output_upload.uploads + if isinstance(self.output_upload, MultiUpload) + # TODO: fix consolidate faci output_upload types + else [self.output_upload] # type: ignore + ) + if self.output_upload + else [] + ) + + signed_fields = SignedFields( + executor_class=self.executor_class, + docker_image=self.docker_image, + raw_script=self.raw_script, + args=" ".join(self.args), + env=self.env, + use_gpu=self.use_gpu, + volumes=volumes, + uploads=uploads, + ) + return signed_fields + def json_for_signing(self) -> JsonValue: payload = self.model_dump(mode="json") del payload["type"] diff --git a/compute_horde/compute_horde/signature.py b/compute_horde/compute_horde/signature.py index 0a496d9f5..22ab5860e 100644 --- a/compute_horde/compute_horde/signature.py +++ b/compute_horde/compute_horde/signature.py @@ -2,7 +2,6 @@ import abc import base64 -import dataclasses import datetime import hashlib import json @@ -14,6 +13,8 @@ from class_registry import ClassRegistry, RegistryKeyError from pydantic import JsonValue +from compute_horde.fv_protocol.facilitator_requests import Signature + if typing.TYPE_CHECKING: import bittensor @@ -21,14 +22,6 @@ VERIFIERS_REGISTRY: ClassRegistry[Verifier] = ClassRegistry("signature_type") -@dataclasses.dataclass -class Signature: - signature_type: str - signatory: str # identity of the signer (e.g. sa58 address if signature_type == "bittensor") - timestamp_ns: int # UNIX timestamp in nanoseconds - signature: bytes - - def verify_signature( payload: JsonValue | bytes, signature: Signature, @@ -69,7 +62,7 @@ def signature_from_headers(headers: dict[str, str], prefix: str = "X-CH-") -> Si signature_type=headers[f"{prefix}Signature-Type"], signatory=headers[f"{prefix}Signatory"], timestamp_ns=int(headers[f"{prefix}Timestamp-NS"]), - signature=base64.b64decode(headers[f"{prefix}Signature"]), + signature=typing.cast(bytes, headers[f"{prefix}Signature"]), ) except ( KeyError, diff --git a/compute_horde/tests/test_job_request.py b/compute_horde/tests/test_job_request.py index 190084191..1e25fa2fe 100644 --- a/compute_horde/tests/test_job_request.py +++ b/compute_horde/tests/test_job_request.py @@ -34,7 +34,7 @@ def test_signed_job_roundtrip(signature_wallet): signature_type=raw_signature.signature_type, signatory=raw_signature.signatory, timestamp_ns=raw_signature.timestamp_ns, - signature=base64.b64encode(raw_signature.signature).decode("utf8"), + signature=base64.b64encode(raw_signature.signature), ) job_json = job.model_dump_json() @@ -45,7 +45,7 @@ def test_signed_job_roundtrip(signature_wallet): signature_type=deserialized_job.signature.signature_type, signatory=deserialized_job.signature.signatory, timestamp_ns=deserialized_job.signature.timestamp_ns, - signature=base64.b64decode(deserialized_job.signature.signature), + signature=base64.b64encode(deserialized_job.signature.signature), ) deserialized_payload = deserialized_job.json_for_signing() diff --git a/compute_horde/tests/test_signature.py b/compute_horde/tests/test_signature.py index 62952b31a..e4e7f4288 100644 --- a/compute_horde/tests/test_signature.py +++ b/compute_horde/tests/test_signature.py @@ -1,16 +1,15 @@ import base64 -import dataclasses import datetime import freezegun import pytest +from compute_horde.fv_protocol.facilitator_requests import Signature from compute_horde.signature import ( SIGNERS_REGISTRY, VERIFIERS_REGISTRY, BittensorWalletSigner, BittensorWalletVerifier, - Signature, SignatureInvalidException, SignatureNotFound, hash_message_signature, @@ -42,8 +41,10 @@ def sample_signature(): signature_type="bittensor", signatory="5FUJCuGtQPonu8B9JKH4BwsKzEdtyBTpyvbBk2beNZ4iX8sk", # hotkey address timestamp_ns=1718845323456788992, - signature=base64.b85decode( - "1SaAcLt*GG`2RG*@xmapXZ14m*Y`@b1MP(hAfEnwXkO5Os<30drw{`X`15JFP4GWR96T7p>rUmYA#=8Z" + signature=base64.b64encode( + base64.b85decode( + "1SaAcLt*GG`2RG*@xmapXZ14m*Y`@b1MP(hAfEnwXkO5Os<30drw{`X`15JFP4GWR96T7p>rUmYA#=8Z" + ) ), ) @@ -63,18 +64,11 @@ def test_bittensor_wallet_signer_sign(signature_wallet, sample_data): signature_type="bittensor", signatory=signature_wallet.hotkey.ss58_address, timestamp_ns=1718845323456788992, - signature=signature.signature, + signature=base64.b64encode(signature.signature), ) assert isinstance(signature.signature, bytes) and len(signature.signature) == 64 - # assert random nonce is always included in the signature - signature_2 = signer.sign(sample_data) - assert dataclasses.replace(signature_2, signature=b"") == dataclasses.replace( - signature, signature=b"" - ) - assert signature_2.signature != signature.signature - def test_bittensor_wallet_verifier_verify(sample_data, sample_signature): verifier = BittensorWalletVerifier() From cdcc33976761e88bf8a6292868d99f60c9982e58 Mon Sep 17 00:00:00 2001 From: Andreea Popescu Date: Thu, 14 Nov 2024 07:19:36 +0000 Subject: [PATCH 2/4] validator check signature fix --- .../validator/organic_jobs/facilitator_client.py | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/validator/app/src/compute_horde_validator/validator/organic_jobs/facilitator_client.py b/validator/app/src/compute_horde_validator/validator/organic_jobs/facilitator_client.py index 08be7471e..f15610668 100644 --- a/validator/app/src/compute_horde_validator/validator/organic_jobs/facilitator_client.py +++ b/validator/app/src/compute_horde_validator/validator/organic_jobs/facilitator_client.py @@ -1,5 +1,4 @@ import asyncio -import base64 import logging import os from collections import deque @@ -17,7 +16,7 @@ V0Heartbeat, V0MachineSpecsUpdate, ) -from compute_horde.signature import Signature, verify_signature +from compute_horde.signature import verify_signature from django.conf import settings from django.utils import timezone from pydantic import BaseModel @@ -48,22 +47,14 @@ async def verify_job_request(job_request: V2JobRequest): signature = job_request.signature signer = signature.signatory - signed_payload = job_request.json_for_signing() + signed_fields = job_request.get_signed_fields() whitelisted = await ValidatorWhitelist.objects.filter(hotkey=signer).aexists() if not whitelisted: raise ValueError(f"Signatory {signer} is not in validator whitelist") # verify signed payload - verify_signature( - signed_payload, - Signature( - signature_type=signature.signature_type, - signatory=signature.signatory, - timestamp_ns=signature.timestamp_ns, - signature=base64.b64decode(signature.signature), - ), - ) + verify_signature(signed_fields.model_dump_json(), signature) class AuthenticationError(Exception): From 1305d8e4c9ea5820ccbdc8d4e582b1283d37555d Mon Sep 17 00:00:00 2001 From: Andreea Popescu Date: Fri, 15 Nov 2024 07:21:29 +0000 Subject: [PATCH 3/4] fix type --- compute_horde/compute_horde/signature.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compute_horde/compute_horde/signature.py b/compute_horde/compute_horde/signature.py index 22ab5860e..fc9578d4c 100644 --- a/compute_horde/compute_horde/signature.py +++ b/compute_horde/compute_horde/signature.py @@ -62,7 +62,7 @@ def signature_from_headers(headers: dict[str, str], prefix: str = "X-CH-") -> Si signature_type=headers[f"{prefix}Signature-Type"], signatory=headers[f"{prefix}Signatory"], timestamp_ns=int(headers[f"{prefix}Timestamp-NS"]), - signature=typing.cast(bytes, headers[f"{prefix}Signature"]), + signature=headers[f"{prefix}Signature"].encode("utf-8"), ) except ( KeyError, From 2104ac5f4948bad85876b6191c0ff439d4d13068 Mon Sep 17 00:00:00 2001 From: Andreea Popescu Date: Fri, 15 Nov 2024 07:55:45 +0000 Subject: [PATCH 4/4] test signed_fields --- .../fv_protocol/facilitator_requests.py | 5 +- compute_horde/tests/test_signature.py | 86 ++++++++++++++++++- 2 files changed, 88 insertions(+), 3 deletions(-) diff --git