diff --git a/cmd/kwild/server/build.go b/cmd/kwild/server/build.go index fb6fedef6..9ae2665b2 100644 --- a/cmd/kwild/server/build.go +++ b/cmd/kwild/server/build.go @@ -16,6 +16,7 @@ import ( "github.com/kwilteam/kwil-db/internal/abci/cometbft" "github.com/kwilteam/kwil-db/internal/abci/snapshots" "github.com/kwilteam/kwil-db/internal/accounts" + "github.com/kwilteam/kwil-db/internal/ident" "github.com/kwilteam/kwil-db/internal/kv/atomic" "github.com/kwilteam/kwil-db/internal/kv/badger" "github.com/kwilteam/kwil-db/internal/modules/datasets" @@ -33,7 +34,6 @@ import ( "github.com/kwilteam/kwil-db/internal/sessions/wal" vmgr "github.com/kwilteam/kwil-db/internal/validators" - "github.com/kwilteam/kwil-db/core/crypto/auth" "github.com/kwilteam/kwil-db/core/log" admpb "github.com/kwilteam/kwil-db/core/rpc/protobuf/admin/v0" txpb "github.com/kwilteam/kwil-db/core/rpc/protobuf/tx/v1" @@ -207,7 +207,7 @@ func buildEngine(d *coreDependencies, a *sessions.AtomicCommitter) *engine.Engin e, err := engine.Open(d.ctx, d.opener, sqlCommitRegister, - auth.GetAddress, + ident.Address, engine.WithLogger(*d.log.Named("engine")), engine.WithExtensions(adaptExtensions(extensions)), ) diff --git a/core/crypto/auth/auth.go b/core/crypto/auth/auth.go index 9a240a991..7408d5ff3 100644 --- a/core/crypto/auth/auth.go +++ b/core/crypto/auth/auth.go @@ -1,74 +1,39 @@ /* -Package auth provides an Authenticator interface for developers to implement -their own Kwil authentication drivers. Authenticator extensions may be used to -expand the type of signatures that may be verified on transactions and messages -via the (*Signature).Verify method, where the Signature.Type field corresponds -to the unique Authenticator name. It also provides the ability to derive an -address from a public key for a certain network. +Package auth provides the standard signing and verification methods used in +Kwil. These are Ethereum "personal sign" used by wallets to sign a customized +readable message, and plain Ed25519 signing used for validator node signatures. -Similar to Go's database/sql package, developers can implement the Authenticator -interface and register it with the RegisterAuthenticator function. The name used -to register is to be set as the signature type creating signatures. +It also defines an Authenticator interface for developers to implement their own +Kwil authentication drivers. See the extensions/auth package in the kwil-db main +module. Authenticator extensions may be used to expand the type of signatures +that may be verified on transactions and messages. It also provides the ability +to derive an address from a public key for a certain network. There are presently two Signers defined in the Kwil Go SDK with pre-registered Authenticators with the same type: EthPersonalSigType and Ed25519SigType. When -registering a new Authenticator, the values of these may not be used. +registering a new Authenticator, the values of these may not be used. This is +the primary reason that the Authenticator interface is defined in this package +instead of the kwil-db main module under extensions/auth. We may consider moving +these two Authenticator implementations out of the SDK and into the main module +where they are only available to the application that needs them, but it may be +awkward to have complementary verification defined in the same place as the +signing. */ package auth -import ( - "errors" - "fmt" - "strings" -) - -// Authenticator is an interface for authenticating an incoming call -// It is made to work with keypair authentication -type Authenticator interface { +// Verifier is satisfied by types that can verify a signature against a public +// key and message. A