authenticator

package
v4.0.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AuthnVerificationType is the unique type for this authenticator
	AuthnVerificationType = "AuthnVerification"
	// TODO: do benchmarking to determine more accurately the gas cost for each algorithm
	GasCostVerifyES256 = 1500
	GasCostVerifyRS256 = 2500
)
View Source
const (
	// SignatureVerificationType represents a type of authenticator specifically designed for
	// secp256k1 signature verification.
	SignatureVerificationType = "SignatureVerification"
)

Variables

This section is empty.

Functions

func GetSignerAndSignatures

func GetSignerAndSignatures(tx sdk.Tx) (signers []sdk.AccAddress, signatures []signing.SignatureV2, err error)

GetSignerAndSignatures gets an array of signer and an array of signatures from the transaction checks they're the same length and returns both.

A signer can only have one signature, so if it appears in multiple messages, the signatures must be the same, and it will only be returned once by this function. This is to mimic the way the classic sdk authentication works, and we will probably want to change this in the future

func IsJsonSuperset

func IsJsonSuperset(a, b []byte) error

IsJsonSuperset checks if the first JSON byte array is a superset of the second JSON byte array.

func NoReplayProtection

func NoReplayProtection(txData *ExplicitTxData, signature *signing.SignatureV2) error

func SequenceMatch

func SequenceMatch(txData *ExplicitTxData, signature *signing.SignatureV2) error

Types

type AllOf

type AllOf struct {
	SubAuthenticators []Authenticator
	// contains filtered or unexported fields
}

func NewAllOf

func NewAllOf(am *AuthenticatorManager) AllOf

func NewPartitionedAllOf

func NewPartitionedAllOf(am *AuthenticatorManager) AllOf

func (AllOf) Authenticate

func (aoa AllOf) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

func (AllOf) ConfirmExecution

func (aoa AllOf) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

func (AllOf) Initialize

func (aoa AllOf) Initialize(config []byte) (Authenticator, error)

func (AllOf) OnAuthenticatorAdded

func (aoa AllOf) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (AllOf) OnAuthenticatorRemoved

func (aoa AllOf) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (AllOf) StaticGas

func (aoa AllOf) StaticGas() uint64

func (AllOf) Track

func (aoa AllOf) Track(ctx sdk.Context, request AuthenticationRequest) error

func (AllOf) Type

func (aoa AllOf) Type() string

type AnyOf

type AnyOf struct {
	SubAuthenticators []Authenticator
	// contains filtered or unexported fields
}

func NewAnyOf

func NewAnyOf(am *AuthenticatorManager) AnyOf

func NewPartitionedAnyOf

func NewPartitionedAnyOf(am *AuthenticatorManager) AnyOf

func (AnyOf) Authenticate

func (aoa AnyOf) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

func (AnyOf) ConfirmExecution

func (aoa AnyOf) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

ConfirmExecution is called on all sub-authenticators, but only the changes made by the authenticator that succeeds are written.

func (AnyOf) Initialize

func (aoa AnyOf) Initialize(config []byte) (Authenticator, error)

func (AnyOf) OnAuthenticatorAdded

func (aoa AnyOf) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (AnyOf) OnAuthenticatorRemoved

func (aoa AnyOf) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (AnyOf) StaticGas

func (aoa AnyOf) StaticGas() uint64

func (AnyOf) Track

func (aoa AnyOf) Track(ctx sdk.Context, request AuthenticationRequest) error

func (AnyOf) Type

func (aoa AnyOf) Type() string

type AuthenticationRequest

type AuthenticationRequest struct {
	AuthenticatorId string         `json:"authenticator_id"`
	Account         sdk.AccAddress `json:"account"`
	FeePayer        sdk.AccAddress `json:"fee_payer"`
	FeeGranter      sdk.AccAddress `json:"fee_granter,omitempty"`
	Fee             sdk.Coins      `json:"fee"`
	Msg             LocalAny       `json:"msg"`