a/compute_horde/compute_horde/fv_protocol/facilitator_requests.py b/compute_horde/compute_horde/fv_protocol/facilitator_requests.py index 1690edf52..9d1100462 100644 --- a/compute_horde/compute_horde/fv_protocol/facilitator_requests.py +++ b/compute_horde/compute_horde/fv_protocol/facilitator_requests.py @@ -134,7 +134,7 @@ def from_facilitator_sdk_json(data: JsonValue): executor_class=str(data.get("executor_class")), docker_image=str(data.get("docker_image", "")), raw_script=str(data.get("raw_script", "")), - args=str(data.get("args", None)), + args=str(data.get("args", "")), env=typing.cast(dict[str, str], data.get("env", None)), use_gpu=typing.cast(bool, data.get("use_gpu")), volumes=typing.cast(list[JsonValue], data.get("volumes", [])), @@ -155,8 +155,9 @@ class V2JobRequest(BaseModel, extra="forbid"): message_type: Literal["V2JobRequest"] = "V2JobRequest" signature: Signature | None = None - # !!! all fields below are included in the signed json payload uuid: str + + # !!! all fields below are included in the signed json payload executor_class: ExecutorClass docker_image: str raw_script: str diff --git a/compute_horde/tests/test_signature.py b/compute_horde/tests/test_signature.py index e4e7f4288..58faab21b 100644 --- a/compute_horde/tests/test_signature.py +++ b/compute_horde/tests/test_signature.py @@ -4,7 +4,15 @@ import freezegun import pytest -from compute_horde.fv_protocol.facilitator_requests import Signature +from compute_horde.base.output_upload import SingleFilePutUpload +from compute_horde.base.volume import HuggingfaceVolume, MultiVolume, SingleFileVolume +from compute_horde.executor_class import ExecutorClass +from compute_horde.fv_protocol.facilitator_requests import ( + Signature, + SignedFields, + V2JobRequest, + to_json_array, +) from compute_horde.signature import ( SIGNERS_REGISTRY, VERIFIERS_REGISTRY, @@ -116,3 +124,79 @@ def test_signature_payload(): "action": "GET /car", "json": {"a": 1}, } + + +def test_signed_fields__missing_fields(): + facilitator_request_json = { + "executor_class": str(ExecutorClass.always_on__llm__a6000), + "env": {}, + "raw_script": "test", + "use_gpu": False, + "input_url": "", + "uploads": [], + "volumes": [], + } + facilitator_signed_fields = SignedFields.from_facilitator_sdk_json(facilitator_request_json) + + v2_job_request = V2JobRequest( + uuid="uuid", + executor_class=ExecutorClass.always_on__llm__a6000, + docker_image="", + raw_script="test", + args=[], + env={}, + use_gpu=False, + volume=None, + output_upload=None, + ) + assert v2_job_request.get_signed_fields() == facilitator_signed_fields + + +def test_signed_fields__volumes_uploads(): + volumes = [ + SingleFileVolume( + url="smth.amazon.com", + relative_path="np_data.npy", + ), + HuggingfaceVolume( + repo_id="hug", + revision="333", + relative_path="./models/here", + ), + ] + + uploads = [ + SingleFilePutUpload( + url="smth.amazon.com", + relative_path="output.json", + ) + ] + + facilitator_request_json = { + "validator_hotkey": "5HBVrXXYYZZ", + "random_field": "to_ignore", + "executor_class": str(ExecutorClass.always_on__llm__a6000), + "docker_image": "backenddevelopersltd/latest", + "args": "--device cuda --batch_size 1 --model_ids Deeptensorlab", + "env": {"f": "test"}, + "use_gpu": True, + "input_url": "", + "uploads": to_json_array(uploads), + "volumes": to_json_array(volumes), + } + facilitator_signed_fields = SignedFields.from_facilitator_sdk_json(facilitator_request_json) + + v2_job_request = V2JobRequest( + uuid="uuid", + executor_class=ExecutorClass.always_on__llm__a6000, + docker_image="backenddevelopersltd/latest", + raw_script="", + args=["--device", "cuda", "--batch_size", "1", "--model_ids", "Deeptensorlab"], + env={"f": "test"}, + use_gpu=True, + volume=MultiVolume( + volumes=volumes, + ), + output_upload=uploads[0], + ) + assert v2_job_request.get_signed_fields() == facilitator_signed_fields