Verifier implementation will generally pertain to a +// certain message serialization scheme and key type. +type Verifier interface { // Verify verifies the signature against the given public key and data. Verify(sender, msg, signature []byte) error - - // Address returns an address from a public key - Address(sender []byte) (string, error) -} - -var registeredAuthenticators = make(map[string]Authenticator) - -// RegisterAuthenticator registers an authenticator with a given name -func RegisterAuthenticator(name string, auth Authenticator) error { - name = strings.ToLower(name) - if _, ok := registeredAuthenticators[name]; ok { - return fmt.Errorf("%w: %s", ErrAuthenticatorExists, name) - } - - registeredAuthenticators[name] = auth - return nil -} - -// getAuthenticator returns an authenticator by the name it was registered with -func getAuthenticator(name string) (Authenticator, error) { - name = strings.ToLower(name) - auth, ok := registeredAuthenticators[name] - if !ok { - return nil, fmt.Errorf("%w: %s", ErrAuthenticatorNotFound, name) - } - - return auth, nil } -// GetAddress returns an address from a public key and authenticator type -func GetAddress(authType string, sender []byte) (string, error) { - auth, err := getAuthenticator(authType) - if err != nil { - return "", err - } +// Authenticator is an interface for authenticating a message and deriving an +// encoded address for a public key. +type Authenticator interface { + Verifier - return auth.Address(sender) + // Address returns an address from a public key + Address(sender []byte) (string, error) } - -var ( - // ErrAuthenticatorExists is returned when an authenticator is already registered - ErrAuthenticatorExists = errors.New("authenticator already exists") - // ErrAuthenticatorNotFound is returned when an authenticator is not found - ErrAuthenticatorNotFound = errors.New("authenticator not found") -) diff --git a/core/crypto/auth/auth_test.go b/core/crypto/auth/auth_test.go index 89d2f40b4..b59876ac4 100644 --- a/core/crypto/auth/auth_test.go +++ b/core/crypto/auth/auth_test.go @@ -46,14 +46,15 @@ func Test_Auth(t *testing.T) { sig, err := tc.signer.Sign(msg) assert.NoError(t, err) + authenticator := tc.signer.Authenticator() + // verify the signature - err = sig.Verify(tc.signer.PublicKey(), msg) + err = authenticator.Verify(tc.signer.PublicKey(), msg, sig.Signature) assert.NoError(t, err) // check the address - address, err := auth.GetAddress(sig.Type, tc.signer.PublicKey()) + address, err := authenticator.Address(tc.signer.PublicKey()) assert.NoError(t, err) - assert.Equal(t, tc.address, address) }) } diff --git a/core/crypto/auth/ed25519.go b/core/crypto/auth/ed25519.go index 38ddc7deb..33dc3cca4 100644 --- a/core/crypto/auth/ed25519.go +++ b/core/crypto/auth/ed25519.go @@ -11,13 +11,6 @@ import ( "github.com/kwilteam/kwil-db/core/crypto" ) -func init() { - err := RegisterAuthenticator(Ed25519Auth, Ed25519Authenticator{}) - if err != nil { - panic(err) - } -} - const ( // Ed25519Auth is a plain ed25519 authenticator. This is used for validator // signature verification. This is intended as the authenticator for the diff --git a/core/crypto/auth/eth_personal_sign.go b/core/crypto/auth/eth_personal_sign.go index c2722337f..831a4a678 100644 --- a/core/crypto/auth/eth_personal_sign.go +++ b/core/crypto/auth/eth_personal_sign.go @@ -6,16 +6,10 @@ import ( "github.com/kwilteam/kwil-db/core/crypto" ethAccounts "github.com/ethereum/go-ethereum/accounts" + ethCommon "github.com/ethereum/go-ethereum/common" ethCrypto "github.com/ethereum/go-ethereum/crypto" ) -func init() { - err := RegisterAuthenticator(EthPersonalSignAuth, EthSecp256k1Authenticator{}) - if err != nil { - panic(err) - } -} - const ( // EthPersonalSignAuth is the Ethereum "personal sign" authentication type, // which uses the secp256k1 signature scheme with a prefixed message and the @@ -37,12 +31,9 @@ var _ Authenticator = EthSecp256k1Authenticator{} // Address generates an ethereum address from a public key. func (EthSecp256k1Authenticator) Address(publicKey []byte) (string, error) { - ethKey, err := ethCrypto.UnmarshalPubkey(publicKey) - if err != nil { - return "", err - } - - return ethCrypto.PubkeyToAddress(*ethKey).Hex(), nil + // See ethCrypto.PubkeyToAddress for this formula: + addr := ethCommon.BytesToAddress(ethCrypto.Keccak256(publicKey[1:])[12:]) + return addr.String(), nil } // Verify verifies applies the Ethereum TextHash digest and verifies the signature diff --git a/core/crypto/auth/signer.go b/core/crypto/auth/signer.go index 3d09773bb..a190c2902 100644 --- a/core/crypto/auth/signer.go +++ b/core/crypto/auth/signer.go @@ -18,16 +18,6 @@ type Signature struct { Type string `json:"signature_type"` } -// Verify verifies the signature against the given message and public key. -func (s *Signature) Verify(senderPubKey, msg []byte) error { - a, err := getAuthenticator(s.Type) - if err != nil { - return err - } - - return a.Verify(senderPubKey, msg, s.Signature) -} - // Signer is an interface for something that can sign messages. // It returns signatures with a designated AuthType, which should // be used to determine how to verify the signature. @@ -37,6 +27,12 @@ type Signer interface { // PublicKey returns the public key of the signer PublicKey() []byte + + // Authenticator returns the corresponding Authenticator that must work with + // signatures produced by this signer. Not all Authenticators have a + // corresponding Signer, but all Signers must have an Authenticator, which + // this method guarantees. + Authenticator() Authenticator } // EthPersonalSecp256k1Signer is a signer that signs messages using the @@ -66,6 +62,18 @@ func (e *EthPersonalSigner) Sign(msg []byte) (*Signature, error) { }, nil } +// Address generates an ethereum address from a public key. +func (e *EthPersonalSigner) Address() (string, error) { + pubBytes := e.PublicKey() + return EthSecp256k1Authenticator{}.Address(pubBytes) +} + +// Authenticator returns the Authenticator capable of Verifying signatures +// produced by this Signer. +func (e *EthPersonalSigner) Authenticator() Authenticator { + return EthSecp256k1Authenticator{} +} + // PublicKey returns the public key of the signer func (e *EthPersonalSigner) PublicKey() []byte { return e.Secp256k1PrivateKey.PubKey().Bytes() @@ -97,3 +105,15 @@ func (e *Ed25519Signer) Sign(msg []byte) (*Signature, error) { func (e *Ed25519Signer) PublicKey() []byte { return e.Ed25519PrivateKey.PubKey().Bytes() } + +// Address generates an ethereum address from a public key. +func (e *Ed25519Signer) Address() (string, error) { + pubBytes := e.PublicKey() + return Ed25519Authenticator{}.Address(pubBytes) +} + +// Authenticator returns the Authenticator capable of Verifying signatures +// produced by this Signer. +func (e *Ed25519Signer) Authenticator() Authenticator { + return Ed25519Authenticator{} +} diff --git a/core/types/transactions/message.go b/core/types/transactions/message.go index 49567546a..76808b82d 100644 --- a/core/types/transactions/message.go +++ b/core/types/transactions/message.go @@ -97,10 +97,16 @@ func CreateCallMessage(payload *ActionCall) (*CallMessage, error) { }, nil } +// SerializeMsg produces the serialization of the message that is to be used in +// both signing and verification of message. +func (s *CallMessage) SerializeMsg() ([]byte, error) { + return s.Body.SerializeMsg(s.Serialization) +} + // Sign