	// Since array size is int, and size depends on the system architecture,
	// we use uint64 to cover all available architectures.
	// It is unsigned, so at this point, it can't be negative.
	MsgIndex uint64 `json:"msg_index"`

	// Only allowing messages with a single signer, so the signature can be a single byte array.
	Signature           []byte                  `json:"signature"`
	SignModeTxData      SignModeData            `json:"sign_mode_tx_data"`
	TxData              ExplicitTxData          `json:"tx_data"`
	SignatureData       SimplifiedSignatureData `json:"signature_data"`
	Simulate            bool                    `json:"simulate"`
	AuthenticatorParams []byte                  `json:"authenticator_params,omitempty"`
}

func GenerateAuthenticationRequest

func GenerateAuthenticationRequest(
	ctx sdk.Context,
	cdc codec.Codec,
	ak authante.AccountKeeper,
	sigModeHandler *txsigning.HandlerMap,
	account sdk.AccAddress,
	feePayer sdk.AccAddress,
	feeGranter sdk.AccAddress,
	fee sdk.Coins,
	msg sdk.Msg,
	tx sdk.Tx,
	msgIndex int,
	simulate bool,
	replayProtection ReplayProtection,
) (AuthenticationRequest, error)

GenerateAuthenticationRequest creates an AuthenticationRequest for the transaction.

type Authenticator

type Authenticator interface {
	// Type returns the specific type of the authenticator, such as SignatureVerification.
	// This type is used for registering and identifying the authenticator within the AuthenticatorManager.
	Type() string

	// StaticGas provides the fixed gas amount consumed for each invocation of this authenticator.
	// This is used for managing gas consumption during transaction verification.
	StaticGas() uint64

	// Initialize prepares the authenticator with necessary data from storage, specific to an account-authenticator pair.
	// This method is used for setting up the authenticator with data like a PublicKey for signature verification.
	Initialize(config []byte) (Authenticator, error)

	// Authenticate confirms the validity of a message using the provided authentication data.
	// NOTE: Any state changes made by this function will be discarded.
	// It's a core function within an ante handler to ensure message authenticity and enforce gas consumption.
	Authenticate(ctx sdk.Context, request AuthenticationRequest) error

	// Track allows the authenticator to record information, regardless of the transaction's authentication method.
	// NOTE: Any state changes made by this function will be written to the store as long as Authenticate succeeds and will not be reverted if the message execution fails.
	// This function is used for the authenticator to acknowledge the execution of specific messages by an account.
	Track(ctx sdk.Context, request AuthenticationRequest) error

	// ConfirmExecution enforces transaction rules post-transaction, like spending and transaction limits.
	// It is used to verify execution-specific state and values, to allow authentication to be dependent on the effects of a transaction.
	ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

	// OnAuthenticatorAdded handles the addition of an authenticator to an account.
	// It checks the data format and compatibility, to maintain account security and authenticator integrity.
	OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

	// OnAuthenticatorRemoved manages the removal of an authenticator from an account.
	// This function is used for updating global data or preventing removal when necessary to maintain system stability.
	OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error
}

Authenticator is an interface that encapsulates all authentication functionalities essential for verifying transactions, paying transaction fees, and managing gas consumption during verification.

type AuthenticatorManager

type AuthenticatorManager struct {
	// contains filtered or unexported fields
}

AuthenticatorManager is a manager for all registered authenticators.

func NewAuthenticatorManager

func NewAuthenticatorManager() *AuthenticatorManager

NewAuthenticatorManager creates a new AuthenticatorManager.

func (*AuthenticatorManager) GetAuthenticatorByType

func (am *AuthenticatorManager) GetAuthenticatorByType(authenticatorType string) Authenticator

GetAuthenticatorByType returns the base implementation of the authenticator type.

func (*AuthenticatorManager) GetRegisteredAuthenticators

func (am *AuthenticatorManager) GetRegisteredAuthenticators() []Authenticator

GetRegisteredAuthenticators returns the list of registered authenticators in sorted order.

