From d25f460b63b3a821a7adb7f94b44c4152f399fa7 Mon Sep 17 00:00:00 2001
From: Rakan Alhneiti <rakan.alhneiti@gmail.com>
Date: Thu, 18 Jun 2020 20:37:49 +0200
Subject: [PATCH] Babe VRF Signing in keystore (#6225)
* Introduce trait
* Implement VRFSigner in keystore
* Use vrf_sign from keystore
* Convert output to VRFInOut
* Simplify conversion
* vrf_sign secondary slot using keystore
* Fix RPC call to claim_slot
* Use Public instead of Pair
* Check primary threshold in signer
* Fix interface to return error
* Move vrf_sign to BareCryptoStore
* Fix authorship_works test
* Fix BABE logic leaks
* Acquire a read lock once
* Also fix RPC acquiring the read lock once
* Implement a generic way to construct VRF Transcript
* Use make_transcript_data to call sr25519_vrf_sign
* Make sure VRFTranscriptData is serializable
* Cleanup
* Move VRF to it's own module
* Implement & test VRF signing in testing module
* Remove leftover
* Fix feature requirements
* Revert removing vec macro
* Drop keystore pointer to prevent deadlock
* Nitpicks
* Add test to make sure make_transcript works
* Fix mismatch in VRF transcript
* Add a test to verify transcripts match in babe
* Return VRFOutput and VRFProof from keystore
---
substrate/Cargo.lock | 4 +
substrate/client/consensus/babe/Cargo.toml | 1 +
.../client/consensus/babe/rpc/Cargo.toml | 2 +-
.../client/consensus/babe/rpc/src/lib.rs | 22 +--
.../client/consensus/babe/src/authorship.rs | 133 ++++++++++--------
substrate/client/consensus/babe/src/tests.rs | 48 ++++++-
substrate/client/keystore/Cargo.toml | 3 +-
substrate/client/keystore/src/lib.rs | 21 ++-
.../primitives/consensus/babe/Cargo.toml | 2 +
.../primitives/consensus/babe/src/lib.rs | 19 +++
substrate/primitives/core/Cargo.toml | 1 +
substrate/primitives/core/src/lib.rs | 2 +
substrate/primitives/core/src/testing.rs | 86 +++++++++--
substrate/primitives/core/src/traits.rs | 45 ++++--
substrate/primitives/core/src/vrf.rs | 99 +++++++++++++
15 files changed, 394 insertions(+), 94 deletions(-)
create mode 100644 substrate/primitives/core/src/vrf.rs
diff --git a/substrate/Cargo.lock b/substrate/Cargo.lock
index 2c1d3e2c4b1..1a1cee642e3 100644
--- a/substrate/Cargo.lock
+++ b/substrate/Cargo.lock
@@ -6092,6 +6092,7 @@ dependencies = [
"parking_lot 0.10.2",
"pdqselect",
"rand 0.7.3",
+ "rand_chacha 0.2.2",
"sc-block-builder",
"sc-client-api",
"sc-consensus-epochs",
@@ -6425,6 +6426,7 @@ version = "2.0.0-rc3"
dependencies = [
"derive_more",
"hex",
+ "merlin",
"parking_lot 0.10.2",
"rand 0.7.3",
"serde_json",
@@ -7456,6 +7458,7 @@ dependencies = [
"sp-application-crypto",
"sp-consensus",
"sp-consensus-vrf",
+ "sp-core",
"sp-inherents",
"sp-runtime",
"sp-std",
@@ -7511,6 +7514,7 @@ dependencies = [
"pretty_assertions",
"primitive-types",
"rand 0.7.3",
+ "rand_chacha 0.2.2",
"regex",
"schnorrkel",
"serde",
diff --git a/substrate/client/consensus/babe/Cargo.toml b/substrate/client/consensus/babe/Cargo.toml
index 86bc5b19f13..cf4e32a94c0 100644
--- a/substrate/client/consensus/babe/Cargo.toml
+++ b/substrate/client/consensus/babe/Cargo.toml
@@ -58,6 +58,7 @@ sc-service = { version = "0.8.0-rc3", default-features = false, path = "../../se
substrate-test-runtime-client = { version = "2.0.0-rc3", path = "../../../test-utils/runtime/client" }
sc-block-builder = { version = "0.8.0-rc3", path = "../../block-builder" }
env_logger = "0.7.0"
+rand_chacha = "0.2.2"
tempfile = "3.1.0"
[features]
diff --git a/substrate/client/consensus/babe/rpc/Cargo.toml b/substrate/client/consensus/babe/rpc/Cargo.toml
index 79cff3eb387..401434cadbd 100644
--- a/substrate/client/consensus/babe/rpc/Cargo.toml
+++ b/substrate/client/consensus/babe/rpc/Cargo.toml
@@ -27,12 +27,12 @@ derive_more = "0.99.2"
sp-api = { version = "2.0.0-rc3", path = "../../../../primitives/api" }
sp-consensus = { version = "0.8.0-rc3", path = "../../../../primitives/consensus/common" }
sp-core = { version = "2.0.0-rc3", path = "../../../../primitives/core" }
+sp-application-crypto = { version = "2.0.0-rc3", path = "../../../../primitives/application-crypto" }
sc-keystore = { version = "2.0.0-rc3", path = "../../../keystore" }
[dev-dependencies]
sc-consensus = { version = "0.8.0-rc3", path = "../../../consensus/common" }
serde_json = "1.0.50"
-sp-application-crypto = { version = "2.0.0-rc3", path = "../../../../primitives/application-crypto" }
sp-keyring = { version = "2.0.0-rc3", path = "../../../../primitives/keyring" }
substrate-test-runtime-client = { version = "2.0.0-rc3", path = "../../../../test-utils/runtime/client" }
tempfile = "3.1.0"
diff --git a/substrate/client/consensus/babe/rpc/src/lib.rs b/substrate/client/consensus/babe/rpc/src/lib.rs
index 35000770d49..652f4f00baa 100644
--- a/substrate/client/consensus/babe/rpc/src/lib.rs
+++ b/substrate/client/consensus/babe/rpc/src/lib.rs
@@ -32,6 +32,11 @@ use sp_consensus_babe::{
digests::PreDigest,
};
use serde::{Deserialize, Serialize};
+use sp_core::{
+ crypto::Public,
+ traits::BareCryptoStore,
+};
+use sp_application_crypto::AppKey;
use sc_keystore::KeyStorePtr;
use sc_rpc_api::DenyUnsafe;
use sp_api::{ProvideRuntimeApi, BlockId};
@@ -125,22 +130,23 @@ impl<B, C, SC> BabeApi for BabeRpcHandler<B, C, SC>
let mut claims: HashMap<AuthorityId, EpochAuthorship> = HashMap::new();
- let key_pairs = {
- let keystore = keystore.read();
+ let keys = {
+ let ks = keystore.read();
epoch.authorities.iter()
.enumerate()
- .flat_map(|(i, a)| {
- keystore
- .key_pair::<sp_consensus_babe::AuthorityPair>(&a.0)
- .ok()
- .map(|kp| (kp, i))
+ .filter_map(|(i, a)| {
+ if ks.has_keys(&[(a.0.to_raw_vec(), AuthorityId::ID)]) {
+ Some((a.0.clone(), i))
+ } else {
+ None
+ }
})
.collect::<Vec<_>>()
};
for slot_number in epoch_start..epoch_end {
if let Some((claim, key)) =
- authorship::claim_slot_using_key_pairs(slot_number, &epoch, &key_pairs)
+ authorship::claim_slot_using_keys(slot_number, &epoch, &keystore, &keys)
{
match claim {
PreDigest::Primary { .. } => {
diff --git a/substrate/client/consensus/babe/src/authorship.rs b/substrate/client/consensus/babe/src/authorship.rs
index 1a6852c0c18..dfca491eaa8 100644
--- a/substrate/client/consensus/babe/src/authorship.rs
+++ b/substrate/client/consensus/babe/src/authorship.rs
@@ -16,18 +16,24 @@
//! BABE authority selection and slot claiming.
+use sp_application_crypto::AppKey;
use sp_consensus_babe::{
- make_transcript, AuthorityId, BabeAuthorityWeight, BABE_VRF_PREFIX,
- SlotNumber, AuthorityPair,
+ BABE_VRF_PREFIX,
+ AuthorityId, BabeAuthorityWeight,
+ SlotNumber,
+ make_transcript,
+ make_transcript_data,
};
use sp_consensus_babe::digests::{
PreDigest, PrimaryPreDigest, SecondaryPlainPreDigest, SecondaryVRFPreDigest,
};
use sp_consensus_vrf::schnorrkel::{VRFOutput, VRFProof};
-use sp_core::{U256, blake2_256};
+use sp_core::{U256, blake2_256, crypto::Public, traits::BareCryptoStore};
use codec::Encode;
-use schnorrkel::vrf::VRFInOut;
-use sp_core::Pair;
+use schnorrkel::{
+ keys::PublicKey,
+ vrf::VRFInOut,
+};
use sc_keystore::KeyStorePtr;
use super::Epoch;
@@ -124,7 +130,8 @@ pub(super) fn secondary_slot_author(
fn claim_secondary_slot(
slot_number: SlotNumber,
epoch: &Epoch,
- key_pairs: &[(AuthorityPair, usize)],
+ keys: &[(AuthorityId, usize)],
+ keystore: &KeyStorePtr,
author_secondary_vrf: bool,
) -> Option<(PreDigest, AuthorityId)> {
let Epoch { authorities, randomness, epoch_index, .. } = epoch;
@@ -139,31 +146,39 @@ fn claim_secondary_slot(
*randomness,
)?;
- for (pair, authority_index) in key_pairs {
- if pair.public() == *expected_author {
+ for (authority_id, authority_index) in keys {
+ if authority_id == expected_author {
let pre_digest = if author_secondary_vrf {
- let transcript = super::authorship::make_transcript(
+ let transcript_data = super::authorship::make_transcript_data(
randomness,
slot_number,
*epoch_index,
);
-
- let s = get_keypair(&pair).vrf_sign(transcript);
-
- PreDigest::SecondaryVRF(SecondaryVRFPreDigest {
- slot_number,
- vrf_output: VRFOutput(s.0.to_output()),
- vrf_proof: VRFProof(s.1),
- authority_index: *authority_index as u32,
- })
+ let result = keystore.read().sr25519_vrf_sign(
+ AuthorityId::ID,
+ authority_id.as_ref(),
+ transcript_data,
+ );
+ if let Ok(signature) = result {
+ Some(PreDigest::SecondaryVRF(SecondaryVRFPreDigest {
+ slot_number,
+ vrf_output: VRFOutput(signature.output),
+ vrf_proof: VRFProof(signature.proof),
+ authority_index: *authority_index as u32,
+ }))
+ } else {
+ None
+ }
} else {
- PreDigest::SecondaryPlain(SecondaryPlainPreDigest {
+ Some(PreDigest::SecondaryPlain(SecondaryPlainPreDigest {
slot_number,
authority_index: *authority_index as u32,
- })
+ }))
};
- return Some((pre_digest, pair.public()));
+ if let Some(pre_digest) = pre_digest {
+ return Some((pre_digest, authority_id.clone()));
+ }
}
}
@@ -179,26 +194,22 @@ pub fn claim_slot(
epoch: &Epoch,
keystore: &KeyStorePtr,
) -> Option<(PreDigest, AuthorityId)> {
- let key_pairs = {
- let keystore = keystore.read();
- epoch.authorities.iter()
- .enumerate()
- .flat_map(|(i, a)| {
- keystore.key_pair::<AuthorityPair>(&a.0).ok().map(|kp| (kp, i))
- })
- .collect::<Vec<_>>()
- };
- claim_slot_using_key_pairs(slot_number, epoch, &key_pairs)
+ let authorities = epoch.authorities.iter()
+ .enumerate()
+ .map(|(index, a)| (a.0.clone(), index))
+ .collect::<Vec<_>>();
+ claim_slot_using_keys(slot_number, epoch, keystore, &authorities)
}
/// Like `claim_slot`, but allows passing an explicit set of key pairs. Useful if we intend
/// to make repeated calls for different slots using the same key pairs.
-pub fn claim_slot_using_key_pairs(
+pub fn claim_slot_using_keys(
slot_number: SlotNumber,
epoch: &Epoch,
- key_pairs: &[(AuthorityPair, usize)],
+ keystore: &KeyStorePtr,
+ keys: &[(AuthorityId, usize)],
) -> Option<(PreDigest, AuthorityId)> {
- claim_primary_slot(slot_number, epoch, epoch.config.c, &key_pairs)
+ claim_primary_slot(slot_number, epoch, epoch.config.c, keystore, &keys)
.or_else(|| {
if epoch.config.allowed_slots.is_secondary_plain_slots_allowed() ||
epoch.config.allowed_slots.is_secondary_vrf_slots_allowed()
@@ -206,7 +217,8 @@ pub fn claim_slot_using_key_pairs(
claim_secondary_slot(
slot_number,
&epoch,
- &key_pairs,
+ keys,
+ keystore,
epoch.config.allowed_slots.is_secondary_vrf_slots_allowed(),
)
} else {
@@ -215,11 +227,6 @@ pub fn claim_slot_using_key_pairs(
})
}
-fn get_keypair(q: &AuthorityPair) -> &schnorrkel::Keypair {
- use sp_core::crypto::IsWrappedBy;
- sp_core::sr25519::Pair::from_ref(q).as_ref()
-}
-
/// Claim a primary slot if it is our turn. Returns `None` if it is not our turn.
/// This hashes the slot number, epoch, genesis hash, and chain randomness into
/// the VRF. If the VRF produces a value less than `threshold`, it is our turn,
@@ -228,33 +235,49 @@ fn claim_primary_slot(
slot_number: SlotNumber,
epoch: &Epoch,
c: (u64, u64),
- key_pairs: &[(AuthorityPair, usize)],
+ keystore: &KeyStorePtr,
+ keys: &[(AuthorityId, usize)],
) -> Option<(PreDigest, AuthorityId)> {
let Epoch { authorities, randomness, epoch_index, .. } = epoch;
- for (pair, authority_index) in key_pairs {
- let transcript = super::authorship::make_transcript(randomness, slot_number, *epoch_index);
-
+ for (authority_id, authority_index) in keys {
+ let transcript = super::authorship::make_transcript(
+ randomness,
+ slot_number,
+ *epoch_index
+ );
+ let transcript_data = super::authorship::make_transcript_data(
+ randomness,
+ slot_number,
+ *epoch_index
+ );
// Compute the threshold we will use.
//
// We already checked that authorities contains `key.public()`, so it can't
// be empty. Therefore, this division in `calculate_threshold` is safe.
let threshold = super::authorship::calculate_primary_threshold(c, authorities, *authority_index);
- let pre_digest = get_keypair(pair)
- .vrf_sign_after_check(transcript, |inout| super::authorship::check_primary_threshold(inout, threshold))
- .map(|s| {
- PreDigest::Primary(PrimaryPreDigest {
+ let result = keystore.read().sr25519_vrf_sign(
+ AuthorityId::ID,
+ authority_id.as_ref(),
+ transcript_data,
+ );
+ if let Ok(signature) = result {
+ let public = PublicKey::from_bytes(&authority_id.to_raw_vec()).ok()?;
+ let inout = match signature.output.attach_input_hash(&public, transcript) {
+ Ok(inout) => inout,
+ Err(_) => continue,
+ };
+ if super::authorship::check_primary_threshold(&inout, threshold) {
+ let pre_digest = PreDigest::Primary(PrimaryPreDigest {
slot_number,
- vrf_output: VRFOutput(s.0.to_output()),
- vrf_proof: VRFProof(s.1),
+ vrf_output: VRFOutput(signature.output),
+ vrf_proof: VRFProof(signature.proof),
authority_index: *authority_index as u32,
- })
- });
+ });
- // early exit on first successful claim
- if let Some(pre_digest) = pre_digest {
- return Some((pre_digest, pair.public()));
+ return Some((pre_digest, authority_id.clone()));
+ }
}
}
diff --git a/substrate/client/consensus/babe/src/tests.rs b/substrate/client/consensus/babe/src/tests.rs
index ada1332295d..1caed18c178 100644
--- a/substrate/client/consensus/babe/src/tests.rs
+++ b/substrate/client/consensus/babe/src/tests.rs
@@ -21,8 +21,14 @@
#![allow(deprecated)]
use super::*;
use authorship::claim_slot;
-use sp_core::crypto::Pair;
-use sp_consensus_babe::{AuthorityPair, SlotNumber, AllowedSlots};
+use sp_core::{crypto::Pair, vrf::make_transcript as transcript_from_data};
+use sp_consensus_babe::{
+ AuthorityPair,
+ SlotNumber,
+ AllowedSlots,
+ make_transcript,
+ make_transcript_data,
+};
use sc_block_builder::{BlockBuilder, BlockBuilderProvider};
use sp_consensus::{
NoNetwork as DummyOracle, Proposal, RecordProof,
@@ -35,6 +41,11 @@ use sp_runtime::{generic::DigestItem, traits::{Block as BlockT, DigestFor}};
use sc_client_api::{BlockchainEvents, backend::TransactionFor};
use log::debug;
use std::{time::Duration, cell::RefCell, task::Poll};
+use rand::RngCore;
+use rand_chacha::{
+ rand_core::SeedableRng,
+ ChaChaRng,
+};
type Item = DigestItem<Hash>;
@@ -796,3 +807,36 @@ fn verify_slots_are_strictly_increasing() {
&mut block_import,
);
}
+
+#[test]
+fn babe_transcript_generation_match() {
+ let _ = env_logger::try_init();
+ let keystore_path = tempfile::tempdir().expect("Creates keystore path");
+ let keystore = sc_keystore::Store::open(keystore_path.path(), None).expect("Creates keystore");
+ let pair = keystore.write().insert_ephemeral_from_seed::<AuthorityPair>("//Alice")
+ .expect("Generates authority pair");
+
+ let epoch = Epoch {
+ start_slot: 0,
+ authorities: vec![(pair.public(), 1)],
+ randomness: [0; 32],
+ epoch_index: 1,
+ duration: 100,
+ config: BabeEpochConfiguration {
+ c: (3, 10),
+ allowed_slots: AllowedSlots::PrimaryAndSecondaryPlainSlots,
+ },
+ };
+
+ let orig_transcript = make_transcript(&epoch.randomness.clone(), 1, epoch.epoch_index);
+ let new_transcript = make_transcript_data(&epoch.randomness, 1, epoch.epoch_index);
+
+ let test = |t: merlin::Transcript| -> [u8; 16] {
+ let mut b = [0u8; 16];
+ t.build_rng()
+ .finalize(&mut ChaChaRng::from_seed([0u8;32]))
+ .fill_bytes(&mut b);
+ b
+ };
+ debug_assert!(test(orig_transcript) == test(transcript_from_data(new_transcript)));
+}
diff --git a/substrate/client/keystore/Cargo.toml b/substrate/client/keystore/Cargo.toml
index 7ceffc9061a..47308dd692c 100644
--- a/substrate/client/keystore/Cargo.toml
+++ b/substrate/client/keystore/Cargo.toml
@@ -18,10 +18,11 @@ derive_more = "0.99.2"
sp-core = { version = "2.0.0-rc3", path = "../../primitives/core" }
sp-application-crypto = { version = "2.0.0-rc3", path = "../../primitives/application-crypto" }
hex = "0.4.0"
+merlin = { version = "2.0", default-features = false }
+parking_lot = "0.10.0"
rand = "0.7.2"
serde_json = "1.0.41"
subtle = "2.1.1"
-parking_lot = "0.10.0"
[dev-dependencies]
tempfile = "3.1.0"
diff --git a/substrate/client/keystore/src/lib.rs b/substrate/client/keystore/src/lib.rs
index 6510bb82327..5be4d6d12c6 100644
--- a/substrate/client/keystore/src/lib.rs
+++ b/substrate/client/keystore/src/lib.rs
@@ -20,7 +20,9 @@
use std::{collections::{HashMap, HashSet}, path::PathBuf, fs::{self, File}, io::{self, Write}, sync::Arc};
use sp_core::{
crypto::{IsWrappedBy, CryptoTypePublicPair, KeyTypeId, Pair as PairT, Protected, Public},
- traits::{BareCryptoStore, BareCryptoStoreError as TraitError},
+ traits::{BareCryptoStore, Error as TraitError},