signs message body with given signer. It will serialize the message // body to get message-to-be-sign first, then sign it. func (s *CallMessage) Sign(signer auth.Signer) error { - msg, err := s.Body.SerializeMsg(s.Serialization) + msg, err := s.SerializeMsg() if err != nil { return err } @@ -119,18 +125,3 @@ func (s *CallMessage) Sign(signer auth.Signer) error { func (s *CallMessage) IsSigned() bool { return s.Signature != nil && s.Sender != nil } - -// Verify verifies the authenticity of a signed message. It will serialize -// the message body to get message-to-be-sign, then verify it . -func (s *CallMessage) Verify() error { - if !s.IsSigned() { - return errors.New("message is not signed") - } - - msg, err := s.Body.SerializeMsg(s.Serialization) - if err != nil { - return err - } - - return s.Signature.Verify(s.Sender, msg) -} diff --git a/core/types/transactions/message_test.go b/core/types/transactions/message_test.go index 2e58a6ba6..428a5ae27 100644 --- a/core/types/transactions/message_test.go +++ b/core/types/transactions/message_test.go @@ -162,8 +162,13 @@ func TestCallMessage_Sign(t *testing.T) { require.Equal(t1, hex.EncodeToString(tt.wantSig.Signature), hex.EncodeToString(msg.Signature.Signature), "mismatch signature") - err = msg.Verify() - require.NoError(t1, err, "error verifying tx") + require.True(t, msg.IsSigned()) + msgBts, err := msg.SerializeMsg() + require.NoError(t1, err, "error serializing message") + + authenticator := tt.args.signer.Authenticator() + err = authenticator.Verify(msg.Sender, msgBts, msg.Signature.Signature) + require.NoError(t1, err, "error verifying message") }) } diff --git a/core/types/transactions/transaction.go b/core/types/transactions/transaction.go index 0ce3f1ee1..e8b56eb96 100644 --- a/core/types/transactions/transaction.go +++ b/core/types/transactions/transaction.go @@ -136,15 +136,10 @@ type Transaction struct { Sender []byte } -// Verify verifies the signature of the transaction -// It will deserialize the transaction body and verify the signature -func (t *Transaction) Verify() error { - msg, err := t.Body.SerializeMsg(t.Serialization) - if err != nil { - return err - } - - return t.Signature.Verify(t.Sender, msg) +// SerializeMsg produces the serialization of the transaction that is to be used +// in both signing and verification of transaction. +func (t *Transaction) SerializeMsg() ([]byte, error) { + return t.Body.SerializeMsg(t.Serialization) } // Sign signs transaction body with given signer. diff --git a/core/types/transactions/transaction_test.go b/core/types/transactions/transaction_test.go index eec7840db..08e0b9c10 100644 --- a/core/types/transactions/transaction_test.go +++ b/core/types/transactions/transaction_test.go @@ -134,8 +134,12 @@ func TestTransaction_Sign(t *testing.T) { require.Equal(t1, hex.EncodeToString(tt.wantSig.Signature), hex.EncodeToString(tx.Signature.Signature), "mismatch signature") - err = tx.Verify() - require.NoError(t1, err, "error verifying tx") + msgBts, err := tx.SerializeMsg() + require.NoError(t1, err, "error serializing message") + + authenticator := tt.args.signer.Authenticator() + err = authenticator.Verify(tx.Sender, msgBts, tx.Signature.Signature) + require.NoError(t1, err, "error verifying message") }) } } diff --git a/extensions/auth/auth.go b/extensions/auth/auth.go index 284f0728a..43ad03b5a 100644 --- a/extensions/auth/auth.go +++ b/extensions/auth/auth.go @@ -8,3 +8,20 @@ Build constraints a.k.a. build tags are used to enable extensions in a kwild binary. See README.md in the extensions package for more information. */ package auth + +import ( + "github.com/kwilteam/kwil-db/core/crypto/auth" + + // internal/ident