Hash the encoded aggregation request instead of hashing the decoded one

Author: mendess

Cargo.lock

@@ -3,7 +3,7 @@
 
 use axum::async_trait;
 use daphne::{
-    messages::{AggregationJobId, AggregationJobInitReq, TaskId},
+    messages::{request::AggregationJobRequestHash, AggregationJobId, TaskId},
     roles::DapHelper,
     DapError, DapVersion,
 };
@@ -15,7 +15,7 @@ impl DapHelper for crate::App {
         _id: AggregationJobId,
         _version: DapVersion,
         _task_id: &TaskId,
-        _req: &AggregationJobInitReq,
+        _req: &AggregationJobRequestHash,
     ) -> Result<(), DapError> {
         // the server implementation can't check for this
         Ok(())

crates/daphne-server/src/roles/helper.rs

@@ -13,7 +13,7 @@ use daphne::{
     error::DapAbort,
     fatal_error,
     messages::{
-        request::{CollectionPollReq, RequestBody},
+        request::{CollectionPollReq, HashedAggregationJobReq, RequestBody},
         taskprov::TaskprovAdvertisement,
         AggregateShareReq, AggregationJobInitReq, CollectionReq, Report, TaskId,
     },
@@ -60,6 +60,17 @@ impl_decode_from_dap_http_body!(
     CollectionReq,
 );
 
+impl DecodeFromDapHttpBody for HashedAggregationJobReq {
+    fn decode_from_http_body(bytes: Bytes, meta: &DapRequestMeta) -> Result<Self, DapAbort> {
+        let mut cursor = Cursor::new(bytes.as_ref());
+        // Check that media type matches.
+        meta.get_checked_media_type(DapMediaType::AggregationJobInitReq)?;
+        // Decode the body
+        HashedAggregationJobReq::decode_with_param(&meta.version, &mut cursor)
+            .map_err(|e| DapAbort::from_codec_error(e, meta.task_id))
+    }
+}
+
 /// Using `()` ignores the body of a request.
 impl DecodeFromDapHttpBody for CollectionPollReq {
     fn decode_from_http_body(_bytes: Bytes, _meta: &DapRequestMeta) -> Result<Self, DapAbort> {

crates/daphne-server/src/router/extractor.rs

@@ -8,7 +8,7 @@ use axum::{
     routing::{post, put},
 };
 use daphne::{
-    messages::{AggregateShareReq, AggregationJobInitReq},
+    messages::{request::HashedAggregationJobReq, AggregateShareReq},
     roles::{helper, DapHelper},
 };
 use http::StatusCode;
@@ -38,7 +38,7 @@ pub(super) fn add_helper_routes(router: super::Router<App>) -> super::Router<App
 )]
 async fn agg_job(
     State(app): State<Arc<App>>,
-    DapRequestExtractor(req): DapRequestExtractor<FROM_LEADER, AggregationJobInitReq>,
+    DapRequestExtractor(req): DapRequestExtractor<FROM_LEADER, HashedAggregationJobReq>,
 ) -> AxumDapResponse {
     let timer = std::time::Instant::now();
 

crates/daphne-server/src/router/helper.rs

@@ -18,7 +18,6 @@ prio_draft09 = { workspace = true, optional = true }
 prio = { workspace = true, optional = true }
 serde.workspace = true
 url = { workspace = true, optional = true }
-ring = { workspace = true, optional = true }
 
 [dev-dependencies]
 daphne = { path = "../daphne", default-features = false, features = ["prometheus"] }
@@ -34,7 +33,6 @@ durable_requests = [
     "dep:capnpc",
     "dep:prio_draft09",
     "dep:prio",
-    "dep:ring"
 ]
 experimental = ["daphne/experimental"]
 

crates/daphne-service-utils/Cargo.toml

@@ -7,11 +7,11 @@ use crate::{
     durable_requests::ObjectIdFrom,
 };
 use daphne::{
-    messages::{AggregationJobId, AggregationJobInitReq, PartialBatchSelector, TaskId},
+    messages::{AggregationJobId, TaskId},
     DapVersion,
 };
 use serde::{Deserialize, Serialize};
-use std::{ops::Deref, slice};
+use std::borrow::Cow;
 
 super::define_do_binding! {
     const BINDING = "AGGREGATION_JOB_STORE";
@@ -27,73 +27,21 @@ super::define_do_binding! {
 }
 
