Skip to main content

Module signed_chain

reddb_server::runtime

Module signed_chain 

Source
Expand description

Issue #526 — composition of KIND blockchain + SIGNED_BY (...).

Locks the contract a KIND blockchain SIGNED_BY (...) collection ships:

  • The block hash binds the chain fields AND the row’s signer pubkey + signature. Tampering with either reserved column breaks verify_chain at that height — the hash is now a function of (prev_hash, block_height, timestamp, canonical(payload), signer_pubkey, signature).
  • Genesis is exempt: block_height == 0 carries the all-zero pubkey and an empty signature so the collection can be created before any signer registers a row. Every subsequent block MUST carry a non-genesis (allowed-signer) signature.
  • verify_chain_with_signatures walks the chain and additionally re-verifies the Ed25519 signature on each non-genesis block, so an integrity scan flags signature tampering even when the stored hash was recomputed to “match” the tampered bytes.

This module is pure logic on top of the audited primitives in storage::blockchain and storage::signed_writes. Runtime wiring (INSERT pipeline composition, DDL persistence of the registry on a KIND blockchain collection, REST error mapping) is owned by the parent issues #522 and #524 and is consumed by this module via the same primitives once both land.

Structs§

SignedChainVerifyOutcome
Outcome of verify_chain_with_signatures. Distinguishes “hash chain is broken” (recomputed hash differs from stored hash) from “signature is invalid” (hash chain still links but the stored signature does NOT verify against the stored pubkey over the canonical payload).

Constants§

GENESIS_SIGNATURE
Empty signature recorded on the genesis row. Pair with GENESIS_SIGNER_PUBKEY.
GENESIS_SIGNER_PUBKEY
All-zero pubkey marker recorded on the genesis row of a signed chain. Documented exemption: the genesis block predates any signer’s first INSERT so it cannot itself carry a real signature.
RESERVED_COLUMNS_SIGNED_CHAIN
Reserved column set for a KIND blockchain SIGNED_BY (...) collection — the union of the chain reserved columns and the signed-writes reserved columns.

Functions§

genesis_signed_fields
Genesis row builder for a signed chain. Returns the field list that execute_create_collection writes when the collection has both KIND blockchain and a non-empty signer registry.
is_genesis_signed_marker
True for the documented genesis exemption pair (null pubkey + null signature). Used by the verify walker to skip Ed25519 verification on the genesis row.
make_signed_block_reserved_fields
Build the reserved-column field list + hash for a new block on a signed chain. Caller supplies the row’s canonical payload bytes (engine’s canonical payload encoder, identical to what the client signed) and the signer fields produced by the client.
verify_chain_with_signatures
Issue #526 — walk a signed chain end-to-end. Combines: