Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Auth Next implementation in Soroban Host #645

Merged
merged 19 commits into from
Feb 2, 2023
Merged

Initial Auth Next implementation in Soroban Host #645

merged 19 commits into from
Feb 2, 2023

Conversation

dmkozh
Copy link
Contributor

@dmkozh dmkozh commented Jan 31, 2023

What

This is the initial implementation iteration of the Auth Next proposal.

This is based on the XDR changes (to be merged) from stellar/stellar-xdr#65

On a high level, this PR introduces the following:

  • Support for the unified Address host object type that can be used to represent either classic Stellar accounts or generic contract-based account. This replaces AccountId and Identifier types, as well as invoker/source_account etc. in the public interfaces. Address can be passed around via contract interfaces, used in the data storage keys, as well as used in authorization flows.
  • Implementation of the require_auth host function that enforces an authorization of the current contract call from the given Address. The authorization data with the corresponding signature(s) is passed along with the contract invocation transaction.
  • Behind the scenes of require_auth is AuthorizationManager (auth.rs) that keeps track of the call stacks to provide the proper signature context, ensures that authorizations aren't reused, and performs authentication using the proper account contract. It also has a recording mode that allows to record require_auth calls with the context instead of enforcing them.
  • Updated of the built-in token contract to use the Auth Next functionality
  • Basic support for the custom account contracts

Why

The Auth Next motivation is in the proposal. The general idea is that we want to provide a protocol-defined support for generalized authorization of nested contract invocations, customizable authentication via account abstraction and structured signatures payloads that allow for better wallet integration.

Known limitations

This does some foundational work on Auth Next, and followups of various scope are required. Some notable followups are:

  • More test coverage, especially for deep/wide contract invocation trees.
  • Better error reporting with corresponding new error types
  • Better support for custom account contracts (protect check_auth to allow for safe ledger writes, allow only self-reentrance, maybe update interface etc.)
  • Temporary/ephemeral storage implementation for safer implementation of allowance based patterns and corresponding token update
  • Temporary/ephemeral nonces (instead of auto-increment) for better concurrency/lower ledger space usage/easier signature flows

dmkozh added 8 commits January 30, 2023 20:33
@dmkozh
Update the common environment interface.
89d93d4 
- Remove functions that are not anticipated to be used/useful with Auth Next (mostly account-related functions, as well as some unimplemented helpers)
- Add `require_auth` function that is the entry point to Auth Next.
@dmkozh
Added support for ScAddress/NonceKey objects and removed support …
a8e3d0b 
…for `AccountId` as host object.
@dmkozh
Implementation of AuthorizationManager and supporting functions.
86c4b47 
This is the core of the Auth Next implementation. `AuthorizationManager` allows enforcing the authorization requirements or recording them, as well as performs authentication when needed, keeps track of the call stacks etc.

Also added the built-in account 'contract' that handles authentication for the classic accounts. This is a contract just conceptually, it doesn't mean to support the actual contract interface.
@dmkozh
Host support for Auth Next.
95242db 
- Added `require_auth` function and functions to support the recording mode and testing
- Updated the public env interface according to the common env changes.
- Removed network_passphrase in order to be more consistent with Core and remove some confusion around which one should be used
@dmkozh
Updated built-in token interface & implementation to be compatible wi…
01f0ca3 
…th Auth Next.
@dmkozh
Token test utils and test updates.
86db47f 
Currently this provides most of the coverage for Auth Next in Host.

Testing this is quite tricky. As a followup and after the respective SDK updates we should add more tests that use non-built-in contracts with various deep invocation trees, multiple accounts etc.
@dmkozh
Test updates for replacing network passphrase with id.
8db0f2b
@dmkozh
Added a simple account contract and updated the tests contracts/Wasm …
3eff148 
…files.
@dmkozh dmkozh requested review from graydon, sisuresh and a team as code owners January 31, 2023 01:36
@dmkozh
Copy link
Contributor Author

dmkozh commented Jan 31, 2023

Build is supposed to be failing until the XDR changes are merged and pinned here.

sisuresh
sisuresh reviewed Feb 1, 2023
View reviewed changes
Copy link
Contributor

@sisuresh sisuresh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still reviewing. Just a couple comments at the moment.

soroban-env-host/src/host/metered_clone.rs Outdated Show resolved Hide resolved
soroban-env-host/src/auth.rs Outdated Show resolved Hide resolved
soroban-env-host/src/auth.rs Show resolved Hide resolved
paulbellamy pushed a commit to stellar/stellar-cli that referenced this pull request Feb 2, 2023
Switch on the auth recording mode on the host
343a11c 
Guess based on: stellar/rs-soroban-env#645
@paulbellamy paulbellamy mentioned this pull request Feb 2, 2023
Closed
@2opremio 2opremio mentioned this pull request Feb 2, 2023
Merged
@tsachiherman tsachiherman mentioned this pull request Feb 2, 2023
Closed
dmkozh added 2 commits February 2, 2023 13:36
@dmkozh
!fixup Cleanup rollback/reset logic
4ef6dcd 
- Store recording mode tracker pointers in rollback snapshots
- In tests, reset the whole `AuthorizationManager` instead of relying on cleaning up/storing individual fields
@dmkozh
! fixup Create new recording trackers for the new trees.
4c073b9
@dmkozh dmkozh merged commit fc611e5 into stellar:main Feb 2, 2023
@dmkozh dmkozh mentioned this pull request Feb 3, 2023
Merged
paulbellamy pushed a commit to stellar/stellar-cli that referenced this pull request Feb 6, 2023
Switch on the auth recording mode on the host
9207f99 
Guess based on: stellar/rs-soroban-env#645
@anupsdf anupsdf mentioned this pull request Jul 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sisuresh sisuresh sisuresh approved these changes

@leighmcculloch leighmcculloch leighmcculloch left review comments

@graydon graydon Awaiting requested review from graydon graydon is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmkozh @leighmcculloch @sisuresh