+ sr25519::{Public as Sr25519Public, Pair as Sr25519Pair},
+ vrf::{VRFTranscriptData, VRFSignature, make_transcript},
Encode,
};
use sp_application_crypto::{AppKey, AppPublic, AppPair, ed25519, sr25519, ecdsa};
@@ -438,6 +440,23 @@ impl BareCryptoStore for Store {
fn has_keys(&self, public_keys: &[(Vec<u8>, KeyTypeId)]) -> bool {
public_keys.iter().all(|(p, t)| self.key_phrase_by_type(&p, *t).is_ok())
}
+
+ fn sr25519_vrf_sign(
+ &self,
+ key_type: KeyTypeId,
+ public: &Sr25519Public,
+ transcript_data: VRFTranscriptData,
+ ) -> std::result::Result<VRFSignature, TraitError> {
+ let transcript = make_transcript(transcript_data);
+ let pair = self.key_pair_by_type::<Sr25519Pair>(public, key_type)
+ .map_err(|e| TraitError::PairNotFound(e.to_string()))?;
+
+ let (inout, proof, _) = pair.as_ref().vrf_sign(transcript);
+ Ok(VRFSignature {
+ output: inout.to_output(),
+ proof,
+ })
+ }
}
#[cfg(test)]
diff --git a/substrate/primitives/consensus/babe/Cargo.toml b/substrate/primitives/consensus/babe/Cargo.toml
index 4884e9a9f4e..538b0a5b05c 100644
--- a/substrate/primitives/consensus/babe/Cargo.toml
+++ b/substrate/primitives/consensus/babe/Cargo.toml
@@ -17,6 +17,7 @@ codec = { package = "parity-scale-codec", version = "1.3.0", default-features =
merlin = { version = "2.0", default-features = false }
sp-std = { version = "2.0.0-rc3", default-features = false, path = "../../std" }
sp-api = { version = "2.0.0-rc3", default-features = false, path = "../../api" }
+sp-core = { version = "2.0.0-rc3", default-features = false, path = "../../core" }
sp-consensus = { version = "0.8.0-rc3", optional = true, path = "../common" }
sp-consensus-vrf = { version = "0.8.0-rc3", path = "../vrf", default-features = false }
sp-inherents = { version = "2.0.0-rc3", default-features = false, path = "../../inherents" }
@@ -26,6 +27,7 @@ sp-timestamp = { version = "2.0.0-rc3", default-features = false, path = "../../
[features]
default = ["std"]
std = [
+ "sp-core/std",
"sp-application-crypto/std",
"codec/std",
"merlin/std",
diff --git a/substrate/primitives/consensus/babe/src/lib.rs b/substrate/primitives/consensus/babe/src/lib.rs
index 9848715a47f..10d4aa5ae50 100644
--- a/substrate/primitives/consensus/babe/src/lib.rs
+++ b/substrate/primitives/consensus/babe/src/lib.rs
@@ -31,6 +31,8 @@ pub use merlin::Transcript;
use codec::{Encode, Decode};
use sp_std::vec::Vec;
use sp_runtime::{ConsensusEngineId, RuntimeDebug};
+#[cfg(feature = "std")]
+use sp_core::vrf::{VRFTranscriptData, VRFTranscriptValue};
use crate::digests::{NextEpochDescriptor, NextConfigDescriptor};
mod app {
@@ -94,6 +96,23 @@ pub fn make_transcript(
transcript
}
+/// Make a VRF transcript data container
+#[cfg(feature = "std")]
+pub fn make_transcript_data(
+ randomness: &Randomness,
+ slot_number: u64,
+ epoch: u64,
+) -> VRFTranscriptData {
+ VRFTranscriptData {
+ label: &BABE_ENGINE_ID,
+ items: vec![
+ ("slot number", VRFTranscriptValue::U64(slot_number)),
+ ("current epoch", VRFTranscriptValue::U64(epoch)),
+ ("chain randomness", VRFTranscriptValue::Bytes(&randomness[..])),
+ ]
+ }
+}
+
/// An consensus log item for BABE.
#[derive(Decode, Encode, Clone, PartialEq, Eq)]
pub enum ConsensusLog {
diff --git a/substrate/primitives/core/Cargo.toml b/substrate/primitives/core/Cargo.toml
index e1a281da6b0..69872349ff1 100644
--- a/substrate/primitives/core/Cargo.toml
+++ b/substrate/primitives/core/Cargo.toml
@@ -59,6 +59,7 @@ hex-literal = "0.2.1"
rand = "0.7.2"
criterion = "0.2.11"
serde_json = "1.0"
+rand_chacha = "0.2.2"
[[bench]]
name = "bench"
diff --git a/substrate/primitives/core/src/lib.rs b/substrate/primitives/core/src/lib.rs
index 5fbbf3ca6d5..1038c887e21 100644
--- a/substrate/primitives/core/src/lib.rs
+++ b/substrate/primitives/core/src/lib.rs
@@ -73,6 +73,8 @@ pub mod traits;
pub mod testing;
#[cfg(feature = "std")]
pub mod tasks;
+#[cfg(feature = "std")]
+pub mod vrf;
pub use self::hash::{H160, H256, H512, convert_hash};
pub use self::uint::{U256, U512};
diff --git a/substrate/primitives/core/src/testing.rs b/substrate/primitives/core/src/testing.rs
index d31fabce5bc..1d88e1fad55 100644
--- a/substrate/primitives/core/src/testing.rs
+++ b/substrate/primitives/core/src/testing.rs
@@ -22,10 +22,12 @@ use crate::crypto::KeyTypeId;
use crate::{
crypto::{Pair, Public, CryptoTypePublicPair},
ed25519, sr25519, ecdsa,
- traits::BareCryptoStoreError
+ traits::Error,
+ vrf::{VRFTranscriptData, VRFSignature, make_transcript},
};
#[cfg(feature = "std")]
use std::collections::HashSet;
+
/// Key type for generic Ed25519 key.
pub const ED25519: KeyTypeId = KeyTypeId(*b"ed25");
/// Key type for generic Sr 25519 key.