 #[derive(Debug)]
-pub struct AggregationJobReqHash(Vec<u8>);
-
-impl Deref for AggregationJobReqHash {
-    type Target = [u8];
-    fn deref(&self) -> &Self::Target {
-        &self.0
-    }
-}
-
-impl From<&AggregationJobInitReq> for AggregationJobReqHash {
-    fn from(req: &AggregationJobInitReq) -> Self {
-        let AggregationJobInitReq {
-            agg_param,
-            part_batch_sel,
-            prep_inits,
-        } = req;
-
-        let mut context = ring::digest::Context::new(&ring::digest::SHA256);
-        context.update(agg_param);
-        context.update(match part_batch_sel {
-            PartialBatchSelector::TimeInterval => &[0],
-            PartialBatchSelector::LeaderSelectedByBatchId { batch_id } => batch_id.as_ref(),
-        });
-        for p in prep_inits {
-            let daphne::messages::PrepareInit {
-                report_share:
-                    daphne::messages::ReportShare {
-                        report_metadata: daphne::messages::ReportMetadata { id, time },
-                        public_share,
-                        encrypted_input_share:
-                            daphne::messages::HpkeCiphertext {
-                                config_id,
-                                enc,
-                                payload: cypher_text_payload,
-                            },
-                    },
-                payload,
-            } = p;
-
-            context.update(payload);
-            context.update(public_share);
-            context.update(id.as_ref());
-            context.update(&time.to_be_bytes());
-            context.update(cypher_text_payload);
-            context.update(slice::from_ref(config_id));
-            context.update(enc);
-        }
-        Self(context.finish().as_ref().to_vec())
-    }
-}
-
-#[derive(Debug)]
-pub struct NewJobRequest {
+pub struct NewJobRequest<'h> {
     pub id: AggregationJobId,
-    pub agg_job_hash: AggregationJobReqHash,
+    pub agg_job_hash: Cow<'h, [u8]>,
 }
 
-impl CapnprotoPayloadEncode for NewJobRequest {
+impl CapnprotoPayloadEncode for NewJobRequest<'_> {
     type Builder<'a> = new_job_request::Builder<'a>;
 
     fn encode_to_builder(&self, mut builder: Self::Builder<'_>) {
         self.id.encode_to_builder(builder.reborrow().init_id());
-        builder.set_agg_job_hash(&self.agg_job_hash.0);
+        builder.set_agg_job_hash(&self.agg_job_hash);
     }
 }
 
-impl CapnprotoPayloadDecode for NewJobRequest {
+impl CapnprotoPayloadDecode for NewJobRequest<'static> {
     type Reader<'a> = new_job_request::Reader<'a>;
 
     fn decode_from_reader(reader: Self::Reader<'_>) -> capnp::Result<Self>
@@ -102,7 +50,7 @@ impl CapnprotoPayloadDecode for NewJobRequest {
     {
         Ok(Self {
             id: <_>::decode_from_reader(reader.get_id()?)?,
-            agg_job_hash: AggregationJobReqHash(reader.get_agg_job_hash()?.to_vec()),
+            agg_job_hash: reader.get_agg_job_hash()?.to_vec().into(),
         })
     }
 }

crates/daphne-service-utils/src/durable_requests/bindings/aggregation_job_store.rs