func (*AuthenticatorManager) InitializeAuthenticators

func (am *AuthenticatorManager) InitializeAuthenticators(initialAuthenticators []Authenticator)

InitializeAuthenticators initializes authenticators. If already initialized, it will not overwrite.

func (*AuthenticatorManager) IsAuthenticatorTypeRegistered

func (am *AuthenticatorManager) IsAuthenticatorTypeRegistered(authenticatorType string) bool

IsAuthenticatorTypeRegistered checks if the authenticator type is registered.

func (*AuthenticatorManager) RegisterAuthenticator

func (am *AuthenticatorManager) RegisterAuthenticator(authenticator Authenticator)

RegisterAuthenticator adds a new authenticator to the map of registered authenticators.

func (*AuthenticatorManager) ResetAuthenticators

func (am *AuthenticatorManager) ResetAuthenticators()

ResetAuthenticators resets all registered authenticators.

func (*AuthenticatorManager) UnregisterAuthenticator

func (am *AuthenticatorManager) UnregisterAuthenticator(authenticator Authenticator)

UnregisterAuthenticator removes an authenticator from the map of registered authenticators.

type AuthnVerification

type AuthnVerification struct {
	PubKey crypto.AuthnPubKey
	// contains filtered or unexported fields
}

AuthnVerification authenticator

func NewAuthnVerification

func NewAuthnVerification(ak authante.AccountKeeper) AuthnVerification

NewAuthnVerification creates a new AuthnVerification authenticator

func (AuthnVerification) Authenticate

func (pva AuthnVerification) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

Authenticate verifies the signature using WebAuthn

func (AuthnVerification) ConfirmExecution

func (pva AuthnVerification) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

ConfirmExecution is a no-op for this authenticator

func (AuthnVerification) Initialize

func (pva AuthnVerification) Initialize(config []byte) (Authenticator, error)

Initialize initializes the authenticator with configuration data

func (AuthnVerification) OnAuthenticatorAdded

func (pva AuthnVerification) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

OnAuthenticatorAdded handles the addition of the authenticator to an account

func (AuthnVerification) OnAuthenticatorRemoved

func (pva AuthnVerification) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

OnAuthenticatorRemoved handles the removal of the authenticator from an account

func (AuthnVerification) StaticGas

func (pva AuthnVerification) StaticGas() uint64

StaticGas returns the fixed gas cost for this authenticator

func (AuthnVerification) Track

func (pva AuthnVerification) Track(ctx sdk.Context, request AuthenticationRequest) error

Track is a no-op for this authenticator

func (AuthnVerification) Type

func (pva AuthnVerification) Type() string

Type returns the authenticator's type

type ConfirmExecutionRequest

type ConfirmExecutionRequest struct {
	AuthenticatorId     string         `json:"authenticator_id"`
	Account             sdk.AccAddress `json:"account"`
	FeePayer            sdk.AccAddress `json:"fee_payer"`
	FeeGranter          sdk.AccAddress `json:"fee_granter,omitempty"`
	Fee                 sdk.Coins      `json:"fee"`
	Msg                 LocalAny       `json:"msg"`
	MsgIndex            uint64         `json:"msg_index"`
	AuthenticatorParams []byte         `json:"authenticator_params,omitempty"`
}

type CosmwasmAuthenticator

type CosmwasmAuthenticator struct {
	// contains filtered or unexported fields
}

func NewCosmwasmAuthenticator

func NewCosmwasmAuthenticator(contractKeeper types.ContractKeeper, accountKeeper authante.AccountKeeper, cdc codectypes.AnyUnpacker) CosmwasmAuthenticator

func (CosmwasmAuthenticator) Authenticate

func (cwa CosmwasmAuthenticator) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

func (CosmwasmAuthenticator) ConfirmExecution

func (cwa CosmwasmAuthenticator) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

