Documentation
¶
Overview ¶
Package auth provides the standard signing and verification methods used in Kwil. These are Ethereum "personal sign" used by wallets to sign a customized readable message, and plain Ed25519 signing used for validator node signatures.
It also defines an Authenticator interface for developers to implement their own Kwil authentication drivers. See the extensions/auth package in the kwil-db main module. Authenticator extensions may be used to expand the type of signatures that may be verified on transactions and messages. It also provides the ability to derive an address from a public key for a certain network.
There are presently two Signers defined in the Kwil Go SDK with pre-registered Authenticators with the same type: EthPersonalSigType and Ed25519SigType. When registering a new Authenticator, the values of these may not be used. This is the primary reason that the Authenticator interface is defined in this package instead of the kwil-db main module under extensions/auth. We may consider moving these two Authenticator implementations out of the SDK and into the main module where they are only available to the application that needs them, but it may be awkward to have complementary verification defined in the same place as the signing.
Index ¶
Constants ¶
const ( // Ed25519Auth is a plain ed25519 authenticator. This is used for validator // signature verification. This is intended as the authenticator for the // SDK-provided Ed25519Signer, and must be registered with that name. Ed25519Auth = "ed25519" )
const ( // EthPersonalSignAuth is the Ethereum "personal sign" authentication type, // which uses the secp256k1 signature scheme with a prefixed message and the // legacy 256-bit Keccak hash function to mimic most Ethereum wallets. This // is intended as the authenticator for the SDK-provided EthPersonalSigner, // and must be registered with that name. EthPersonalSignAuth = "secp256k1_ep" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface {
// Verify verifies whether a signature is valid for a given
// message and sender. It is meant to be used with asymmetric
// signature algorithms such as ECDSA, Ed25519 RSA, etc. If the
// signature is invalid, the method should return an error. If
// the signature is valid, the method should return nil.
Verify(sender, msg, signature []byte) error
// Identifier returns a string identifier for a given sender.
// This string identifier is used to identify the sender when
// interacting with the Kuneiform engine, and will be used as
// the `@caller` variable in the engine.
Identifier(sender []byte) (string, error)
}
Authenticator is an interface for verifying signatures and deriving a string identifier from the sender bytes. Custom asymmetric signature algorithms may be implemented by developers by implementing this interface.
type Ed25519Authenticator ¶
type Ed25519Authenticator struct{}
Ed25519Authenticator is an authenticator for ed25519 keys.
func (Ed25519Authenticator) Identifier ¶
func (e Ed25519Authenticator) Identifier(publicKey []byte) (string, error)
Address simply returns the hexadecimal encoded public key as the address.
type Ed25519Signer ¶
type Ed25519Signer struct {
crypto.Ed25519PrivateKey
}
Ed25519Signer is a signer that signs messages using the ed25519 curve, using the standard signature scheme.
func (*Ed25519Signer) AuthType ¶
func (e *Ed25519Signer) AuthType() string
func (*Ed25519Signer) Identity ¶
func (e *Ed25519Signer) Identity() []byte
Identity returns the identity of the signer (public key for this signer).
type EthPersonalSigner ¶
type EthPersonalSigner struct {
Key crypto.Secp256k1PrivateKey
}
EthPersonalSecp256k1Signer is a signer that signs messages using the secp256k1 curve, using ethereum's personal_sign signature scheme.
func (*EthPersonalSigner) AuthType ¶
func (e *EthPersonalSigner) AuthType() string
func (*EthPersonalSigner) Identity ¶
func (e *EthPersonalSigner) Identity() []byte
Identity returns the identity of the signer (ETH address for this signer).
func (*EthPersonalSigner) Sign ¶
func (e *EthPersonalSigner) Sign(msg []byte) (*Signature, error)
Sign sign given message according to EIP-191 personal_sign. EIP-191 personal_sign prefix the message with "\x19Ethereum Signed Message:\n" and the message length, then hash the message with 'legacy' keccak256. The signature is in [R || S || V] format, 65 bytes. This method is used to sign an arbitrary message in the same manner in which a wallet like MetaMask would sign a text message. The message is defined by the object that is being serialized e.g. a Kwil Transaction.
type EthSecp256k1Authenticator ¶
type EthSecp256k1Authenticator struct{}
EthSecp256k1Authenticator is the authenticator for the Ethereum "personal sign" signature type, which is the default signer for Kwil. As such, it is a default authenticator.
func (EthSecp256k1Authenticator) Identifier ¶
func (EthSecp256k1Authenticator) Identifier(ident []byte) (string, error)
Identifier returns an ethereum address hex string from address bytes. It will include the 0x prefix, and the address will be checksum-able.
type Signature ¶
type Signature struct {
// Signature is the raw signature bytes
Signature []byte `json:"signature_bytes"`
// Type is the signature type, which must have a registered Authenticator of
// the same name for the Verify method to be usable.
Type string `json:"signature_type"`
}
Signature is a signature with a designated AuthType, which should be used to determine how to verify the signature. It seems a bit weird to have a field "Signature" inside a struct called "Signature", but I am keeping it like this for compatibility with the old code.
type Signer ¶
type Signer interface {
// Sign signs a message and returns the signature
Sign(msg []byte) (*Signature, error)
// Identity returns the signer identity, which is typically and address or a
// public key. This value is recognized by the Verify method of the
// corresponding Authenticator for the types of signatures generated by this
// Signer.
Identity() []byte
// AuthType is the type of Authenticator that should be used to verify the
// signature created by this Signer; also to get the string identifier from
// the Identity.
AuthType() string
}
Signer is an interface for something that can sign messages. It returns signatures with a designated AuthType, which should be used to determine how to verify the signature.
Source Files