@@ -76,7 +78,7 @@ impl KeyStore {
#[cfg(feature = "std")]
impl crate::traits::BareCryptoStore for KeyStore {
- fn keys(&self, id: KeyTypeId) -> Result<Vec<CryptoTypePublicPair>, BareCryptoStoreError> {
+ fn keys(&self, id: KeyTypeId) -> Result<Vec<CryptoTypePublicPair>, Error> {
self.keys
.get(&id)
.map(|map| {
@@ -106,11 +108,11 @@ impl crate::traits::BareCryptoStore for KeyStore {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<sr25519::Public, BareCryptoStoreError> {
+ ) -> Result<sr25519::Public, Error> {
match seed {
Some(seed) => {
let pair = sr25519::Pair::from_string(seed, None)
- .map_err(|_| BareCryptoStoreError::ValidationError("Generates an `sr25519` pair.".to_owned()))?;
+ .map_err(|_| Error::ValidationError("Generates an `sr25519` pair.".to_owned()))?;
self.keys.entry(id).or_default().insert(pair.public().to_raw_vec(), seed.into());
Ok(pair.public())
},
@@ -137,11 +139,11 @@ impl crate::traits::BareCryptoStore for KeyStore {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<ed25519::Public, BareCryptoStoreError> {
+ ) -> Result<ed25519::Public, Error> {
match seed {
Some(seed) => {
let pair = ed25519::Pair::from_string(seed, None)
- .map_err(|_| BareCryptoStoreError::ValidationError("Generates an `ed25519` pair.".to_owned()))?;
+ .map_err(|_| Error::ValidationError("Generates an `ed25519` pair.".to_owned()))?;
self.keys.entry(id).or_default().insert(pair.public().to_raw_vec(), seed.into());
Ok(pair.public())
},
@@ -168,11 +170,11 @@ impl crate::traits::BareCryptoStore for KeyStore {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<ecdsa::Public, BareCryptoStoreError> {
+ ) -> Result<ecdsa::Public, Error> {
match seed {
Some(seed) => {
let pair = ecdsa::Pair::from_string(seed, None)
- .map_err(|_| BareCryptoStoreError::ValidationError("Generates an `ecdsa` pair.".to_owned()))?;
+ .map_err(|_| Error::ValidationError("Generates an `ecdsa` pair.".to_owned()))?;
self.keys.entry(id).or_default().insert(pair.public().to_raw_vec(), seed.into());
Ok(pair.public())
},
@@ -201,7 +203,7 @@ impl crate::traits::BareCryptoStore for KeyStore {
&self,
id: KeyTypeId,
keys: Vec<CryptoTypePublicPair>,
- ) -> std::result::Result<Vec<CryptoTypePublicPair>, BareCryptoStoreError> {
+ ) -> std::result::Result<Vec<CryptoTypePublicPair>, Error> {
let provided_keys = keys.into_iter().collect::<HashSet<_>>();
let all_keys = self.keys(id)?.into_iter().collect::<HashSet<_>>();
@@ -213,31 +215,48 @@ impl crate::traits::BareCryptoStore for KeyStore {
id: KeyTypeId,
key: &CryptoTypePublicPair,
msg: &[u8],
- ) -> Result<Vec<u8>, BareCryptoStoreError> {
+ ) -> Result<Vec<u8>, Error> {
use codec::Encode;
match key.0 {
ed25519::CRYPTO_ID => {
let key_pair: ed25519::Pair = self
.ed25519_key_pair(id, &ed25519::Public::from_slice(key.1.as_slice()))
- .ok_or(BareCryptoStoreError::PairNotFound("ed25519".to_owned()))?;
+ .ok_or(Error::PairNotFound("ed25519".to_owned()))?;
return Ok(key_pair.sign(msg).encode());
}
sr25519::CRYPTO_ID => {
let key_pair: sr25519::Pair = self
.sr25519_key_pair(id, &sr25519::Public::from_slice(key.1.as_slice()))
- .ok_or(BareCryptoStoreError::PairNotFound("sr25519".to_owned()))?;
+ .ok_or(Error::PairNotFound("sr25519".to_owned()))?;
return Ok(key_pair.sign(msg).encode());
}
ecdsa::CRYPTO_ID => {
let key_pair: ecdsa::Pair = self
.ecdsa_key_pair(id, &ecdsa::Public::from_slice(key.1.as_slice()))
- .ok_or(BareCryptoStoreError::PairNotFound("ecdsa".to_owned()))?;
+ .ok_or(Error::PairNotFound("ecdsa".to_owned()))?;
return Ok(key_pair.sign(msg).encode());
}
- _ => Err(BareCryptoStoreError::KeyNotSupported(id))
+ _ => Err(Error::KeyNotSupported(id))
}
}
+
+ fn sr25519_vrf_sign(
+ &self,
+ key_type: KeyTypeId,
+ public: &sr25519::Public,
+ transcript_data: VRFTranscriptData,
+ ) -> Result<VRFSignature, Error> {
+ let transcript = make_transcript(transcript_data);
+ let pair = self.sr25519_key_pair(key_type, public)
+ .ok_or(Error::PairNotFound("Not found".to_owned()))?;
+
+ let (inout, proof, _) = pair.as_ref().vrf_sign(transcript);
+ Ok(VRFSignature {
+ output: inout.to_output(),
+ proof,
+ })
+ }
}
/// Macro for exporting functions from wasm in with the expected signature for using it with the
@@ -372,6 +391,7 @@ mod tests {
use super::*;
use crate::sr25519;
use crate::testing::{ED25519, SR25519};
+ use crate::vrf::VRFTranscriptValue;
#[test]
fn store_key_and_extract() {
@@ -403,4 +423,42 @@ mod tests {
assert!(public_keys.contains(&key_pair.public().into()));
}
+
+ #[test]
+ fn vrf_sign() {
+ let store = KeyStore::new();
+
+ let secret_uri = "//Alice";
+ let key_pair = sr25519::Pair::from_string(secret_uri, None).expect("Generates key pair");
+
+ let transcript_data = VRFTranscriptData {
+ label: b"Test",
+ items: vec![
+ ("one", VRFTranscriptValue::U64(1)),
+ ("two", VRFTranscriptValue::U64(2)),
+ ("three", VRFTranscriptValue::Bytes("test".as_bytes())),
+ ]
+ };
+
+ let result = store.read().sr25519_vrf_sign(
+ SR25519,
+ &key_pair.public(),
+ transcript_data.clone(),
+ );
+ assert!(result.is_err());
+
+ store.write().insert_unknown(
+ SR25519,
+ secret_uri,
+ key_pair.public().as_ref(),
+ ).expect("Inserts unknown key");
+
+ let result = store.read().sr25519_vrf_sign(
+ SR25519,
+ &key_pair.public(),
+ transcript_data,
+ );
+
+ assert!(result.is_ok());
+ }
}
diff --git a/substrate/primitives/core/src/traits.rs b/substrate/primitives/core/src/traits.rs
index 0d5bc14fb4b..4481145818f 100644
--- a/substrate/primitives/core/src/traits.rs
+++ b/substrate/primitives/core/src/traits.rs
@@ -19,9 +19,9 @@
use crate::{
crypto::{KeyTypeId, CryptoTypePublicPair},
+ vrf::{VRFTranscriptData, VRFSignature},
ed25519, sr25519, ecdsa,
};
-
use std::{
borrow::Cow,
fmt::{Debug, Display},
@@ -33,7 +33,7 @@ pub use sp_externalities::{Externalities, ExternalitiesExt};
/// BareCryptoStore error
#[derive(Debug, derive_more::Display)]
-pub enum BareCryptoStoreError {
+pub enum Error {
/// Public key type is not supported
#[display(fmt="Key not supported: {:?}", _0)]
KeyNotSupported(KeyTypeId),
@@ -64,7 +64,7 @@ pub trait BareCryptoStore: Send + Sync {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<sr25519::Public, BareCryptoStoreError>;
+ ) -> Result<sr25519::Public, Error>;
/// Returns all ed25519 public keys for the given key type.
fn ed25519_public_keys(&self, id: KeyTypeId) -> Vec<ed25519::Public>;
/// Generate a new ed25519 key pair for the given key type and an optional seed.
@@ -76,7 +76,7 @@ pub trait BareCryptoStore: Send + Sync {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<ed25519::Public, BareCryptoStoreError>;
+ ) -> Result<ed25519::Public, Error>;
/// Returns all ecdsa public keys for the given key type.
fn ecdsa_public_keys(&self, id: KeyTypeId) -> Vec<ecdsa::Public>;
/// Generate a new ecdsa key pair for the given key type and an optional seed.
@@ -88,7 +88,7 @@ pub trait BareCryptoStore: Send + Sync {
&mut self,
id: KeyTypeId,
seed: Option<&str>,
- ) -> Result<ecdsa::Public, BareCryptoStoreError>;
+ ) -> Result<ecdsa::Public, Error>;
/// Insert a new key. This doesn't require any known of the crypto; but a public key must be
/// manually provided.
@@ -108,11 +108,11 @@ pub trait BareCryptoStore: Send + Sync {
&self,
id: KeyTypeId,
keys: Vec<CryptoTypePublicPair>
- ) -> Result<Vec<CryptoTypePublicPair>, BareCryptoStoreError>;
+ ) -> Result<Vec<CryptoTypePublicPair>, Error>;
/// List all supported keys
///
/// Returns a set of public keys the signer supports.
- fn keys(&self, id: KeyTypeId) -> Result<Vec<CryptoTypePublicPair>, BareCryptoStoreError>;
+ fn keys(&self, id: KeyTypeId) -> Result<Vec<CryptoTypePublicPair>, Error>;
/// Checks if the private keys for the given public key and key type combinations exist.
///
@@ -131,7 +131,7 @@ pub trait BareCryptoStore: Send + Sync {
id: KeyTypeId,
key: &CryptoTypePublicPair,
msg: &[u8],
- ) -> Result<Vec<u8>, BareCryptoStoreError>;
+ ) -> Result<Vec<u8>, Error>;
/// Sign with any key
///
@@ -144,7 +144,7 @@ pub trait BareCryptoStore: Send + Sync {
id: KeyTypeId,
keys: Vec<CryptoTypePublicPair>,
msg: &[u8]
- ) -> Result<(CryptoTypePublicPair, Vec<u8>), BareCryptoStoreError> {
+ ) -> Result<(CryptoTypePublicPair, Vec<u8>), Error> {
if keys.len() == 1 {
return self.sign_with(id, &keys[0], msg).map(|s| (keys[0].clone(), s));
} else {
@@ -154,7 +154,7 @@ pub trait BareCryptoStore: Send + Sync {
}
}
}
- Err(BareCryptoStoreError::KeyNotSupported(id))
+ Err(Error::KeyNotSupported(id))
}
/// Sign with all keys
@@ -163,15 +163,36 @@ pub trait BareCryptoStore: Send + Sync {
/// each key given that the key is supported.
///
/// Returns a list of `Result`s each representing the SCALE encoded
- /// signature of each key or a BareCryptoStoreError for non-supported keys.
+ /// signature of each key or a Error for non-supported keys.
fn sign_with_all(
&self,
id: KeyTypeId,
keys: Vec<CryptoTypePublicPair>,
msg: &[u8],
- ) -> Result<Vec<Result<Vec<u8>, BareCryptoStoreError>>, ()>{
+ ) -> Result<Vec<Result<Vec<u8>, Error>>, ()>{
Ok(keys.iter().map(|k| self.sign_with(id, k, msg)).collect())
}
+
+ /// Generate VRF signature for given transcript data.
+ ///
+ /// Receives KeyTypeId and Public key to be able to map
+ /// them to a private key that exists in the keystore which
+ /// is, in turn, used for signing the provided transcript.
+ ///
+ /// Returns a result containing the signature data.
+ /// Namely, VRFOutput and VRFProof which are returned
+ /// inside the `VRFSignature` container struct.
+ ///
+ /// This function will return an error in the cases where
+ /// the public key and key type provided do not match a private
+ /// key in the keystore. Or, in the context of remote signing
+ /// an error could be a network one.
+ fn sr25519_vrf_sign(
+ &self,
+ key_type: KeyTypeId,
+ public: &sr25519::Public,
+ transcript_data: VRFTranscriptData,
+ ) -> Result<VRFSignature, Error>;
}
/// A pointer to the key store.
diff --git a/substrate/primitives/core/src/vrf.rs b/substrate/primitives/core/src/vrf.rs
new file mode 100644
index 00000000000..d392587cb72
--- /dev/null
+++ b/substrate/primitives/core/src/vrf.rs
@@ -0,0 +1,99 @@
+// This file is part of Substrate.
+
+// Copyright (C) 2019-2020 Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! VRF-specifc data types and helpers
+
+use codec::Encode;
+use merlin::Transcript;
+use schnorrkel::vrf::{VRFOutput, VRFProof};
+/// An enum whose variants represent possible
+/// accepted values to construct the VRF transcript
+#[derive(Clone, Encode)]
+pub enum VRFTranscriptValue<'a> {
+ /// Value is an array of bytes
+ Bytes(&'a [u8]),
+ /// Value is a u64 integer
+ U64(u64),
+}
+/// VRF Transcript data
+#[derive(Clone, Encode)]
+pub struct VRFTranscriptData<'a> {
+ /// The transcript's label
+ pub label: &'static [u8],
+ /// Additional data to be registered into the transcript
+ pub items: Vec<(&'static str, VRFTranscriptValue<'a>)>,
+}
+/// VRF signature data
+pub struct VRFSignature {
+ /// The VRFOutput serialized
+ pub output: VRFOutput,
+ /// The calculated VRFProof
+ pub proof: VRFProof,
+}
+
+/// Construct a `Transcript` object from data.
+///
+/// Returns `merlin::Transcript`
+pub fn make_transcript(data: VRFTranscriptData) -> Transcript {
+ let mut transcript = Transcript::new(data.label);
+ for (label, value) in data.items.into_iter() {
+ match value {
+ VRFTranscriptValue::Bytes(bytes) => {
+ transcript.append_message(label.as_bytes(), &bytes);
+ },
+ VRFTranscriptValue::U64(val) => {
+ transcript.append_u64(label.as_bytes(), val);
+ }
+ }
+ }
+ transcript
+}
+
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use crate::vrf::VRFTranscriptValue;
+ use rand::RngCore;
+ use rand_chacha::{
+ rand_core::SeedableRng,
+ ChaChaRng,
+ };
+
+ #[test]
+ fn transcript_creation_matches() {
+ let mut orig_transcript = Transcript::new(b"My label");
+ orig_transcript.append_u64(b"one", 1);
+ orig_transcript.append_message(b"two", "test".as_bytes());
+
+ let new_transcript = make_transcript(VRFTranscriptData {
+ label: b"My label",
+ items: vec![
+ ("one", VRFTranscriptValue::U64(1)),
+ ("two", VRFTranscriptValue::Bytes("test".as_bytes())),
+ ],
+ });
+ let test = |t: Transcript| -> [u8; 16] {
+ let mut b = [0u8; 16];
+ t.build_rng()
+ .finalize(&mut ChaChaRng::from_seed([0u8;32]))
+ .fill_bytes(&mut b);
+ b
+ };
+ debug_assert!(test(orig_transcript) == test(new_transcript));
+ }
+}
--
GitLab