Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: simplify off-chain-auth by removing nonce and using ed25519 to verify signature #1354

Merged
merged 17 commits into from
Mar 14, 2024
Merged

feat: simplify off-chain-auth by removing nonce and using ed25519 to verify signature #1354

merged 17 commits into from
Mar 14, 2024

Conversation

ruojunm
Copy link
Collaborator

@ruojunm ruojunm commented Mar 5, 2024
edited

Description

feat: simplify off-chain-auth by removing nonce and using ed25519 to verify signature

Rationale

off-chain-auth was over-designed and now we need make it simpler and easy to use.

Example

  • Register
curl --location --request POST '127.0.0.1:9033/auth/update_key_v2' \
--header 'Referer: https://dcellar-qa.fe.nodereal.cc/' \
--header 'x-gnfd-user-address: 0xA4cFe2dE3e45C043524aaC46fDdFb46311aF0af6' \
--header 'x-gnfd-app-domain: https://dcellar-qa.fe.nodereal.cc' \
--header 'x-gnfd-app-reg-public-key: 5a3271a38dfadf7b73769173d03ac6d2442f7015bf2224cfa15f8a65008cdf8a' \
--header 'x-gnfd-expiry-timestamp: 2024-03-04T09:07:48Z' \
--header 'authorization: GNFD1-ETH-PERSONAL_SIGN,SignedMsg=https://dcellar-qa.fe.nodereal.cc wants you to sign in with your BNB Greenfield account:0xA4cFe2dE3e45C043524aaC46fDdFb46311aF0af6\nRegister your identity public key 5a3271a38dfadf7b73769173d03ac6d2442f7015bf2224cfa15f8a65008cdf8a\nURI: https://dcellar-qa.fe.nodereal.cc\nVersion: 1\nChain ID: 9000\nIssued At: 2024-02-28T09:07:48Z\nExpiration Time: 2024-03-04T09:07:48Z,Signature=0x827ad691f2e0a97c5bccf8592f5c62d94950797b5a8505089324190a8358eb6c2d7adbd254c89f27a2135a5680658badda3d4bcfb93118f24a801b59259d380c1c' \
--header 'Origin: https://dcellar-qa.fe.nodereal.cc'
  • Adding signature by using ed25519
curl --location 'https://clyde-test8-2.gf-devnet-sp-a-bk.dev.nodereal.cc/clyde-test8-2.txt' \
--header 'User-Agent: Greenfield (darwin; arm64) greenfield-go-sdk/v0.1.0' \
--header 'X-Gnfd-Date: 2024-03-05T07:45:58Z' \
--header 'x-gnfd-app-domain: https://test.domain.com' \
--header 'authorization: GNFD2-EDDSA,Signature=784831a5d1f588090295c1f64ef43b003effff93d092f04f88c67946af108fd7f7abe6180865e270a1a34a8f46d1c5f8c13b7923708c285523dc222b61c3140b' \
--header 'Content-Type: application/octet-stream' \
--header 'X-Gnfd-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' \
--header 'x-gnfd-expiry-timestamp: 2024-03-05T08:02:38Z' \
--header 'X-Gnfd-User-Address: 0xA4cFe2dE3e45C043524aaC46fDdFb46311aF0af6' \
--header 'X-Gnfd-App-Reg-Public-Key: e0d61609201e9cece55e8999a40a74f5119003b1d49fad32882fa50547c4bf90'

Changes

Notable changes:

  • removing nonce concept during public key registration process
  • use ed25519 rather than bn254 (in gnark-crypto) for eddsa curve
  • support multiple keys for each "user + domain" combination
  • new authentication method is called GNFD2-EDDSA

Potential Impacts

  • No impacts for clients that using old version of off-chain-auth, as the changes are backward compatible.

@ruojunm ruojunm marked this pull request as ready for review March 11, 2024 09:10
constwz
constwz reviewed Mar 13, 2024
View reviewed changes
.github/workflows/docker-develop.yml Outdated Show resolved Hide resolved
modular/gater/auth_handler.go Outdated Show resolved Hide resolved
modular/gater/auth_handler.go Outdated Show resolved Hide resolved
alexgao001
alexgao001 reviewed Mar 13, 2024
View reviewed changes
modular/authenticator/authenticator.go Outdated Show resolved Hide resolved
modular/gater/auth_handler.go Outdated Show resolved Hide resolved
modular/gater/request_context.go Show resolved Hide resolved
constwz
constwz approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@constwz constwz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ruojunm ruojunm merged commit 1430cf7 into develop Mar 14, 2024
12 checks passed
@ruojunm ruojunm deleted the off-chain-auth-v2 branch March 14, 2024 07:13
@ruojunm ruojunm mentioned this pull request Apr 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mliu233 mliu233 mliu233 left review comments

@unclezoro unclezoro unclezoro approved these changes

@annielz annielz annielz approved these changes

@alexgao001 alexgao001 alexgao001 approved these changes

@constwz constwz constwz approved these changes

@will-2012 will-2012 Awaiting requested review from will-2012

@KeefeL KeefeL Awaiting requested review from KeefeL KeefeL is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@ruojunm @unclezoro @mliu233 @annielz @alexgao001 @constwz