func (CosmwasmAuthenticator) ContractAddress

func (cwa CosmwasmAuthenticator) ContractAddress() sdk.AccAddress

func (CosmwasmAuthenticator) Initialize

func (cwa CosmwasmAuthenticator) Initialize(config []byte) (Authenticator, error)

func (CosmwasmAuthenticator) OnAuthenticatorAdded

func (cwa CosmwasmAuthenticator) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (CosmwasmAuthenticator) OnAuthenticatorRemoved

func (cwa CosmwasmAuthenticator) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (CosmwasmAuthenticator) Params

func (cwa CosmwasmAuthenticator) Params() []byte

func (CosmwasmAuthenticator) StaticGas

func (cwa CosmwasmAuthenticator) StaticGas() uint64

func (CosmwasmAuthenticator) Track

func (CosmwasmAuthenticator) Type

func (cwa CosmwasmAuthenticator) Type() string

type CosmwasmAuthenticatorInitData

type CosmwasmAuthenticatorInitData struct {
	Contract string `json:"contract"`
	Params   []byte `json:"params"`
}

type ExplicitTxData

type ExplicitTxData struct {
	ChainID         string     `json:"chain_id"`
	AccountNumber   uint64     `json:"account_number"`
	AccountSequence uint64     `json:"sequence"`
	TimeoutHeight   uint64     `json:"timeout_height"`
	Msgs            []LocalAny `json:"msgs"`
	Memo            string     `json:"memo"`
}

ExplicitTxData encapsulates key transaction data like chain ID, account info, and messages.

type InitializedAuthenticator

type InitializedAuthenticator struct {
	Id            uint64
	Authenticator Authenticator
}

InitializedAuthenticator denotes an authenticator fetched from the store and prepared for use.

type LocalAny

type LocalAny struct {
	TypeURL string `json:"type_url"`
	Value   []byte `json:"value"`
}

LocalAny holds a message with its type URL and byte value. This is necessary because the type Any fails to serialize and deserialize properly in nested contexts.

type MessageFilter

type MessageFilter struct {
	// contains filtered or unexported fields
}

MessageFilter filters incoming messages based on a predefined JSON pattern. It allows for complex pattern matching to support advanced authentication flows.

func NewMessageFilter

func NewMessageFilter(interfaceRegistry types.InterfaceRegistry, codec codec.Codec) MessageFilter

NewMessageFilter creates a new MessageFilter with the provided EncodingConfig.

func (MessageFilter) Authenticate

func (m MessageFilter) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

Authenticate checks if the provided message conforms to the set JSON pattern. It returns an AuthenticationResult based on the evaluation.

func (MessageFilter) ConfirmExecution

func (m MessageFilter) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

ConfirmExecution confirms the execution of a message. Currently, it always confirms.

func (MessageFilter) Initialize

func (m MessageFilter) Initialize(config []byte) (Authenticator, error)

Initialize sets up the authenticator with the given data, which should be a valid JSON pattern for message filtering.

func (MessageFilter) OnAuthenticatorAdded

func (m MessageFilter) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

OnAuthenticatorAdded performs additional checks when an authenticator is added. Specifically, it ensures numbers in JSON are encoded as strings.

func (MessageFilter) OnAuthenticatorRemoved

func (m MessageFilter) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

OnAuthenticatorRemoved is a no-op in this implementation but can be used when an authenticator is removed.

func (MessageFilter) StaticGas

func (m MessageFilter) StaticGas() uint64

StaticGas returns the static gas amount for the authenticator. Currently, it's set to zero.

func (MessageFilter) Track

func (m MessageFilter) Track(ctx sdk.Context, request AuthenticationRequest) error

Track is a no-op in this implementation but can be used to track message handling.

func (MessageFilter) Type

func (m MessageFilter) Type() string

Type returns the type of the authenticator.

