feat!: authenticate personal accounts by ID #4411
Open
+1,524
−2,987
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
Enhancement
s8sato
commented
Apr 4, 2024
Pull Request Test Coverage Report for Build 8595871540Details
💛 - Coveralls |
s8sato
requested review from
mversic,
SamHSmith,
outoftardis,
Erigara,
0x009922,
DCNick3,
VAmuzing and
Asem-Abdelhady
as code owners
Erigara
reviewed
Apr 9, 2024
0x009922
reviewed
Apr 10, 2024
mversic
requested changes
Apr 15, 2024
4 tasks
|
Updated, see this comparison. The changes are as follows:
Then, now rebasing |
s8sato
force-pushed
the
feat/2085/1
branch
2 times, most recently
from
c74f371
to
2d2463a
Compare
mversic
reviewed
Apr 24, 2024
|
Some discussions are now outside the scope of this PR, so they will be folded once and tracked in #4426 |
s8sato
force-pushed
the
feat/2085/1
branch
2 times, most recently
from
05f1314
to
d08dfcb
Compare
s8sato
commented
Apr 28, 2024
client/tests/integration/smartcontracts/executor_with_admin/src/lib.rs
Outdated
Show resolved
Hide resolved
s8sato
force-pushed
the
feat/2085/1
branch
2 times, most recently
from
2b8776d
to
2a397a7
Compare
s8sato
changed the title
s8sato
force-pushed
the
feat/2085/1
branch
2 times, most recently
from
103ffc4
to
f90e2ee
Compare
0x009922
reviewed
May 8, 2024
Erigara
reviewed
May 8, 2024
client_cli/pytests/common/consts.py
Outdated
| @@ -15,11 +15,11 @@ class Stderr(Enum): | |||
| Enum for standard error messages. | |||
| """ | |||
|
|
|||
| CANNOT_BE_EMPTY = "cannot be empty\n\nFor more information, try '--help'.\n" | |||
| EMPTY = "mpty" | |||
There was a problem hiding this comment.
"mpty" was the intersection of various Empty error messages and was considered enough to identify the cause, but I revised the messages to contain "Empty"
mversic
previously approved these changes
May 8, 2024
s8sato
force-pushed
the
feat/2085/1
branch
2 times, most recently
from
6f39591
to
c321539
Compare
s8sato
commented
May 9, 2024
Comment on lines
+97
to
+110
| "Transfer": { | ||
| "AssetDefinition": { | ||
| "source_id": "ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4@genesis", | ||
| "object": "rose#wonderland", | ||
| "destination_id": "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "Transfer": { | ||
| "Domain": { | ||
| "source_id": "genesis@genesis", | ||
| "source_id": "ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4@genesis", | ||
| "object": "wonderland", | ||
| "destination_id": "alice@wonderland" | ||
| "destination_id": "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" |
There was a problem hiding this comment.
Here genesis.json has a literal genesis public key, which means kagami genesis requires some input of the genesis public key. That's why I made kagami genesis read GENESIS_PUBLIC_KEY environment variable
Comment on lines
+6
to
+8
| GENESIS_PUBLIC_KEY=ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4 cargo run --release --bin kagami -- genesis --executor-path-in-genesis ./executor.wasm | diff - configs/swarm/genesis.json || { | ||
| echo 'Please re-generate the default genesis with `GENESIS_PUBLIC_KEY=ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4 cargo run --release --bin kagami -- genesis --executor-path-in-genesis ./executor.wasm > configs/swarm/genesis.json`' | ||
| echo 'The assumption here is that the authority of the default genesis transaction is `test_samples::SAMPLE_GENESIS_ACCOUNT_ID`' |
There was a problem hiding this comment.
As long as genesis.json is not generated on demand but tracked in git, there is always the problem of which genesis public key should be specified. I've introduced an assumption that the authority of the default genesis transaction is test_samples::SAMPLE_GENESIS_ACCOUNT_ID, which is consistent with the preset GENESIS_PUBLIC_KEY in swarm, which is known to be obtained by kagami crypto --seed "Irohagenesis"
There was a problem hiding this comment.
So SAMPLE_GENESIS_ACCOUNT_ID is deeply involved with the default genesis, but its prefix is not DEFAULT but SAMPLE because it may be used elsewhere e.g. a synthetic genesis
Comment on lines
-58
to
+55
| if account_id == *iroha_genesis::GENESIS_ACCOUNT_ID { | ||
| if *account_id.domain_id() == *iroha_genesis::GENESIS_DOMAIN_ID { | ||
| return Err(InstructionExecutionError::InvariantViolation( | ||
| "Not allowed to register `genesis@genesis` account".to_owned(), | ||
| "Not allowed to register account in genesis domain".to_owned(), |
There was a problem hiding this comment.
Not genesis account but genesis domain of the registration target now causes transaction rejection
| if *iroha_genesis::GENESIS_ACCOUNT_ID == *tx.authority() { | ||
| if *iroha_genesis::GENESIS_DOMAIN_ID == *tx.authority().domain_id() { | ||
| return Err(AcceptTransactionFail::UnexpectedGenesisAccountSignature); |
There was a problem hiding this comment.
Not genesis account but genesis domain of the authority now causes transaction rejection
BREAKING CHANGE: - change `AccountId` from "name@domain" to "multihash@domain" - make account signatory single - make transaction signature single - remove query `FindAccountsByName` closes issue hyperledger#2085 Signed-off-by: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
[feature] #2085: Authenticate personal accounts by ID
This is a milestone for the following commit. The inclusion of the public key in the ID allows the ID to match the verifying key of the signature. This makes it possible to authenticate transactions and queries with the ID alone.
api-changes: single signatory account, single signature transactionapi-changes: remove queryFindAccountsByNameconfig-changes: client configaccount.idchanges toaccount.domain_idtest_samplesutility for tests[feature] #2085: Auto-register destination account on transferIncludes registration of the destination account in the transfer execution. The main use case is described in testauto_register_account::on_transfer::asset_numericLinked issue
transaction.signatureandtransaction.payload.authority#4410Benefits
As long as you know the address (account ID), you can send without worrying whether the destination account is already registered on the chain.
However, the current design requires the sender to be authorized to register a new account within the domain. See #4411 (comment)
Drawbacks
name@domainnotation will be temporary lostChecklist
CONTRIBUTING.md