is home to the Authenticator registry used by kwild, as + // well as the registry-powered verification functions used by kwild. The + // RegisterAuthenticator helper is provided here so that extension + // implementations may register themselves on import, but it would be fine + // to shift that responsibility to the importing code in kwild (these stubs) + "github.com/kwilteam/kwil-db/internal/ident" +) + +func RegisterAuthenticator(name string, auth auth.Authenticator) error { + return ident.RegisterAuthenticator(name, auth) +} + +// var RegisterAuthenticator = ident.RegisterAuthenticator diff --git a/extensions/auth/ed25519_sha256.go b/extensions/auth/ed25519_sha256.go index 3cc8a5f25..c27a8aa22 100644 --- a/extensions/auth/ed25519_sha256.go +++ b/extensions/auth/ed25519_sha256.go @@ -13,7 +13,7 @@ import ( ) func init() { - err := auth.RegisterAuthenticator(Ed25519Sha256Auth, Ed22519Sha256Authenticator{}) + err := RegisterAuthenticator(Ed25519Sha256Auth, Ed22519Sha256Authenticator{}) if err != nil { panic(err) } diff --git a/internal/abci/abci.go b/internal/abci/abci.go index c5f74dc9c..cd4bd047e 100644 --- a/internal/abci/abci.go +++ b/internal/abci/abci.go @@ -13,6 +13,7 @@ import ( "github.com/kwilteam/kwil-db/core/types/transactions" "github.com/kwilteam/kwil-db/core/utils" engineTypes "github.com/kwilteam/kwil-db/internal/engine/types" + "github.com/kwilteam/kwil-db/internal/ident" "github.com/kwilteam/kwil-db/internal/kv" modDataset "github.com/kwilteam/kwil-db/internal/modules/datasets" modVal "github.com/kwilteam/kwil-db/internal/modules/validators" @@ -236,7 +237,7 @@ func (a *AbciApp) CheckTx(incoming abciTypes.RequestCheckTx) abciTypes.ResponseC } // Verify Signature - err = tx.Verify() + err = ident.VerifyTransaction(tx) if err != nil { code = CodeInvalidSignature logger.Error("failed to verify transaction", zap.Error(err)) diff --git a/internal/engine/engine_test.go b/internal/engine/engine_test.go index d8820a3c4..17e3a27ea 100644 --- a/internal/engine/engine_test.go +++ b/internal/engine/engine_test.go @@ -15,6 +15,7 @@ import ( engine "github.com/kwilteam/kwil-db/internal/engine" "github.com/kwilteam/kwil-db/internal/engine/types" "github.com/kwilteam/kwil-db/internal/engine/types/testdata" + "github.com/kwilteam/kwil-db/internal/ident" "github.com/kwilteam/kwil-db/internal/sql" sqlTesting "github.com/kwilteam/kwil-db/internal/sql/testing" "github.com/stretchr/testify/assert" @@ -23,7 +24,7 @@ import ( func newTestEngine(ctx context.Context, ec engine.CommitRegister, opts ...engine.EngineOpt) (*engine.Engine, func() error, error) { opener := newTestDBOpener() - e, err := engine.Open(ctx, opener, ec, auth.GetAddress, + e, err := engine.Open(ctx, opener, ec, ident.Address, opts..., ) if err != nil { diff --git a/internal/ident/auth.go b/internal/ident/auth.go new file mode 100644 index 000000000..58020e287 --- /dev/null +++ b/internal/ident/auth.go @@ -0,0 +1,74 @@ +/* +Package ident provides the functions required by kwild for message and +transaction signature verification, and address derivation. Out of the box it +supports verification with signatures created by one of the required default +signers in core/crypto/auth. + +It also contains the Authenticator registry used by these methods. The registry +is populated by: (1) automatically registering the default Authenticators, and +(2) importing any auth extensions at or near the level of package main. +*/ +package ident + +import ( + "errors" + "fmt" + "strings" + + "github.com/kwilteam/kwil-db/core/crypto/auth" // Signature type and Authenticator interface +) + +var ( + // ErrAuthenticatorExists is returned when an authenticator is already registered + ErrAuthenticatorExists = errors.New("authenticator already exists") + // ErrAuthenticatorNotFound is returned when an authenticator is not found + ErrAuthenticatorNotFound = errors.New("authenticator not found") +) + +// registeredAuthenticators is the Authenticator registry used by kwild. +var registeredAuthenticators = make(map[string]auth.Authenticator) + +// RegisterAuthenticator registers an authenticator with a given name +func RegisterAuthenticator(name string, auth auth.Authenticator) error { + name = strings.ToLower(name) + if _, ok := registeredAuthenticators[name]; ok { + return fmt.Errorf("%w: %s", ErrAuthenticatorExists, name) + } + + registeredAuthenticators[name] = auth + return nil +} + +// getAuthenticator returns an authenticator by the name it was registered with +func getAuthenticator(name string) (auth.Authenticator, error) { + name = strings.ToLower(name) + auth, ok := registeredAuthenticators[name] + if !ok { + return nil, fmt.Errorf("%w: %s", ErrAuthenticatorNotFound, name) + } + + return auth, nil +} + +// verifySig verifies the signature given a signer's public key and the message. +// The type of the Signature determines how the message digest is prepared, and +// what key type is used. The function requires an Authenticator to be +// registered for the signature type. See VerifyTransaction and VerifyMessage in +// verify.go. +func verifySig(pubkey, msg []byte, sig *auth.Signature) error { + authn, err := getAuthenticator(sig.Type) + if err != nil { + return fmt.Errorf("%w: %s", ErrAuthenticatorNotFound, sig.Type) + } + return authn.Verify(pubkey, msg, sig.Signature) +} + +// Address returns an address from a public key and authenticator type. The +// function requires an Authenticator to be registered for the signature type. +func Address(authType string, sender []byte) (string, error) { + authn, err := getAuthenticator(authType) + if err != nil { + return "", err + } + return authn.Address(sender) +} diff --git a/internal/ident/defaults.go b/internal/ident/defaults.go new file mode 100644 index 000000000..8ca47a0d5 --- /dev/null +++ b/internal/ident/defaults.go @@ -0,0 +1,19 @@ +package ident + +import "github.com/kwilteam/kwil-db/core/crypto/auth" + +// Register the two Authenticators required by kwild. The implementations of +// these are defined in the SDK (core module) since their counterpart signers +// must correspond exactly in their message handling. + +func init() { + err := RegisterAuthenticator(auth.Ed25519Auth, auth.Ed25519Authenticator{}) + if err != nil { + panic(err) + } + + err = RegisterAuthenticator(auth.EthPersonalSignAuth, auth.EthSecp256k1Authenticator{}) + if err != nil { + panic(err) + } +} diff --git a/internal/ident/verify.go b/internal/ident/verify.go new file mode 100644 index 000000000..482706e8e --- /dev/null +++ b/internal/ident/verify.go @@ -0,0 +1,30 @@ +package ident + +import ( + "github.com/kwilteam/kwil-db/core/crypto/auth" + "github.com/kwilteam/kwil-db/core/types/transactions" +) + +type msgSerializer interface { + SerializeMsg() ([]byte, error) +} + +func verify(obj msgSerializer, pubkey []byte, sig *auth.Signature) error { + msg, err := obj.SerializeMsg() + if err != nil { + return err + } + return verifySig(pubkey, msg, sig) +} + +// VerifyTransaction verifies a transaction's signature using the Authenticator +// registry in this package. +func VerifyTransaction(tx *transactions.Transaction) error { + return verify(tx, tx.Sender, tx.Signature) +} + +// VerifyMessage verifies a message's signature using the Authenticator +// registry in this package. +func VerifyMessage(callMsg *transactions.CallMessage) error { + return verify(callMsg, callMsg.Sender, callMsg.Signature) +} diff --git a/internal/modules/datasets/read.go b/internal/modules/datasets/read.go index de1e63e62..e7e535e1c 100644 --- a/internal/modules/datasets/read.go +++ b/internal/modules/datasets/read.go @@ -7,6 +7,7 @@ import ( "github.com/kwilteam/kwil-db/core/types/transactions" "github.com/kwilteam/kwil-db/internal/engine" engineTypes "github.com/kwilteam/kwil-db/internal/engine/types" + "github.com/kwilteam/kwil-db/internal/ident" ) // Call executes a call action on a database. It is a read-only action. @@ -17,7 +18,7 @@ func (u *DatasetModule) Call(ctx context.Context, dbid string, action string, ar engine.ReadOnly(true), } if msg.IsSigned() { - err := msg.Verify() + err := ident.VerifyMessage(msg) if err != nil { return nil, fmt.Errorf(`%w: failed to verify signed message: %s`, ErrAuthenticationFailed, err.Error()) } diff --git a/internal/services/grpc/txsvc/v1/broadcast.go b/internal/services/grpc/txsvc/v1/broadcast.go index d2012f8b1..7825d82f7 100644 --- a/internal/services/grpc/txsvc/v1/broadcast.go +++ b/internal/services/grpc/txsvc/v1/broadcast.go @@ -6,6 +6,7 @@ import ( "github.com/kwilteam/kwil-db/core/rpc/conversion" txpb "github.com/kwilteam/kwil-db/core/rpc/protobuf/tx/v1" + "github.com/kwilteam/kwil-db/internal/ident" "go.uber.org/zap" "google.golang.org/grpc/codes" @@ -26,7 +27,7 @@ func (s *Service) Broadcast(ctx context.Context, req *txpb.BroadcastRequest) (*t logger = logger.With(zap.String("from", hex.EncodeToString(tx.Sender))) - err = tx.Verify() + err = ident.VerifyTransaction(tx) if err != nil { logger.Error("failed to verify transaction", zap.Error(err)) return nil, status.Errorf(codes.Unauthenticated, "failed to verify transaction: %s", err) diff --git a/internal/services/grpc/txsvc/v1/call.go b/internal/services/grpc/txsvc/v1/call.go index e289541be..25258b245 100644 --- a/internal/services/grpc/txsvc/v1/call.go +++ b/internal/services/grpc/txsvc/v1/call.go @@ -7,6 +7,7 @@ import ( "github.com/kwilteam/kwil-db/core/rpc/conversion" txpb "github.com/kwilteam/kwil-db/core/rpc/protobuf/tx/v1" "github.com/kwilteam/kwil-db/core/types/transactions" + "github.com/kwilteam/kwil-db/internal/ident" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -19,7 +20,7 @@ func (s *Service) Call(ctx context.Context, req *txpb.CallRequest) (*txpb.CallRe } if msg.Sender != nil { - err = msg.Verify() + err = ident.VerifyMessage(msg) if err != nil { return nil, status.Errorf(codes.InvalidArgument, "failed to verify signed message: %s", err.Error()) } diff --git a/internal/sql/sqlite/functions/addresses/addresses.go b/internal/sql/sqlite/functions/addresses/addresses.go index 7073ac071..58d124cb7 100644 --- a/internal/sql/sqlite/functions/addresses/addresses.go +++ b/internal/sql/sqlite/functions/addresses/addresses.go @@ -6,8 +6,8 @@ import ( "fmt" "github.com/kwilteam/go-sqlite" - "github.com/kwilteam/kwil-db/core/crypto/auth" "github.com/kwilteam/kwil-db/internal/engine/types" // this is the one binding to engine in sql/sqlite + "github.com/kwilteam/kwil-db/internal/ident" ) func Register(c *sqlite.Conn) error { @@ -46,12 +46,12 @@ func addressFunc(ctx sqlite.Context, args []sqlite.Value) (sqlite.Value, error) return raiseErr(addressFuncName, fmt.Errorf("expected 1 argument, got %d", len(args))) } - ident, err := getIdentifier(args[0]) + identifier, err := getIdentifier(args[0]) if err != nil { return raiseErr(addressFuncName, fmt.Errorf("failed to read public key identifier: %w", err)) } - address, err := auth.GetAddress(ident.AuthType, ident.PublicKey) + address, err := ident.Address(identifier.AuthType, identifier.PublicKey) if err != nil { return raiseErr(addressFuncName, fmt.Errorf("failed to get address: %w", err)) }