type OnAuthenticatorAddedRequest

type OnAuthenticatorAddedRequest struct {
	Account             sdk.AccAddress `json:"account"`
	AuthenticatorParams []byte         `json:"authenticator_params,omitempty"`
	AuthenticatorId     string         `json:"authenticator_id"`
}

type OnAuthenticatorRemovedRequest

type OnAuthenticatorRemovedRequest struct {
	Account             sdk.AccAddress `json:"account"`
	AuthenticatorParams []byte         `json:"authenticator_params,omitempty"`
	AuthenticatorId     string         `json:"authenticator_id"`
}

type ReplayProtection

type ReplayProtection func(txData *ExplicitTxData, signature *signing.SignatureV2) error

make replay protection into an interface. SequenceMatch is a default implementation

type SignModeData

type SignModeData struct {
	Direct  []byte `json:"sign_mode_direct"`
	Textual string `json:"sign_mode_textual"`
}

SignModeData represents the signing modes with direct bytes and textual representation.

type SignatureAssignment

type SignatureAssignment string
const (
	Single      SignatureAssignment = "single"
	Partitioned SignatureAssignment = "partitioned"
)

type SignatureVerification

type SignatureVerification struct {
	PubKey cryptotypes.PubKey
	// contains filtered or unexported fields
}

signature authenticator

func NewSignatureVerification

func NewSignatureVerification(ak authante.AccountKeeper) SignatureVerification

NewSignatureVerification creates a new SignatureVerification

func (SignatureVerification) Authenticate

func (sva SignatureVerification) Authenticate(ctx sdk.Context, request AuthenticationRequest) error

Authenticate takes a SignaturesVerificationData struct and validates each signer and signature using signature verification

func (SignatureVerification) ConfirmExecution

func (sva SignatureVerification) ConfirmExecution(ctx sdk.Context, request AuthenticationRequest) error

func (SignatureVerification) Initialize

func (sva SignatureVerification) Initialize(config []byte) (Authenticator, error)

Initialize sets up the public key to the data supplied from the account-authenticator configuration

func (SignatureVerification) OnAuthenticatorAdded

func (sva SignatureVerification) OnAuthenticatorAdded(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (SignatureVerification) OnAuthenticatorRemoved

func (sva SignatureVerification) OnAuthenticatorRemoved(ctx sdk.Context, account sdk.AccAddress, config []byte, authenticatorId string) error

func (SignatureVerification) StaticGas

func (sva SignatureVerification) StaticGas() uint64

func (SignatureVerification) Track

func (SignatureVerification) Type

func (sva SignatureVerification) Type() string

type SimplifiedSignatureData

type SimplifiedSignatureData struct {
	Signers    []sdk.AccAddress `json:"signers"`
	Signatures [][]byte         `json:"signatures"`
}

SimplifiedSignatureData contains lists of signers and their corresponding signatures.

type SubAuthenticatorInitData

type SubAuthenticatorInitData struct {
	Type   string `json:"type"`
	Config []byte `json:"config"`
}

type SudoMsg

type SudoMsg struct {
	OnAuthenticatorAdded   *OnAuthenticatorAddedRequest   `json:"on_authenticator_added,omitempty"`
	OnAuthenticatorRemoved *OnAuthenticatorRemovedRequest `json:"on_authenticator_removed,omitempty"`
	Authenticate           *AuthenticationRequest         `json:"authenticate,omitempty"`
	Track                  *TrackRequest                  `json:"track,omitempty"`
	ConfirmExecution       *ConfirmExecutionRequest       `json:"confirm_execution,omitempty"`
}

type TrackRequest

type TrackRequest struct {
	AuthenticatorId     string         `json:"authenticator_id"`
	Account             sdk.AccAddress `json:"account"`
	FeePayer            sdk.AccAddress `json:"fee_payer"`
	FeeGranter          sdk.AccAddress `json:"fee_granter,omitempty"`
	Fee                 sdk.Coins      `json:"fee"`
	Msg                 LocalAny       `json:"msg"`
	MsgIndex            uint64         `json:"msg_index"`
	AuthenticatorParams []byte         `json:"authenticator_params,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL