[sr-dev] [kamailio/kamailio] Feature/auth arnacon (PR #4470)

Wed, 12 Nov 2025 03:56:40 -0800 

<!-- Kamailio Pull Request Template -->

<!--
IMPORTANT:
  - for detailed contributing guidelines, read:
    https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
  - pull requests must be done to master branch, unless they are backports
    of fixes from master branch to a stable branch
  - backports to stable branches must be done with 'git cherry-pick -x 
...'
  - code is contributed under BSD for core and main components (tm, sl, auth, 
tls)
  - code is contributed GPLv2 or a compatible license for the other components
  - GPL code is contributed with OpenSSL licensing exception
-->

#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the 
checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING 
guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on 
sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, 
...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the 
checkboxes that apply -->
- [x] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)

#### Description
<!-- Describe your changes in detail -->

Add auth_arnacon module for ENS-based authentication with blockchain 
verification

This PR introduces a new authentication module that provides ENS (Ethereum Name 
Service) domain-based authentication with cryptographic signature verification. 
The module enables users to authenticate using their ENS domains (e.g., 
user.cellact.global) instead of traditional username/password combinations. The 
module uses blockchain networks (Ethereum/Polygon) to verify ENS domain 
ownership, then validates cryptographic signatures to authenticate users.

**Key Features:**
- ENS domain-based authentication via Ethereum/Polygon networks
- Blockchain-based ENS ownership verification through ENS Registry and Name 
Wrapper contracts
- ECDSA signature verification using secp256k1 for cryptographic authentication
- Support for both traditional and wrapped ENS domains with automatic detection
- Timestamp validation and replay attack protection via configurable signature 
timeout
- Multi-network support (Polygon, Ethereum mainnet, testnets, custom networks)
- Configurable parameters: ens_registry_address, rpc_url, signature_timeout, 
debug_mode
- Implemented functions: arnacon_authenticate and arnacon_user_exists for SIP 
authentication
- Comprehensive error handling for network failures and blockchain connectivity 
issues

**Files Added:**
- auth_arnacon.c, auth_arnacon.h (main module files)
- arnacon_core.c, arnacon_core.h (core ENS resolution and signature 
verification)
- keccak256.c, keccak256.h (Keccak-256 hashing implementation)
- Comprehensive documentation in doc/ subfolder (auth_arnacon.xml, 
auth_arnacon_params.xml, auth_arnacon_functions.xml, auth_arnacon_faq.xml)
- Makefile and CMakeLists.txt with libcurl and libsecp256k1 dependency handling

**Testing Summary:**
- **Build Verification:** Module compiles successfully with curl and secp256k1 
dependencies
- **Load Testing:** Module loads without errors in Kamailio configuration
- **Authentication Scenarios:**
  - Valid credentials: Successful authentication with correct ENS domain and 
signature
  - ENS domain authentication: Support for ENS domain-based authentication 
(e.g., user.cellact.global)
  - Invalid credentials: Proper rejection of invalid signatures or non-existent 
ENS domains
  - Network failures: Graceful handling of blockchain RPC connectivity issues
  - Parameter validation: All module parameters properly validated
- **Security Testing:**
  - Timestamp validation: Replay attack prevention via signature timeout
  - Signature verification: ECDSA signature recovery and address matching
  - ENS ownership verification: Blockchain state verification for domain 
ownership

**Documentation Status:**
- Complete XML documentation in doc/ subfolder
- Module parameters documented (auth_arnacon_params.xml)
- Functions documented (auth_arnacon_functions.xml)
- FAQ section with troubleshooting and configuration examples 
(auth_arnacon_faq.xml)
- Configuration examples provided for Polygon and Ethereum networks
- Usage patterns and best practices included

**Limitations:**
- Requires external blockchain RPC endpoints (Polygon/Ethereum for ENS 
resolution)
- Network dependency for authentication (no offline fallback)
- Requires libcurl library for HTTP requests to blockchain RPC endpoints
- Requires libsecp256k1 library for ECDSA signature operations
- Authentication speed depends on blockchain network response time
- ENS resolution requires RPC calls to blockchain network

**Build System:**
- Uses standard Kamailio Makefile with curl and secp256k1 library linking
- Includes CMakeLists.txt with proper dependency handling using 
find_package(CURL) and pkg_check_modules for secp256k1
- Module included in MOD_LIST_UTILS in cmake/groups.cmake

This module provides ENS-based authentication that leverages blockchain 
networks for domain ownership verification and cryptographic signatures for 
secure SIP authentication.
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/4470

-- Commit Summary --

  * cmake: add auth_arnacon to MOD_LIST_UTILS group
  * auth_arnacon: initial ENS-based authentication module

-- File Changes --

    M cmake/groups.cmake (2)
    A src/modules/auth_arnacon/CMakeLists.txt (29)
    A src/modules/auth_arnacon/Makefile (15)
    A src/modules/auth_arnacon/README (510)
    A src/modules/auth_arnacon/arnacon_core.c (1034)
    A src/modules/auth_arnacon/arnacon_core.h (156)
    A src/modules/auth_arnacon/auth_arnacon.c (340)
    A src/modules/auth_arnacon/auth_arnacon.h (20)
    A src/modules/auth_arnacon/doc/Makefile (6)
    A src/modules/auth_arnacon/doc/auth_arnacon.xml (145)
    A src/modules/auth_arnacon/doc/auth_arnacon_faq.xml (196)
    A src/modules/auth_arnacon/doc/auth_arnacon_functions.xml (196)
    A src/modules/auth_arnacon/doc/auth_arnacon_params.xml (126)
    A src/modules/auth_arnacon/keccak256.c (339)
    A src/modules/auth_arnacon/keccak256.h (39)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/4470.patch
https://github.com/kamailio/kamailio/pull/4470.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4470
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/[email protected]>

_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to