@@ -5,11 +5,12 @@ use crate::aggregator::App;
 use daphne::{
     error::DapAbort,
     fatal_error,
-    messages::{AggregationJobId, AggregationJobInitReq, TaskId},
+    messages::{request::AggregationJobRequestHash, AggregationJobId, TaskId},
     roles::DapHelper,
     DapError, DapVersion,
 };
 use daphne_service_utils::durable_requests::bindings::aggregation_job_store;
+use std::borrow::Cow;
 
 #[axum::async_trait]
 impl DapHelper for App {
@@ -18,15 +19,15 @@ impl DapHelper for App {
         id: AggregationJobId,
         version: DapVersion,
         task_id: &TaskId,
-        req: &AggregationJobInitReq,
+        req: &AggregationJobRequestHash,
     ) -> Result<(), DapError> {
         let response = self
             .durable()
             .with_retry()
             .request(aggregation_job_store::Command::NewJob, (version, task_id))
             .encode(&aggregation_job_store::NewJobRequest {
                 id,
-                agg_job_hash: req.into(),
+                agg_job_hash: Cow::Borrowed(req.get()),
             })
             .send::<aggregation_job_store::NewJobResponse>()
             .await

crates/daphne-worker/src/aggregator/roles/helper.rs

@@ -13,7 +13,7 @@ use daphne::{
     error::DapAbort,
     fatal_error,
     messages::{
-        request::{CollectionPollReq, RequestBody},
+        request::{CollectionPollReq, HashedAggregationJobReq, RequestBody},
         taskprov::TaskprovAdvertisement,
         AggregateShareReq, AggregationJobInitReq, CollectionReq, Report, TaskId,
     },
@@ -60,6 +60,17 @@ impl_decode_from_dap_http_body!(
     CollectionReq,
 );
 
+impl DecodeFromDapHttpBody for HashedAggregationJobReq {
+    fn decode_from_http_body(bytes: Bytes, meta: &DapRequestMeta) -> Result<Self, DapAbort> {
+        let mut cursor = Cursor::new(bytes.as_ref());
+        // Check that media type matches.
+        meta.get_checked_media_type(DapMediaType::AggregationJobInitReq)?;
+        // Decode the body
+        HashedAggregationJobReq::decode_with_param(&meta.version, &mut cursor)
+            .map_err(|e| DapAbort::from_codec_error(e, meta.task_id))
+    }
+}
+
 /// Using `()` ignores the body of a request.
 impl DecodeFromDapHttpBody for CollectionPollReq {
     fn decode_from_http_body(_bytes: Bytes, _meta: &DapRequestMeta) -> Result<Self, DapAbort> {

crates/daphne-worker/src/aggregator/router/extractor.rs

@@ -8,7 +8,7 @@ use axum::{
     routing::{post, put},
 };
 use daphne::{
-    messages::{AggregateShareReq, AggregationJobInitReq},
+    messages::{request::HashedAggregationJobReq, AggregateShareReq},
     roles::{helper, DapHelper},
 };
 use http::StatusCode;
@@ -39,7 +39,7 @@ pub(super) fn add_helper_routes(router: super::Router<App>) -> super::Router<App
 #[worker::send]
 async fn agg_job(
     State(app): State<Arc<App>>,
-    DapRequestExtractor(req): DapRequestExtractor<FROM_LEADER, AggregationJobInitReq>,
+    DapRequestExtractor(req): DapRequestExtractor<FROM_LEADER, HashedAggregationJobReq>,
 ) -> AxumDapResponse {
     let now = worker::Date::now();
 

crates/daphne-worker/src/aggregator/router/helper.rs

@@ -8,6 +8,7 @@ use super::{
     CollectionJobId, CollectionReq, Report,
 };
 use crate::{constants::DapMediaType, error::DapAbort, messages::TaskId, DapVersion};
+use prio::codec::{ParameterizedDecode, ParameterizedEncode};
 
 pub trait RequestBody {
     type ResourceId;
@@ -24,15 +25,79 @@ macro_rules! impl_req_body {
     };
 }
 
+#[derive(Debug, Clone, PartialEq, Eq, Hash)]
+#[cfg_attr(any(test, feature = "test-utils"), derive(deepsize::DeepSizeOf))]
+pub struct AggregationJobRequestHash(Vec<u8>);
+
+impl AggregationJobRequestHash {
+    pub fn get(&self) -> &[u8] {
+        &self.0
+    }
+
+    fn hash(bytes: &[u8]) -> Self {
+        Self(
+            ring::digest::digest(&ring::digest::SHA256, bytes)
+                .as_ref()
+                .to_vec(),
+        )
+    }
+}
+
+pub struct HashedAggregationJobReq {
+    pub request: AggregationJobInitReq,
+    pub hash: AggregationJobRequestHash,
+}
+
+impl HashedAggregationJobReq {
+    #[cfg(any(test, feature = "test-utils"))]
+    pub fn from_aggregation_req(version: DapVersion, request: AggregationJobInitReq) -> Self {
+        let mut buf = Vec::new();
+        request.encode_with_param(&version, &mut buf).unwrap();
+        Self {
+            request,
+            hash: AggregationJobRequestHash::hash(&buf),
+        }
+    }
+}
+
+impl ParameterizedEncode<DapVersion> for HashedAggregationJobReq {
+    fn encode_with_param(
+        &self,
+        encoding_parameter: &DapVersion,
+        bytes: &mut Vec<u8>,
+    ) -> Result<(), prio::codec::CodecError> {
+        self.request.encode_with_param(encoding_parameter, bytes)
+    }
+}
+
+impl ParameterizedDecode<DapVersion> for HashedAggregationJobReq {
+    fn decode_with_param(
+        decoding_parameter: &DapVersion,
+        bytes: &mut std::io::Cursor<&[u8]>,
+    ) -> Result<Self, prio::codec::CodecError> {
+        let start = usize::try_from(bytes.position())
+            .map_err(|e| prio::codec::CodecError::Other(Box::new(e)))?;
+        let request = AggregationJobInitReq::decode_with_param(decoding_parameter, bytes)?;
+        let end = usize::try_from(bytes.position())
+            .map_err(|e| prio::codec::CodecError::Other(Box::new(e)))?;
+
+        Ok(Self {
+            request,
+            hash: AggregationJobRequestHash::hash(&bytes.get_ref()[start..end]),
+        })
+    }
+}
+
 impl_req_body! {
-//  body type             | id type
-//  --------------------- | ----------------
-    Report                | ()
-    AggregationJobInitReq | AggregationJobId
-    AggregateShareReq     | ()
-    CollectionReq         | CollectionJobId
-    CollectionPollReq     | CollectionJobId
-    ()                    | ()
+    //  body type           | id type
+    //  --------------------| ----------------
+    Report                  | ()
+    AggregationJobInitReq   | AggregationJobId
+    HashedAggregationJobReq | AggregationJobId
+    AggregateShareReq       | ()
+    CollectionReq           | CollectionJobId
+    CollectionPollReq       | CollectionJobId
+    ()                      | ()
 }
 
 /// Fields common to all DAP requests.
@@ -74,6 +139,20 @@ pub struct DapRequest<B: RequestBody> {
     pub payload: B,
 }
 
+impl<B: RequestBody> DapRequest<B> {
+    pub fn map<F, O>(self, mapper: F) -> DapRequest<O>
+    where
+        F: FnOnce(B) -> O,
+        O: RequestBody<ResourceId = B::ResourceId>,
+    {
+        DapRequest {
+            meta: self.meta,
+            resource_id: self.resource_id,
+            payload: mapper(self.payload),
+        }
+    }
+}
+
 impl<B: RequestBody> AsRef<DapRequestMeta> for DapRequest<B> {
     fn as_ref(&self) -> &DapRequestMeta {
         &self.meta