add simplex pkg and bls structs

Author: samliok

simplex/bls.go

@@ -0,0 +1,127 @@
+// Copyright (C) 2019-2024, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+
+package simplex
+
+import (
+	"encoding/asn1"
+	"errors"
+	"fmt"
+
+	"github.com/ava-labs/avalanchego/ids"
+	"github.com/ava-labs/avalanchego/utils/crypto/bls"
+	"github.com/ava-labs/simplex"
+)
+
+var (
+	errSignatureVerificationFailed = errors.New("signature verification failed")
+	errSignerNotFound              = errors.New("signer not found in the membership set")
+)
+
+var _ simplex.Signer = (*BLSSigner)(nil)
+
+type SignFunc func(msg []byte) (*bls.Signature, error)
+
+// BLSSigner signs messages encoded with the provided ChainID and NetworkID
+// using the SignBLS function.
+type BLSSigner struct {
+	chainID  ids.ID
+	subnetID ids.ID
+	// signBLS is passed in because we support both software and hardware BLS signing.
+	signBLS SignFunc
+	nodeID  ids.NodeID
+}
+
+type BLSVerifier struct {
+	nodeID2PK map[ids.NodeID]bls.PublicKey
+	subnetID  ids.ID
+	chainID   ids.ID
+}
+
+func NewBLSAuth(config *Config) (BLSSigner, BLSVerifier) {
+	return BLSSigner{
+		chainID:  config.Ctx.ChainID,
+		subnetID: config.Ctx.SubnetID,
+		nodeID:   config.Ctx.NodeID,
+		signBLS:  config.SignBLS,
+	}, createVerifier(config)
+}
+
+// Sign returns a signature on the given message using BLS signature scheme.
+// It encodes the message to sign with the chain ID, and subnet ID,
+func (s *BLSSigner) Sign(message []byte) ([]byte, error) {
+	message2Sign, err := encodeMessageToSign(message, s.chainID, s.subnetID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to encode message to sign: %w", err)
+	}
+
+	sig, err := s.signBLS(message2Sign)
+	if err != nil {
+		return nil, err
+	}
+
+	sigBytes := bls.SignatureToBytes(sig)
+	return sigBytes, nil
+}
+
+type encodedSimplexMessage struct {
+	Message  []byte
+	ChainID  []byte
+	SubnetID []byte
+}
+
+// encodesMessageToSign returns a byte slice [simplexLabel][chainID][networkID][message length][message].
+func encodeMessageToSign(message []byte, chainID ids.ID, subnetID ids.ID) ([]byte, error) {
+	encodedSimplexMessage := encodedSimplexMessage{
+		Message:  message,
+		ChainID:  chainID[:],
+		SubnetID: subnetID[:],
+	}
+	return asn1.Marshal(encodedSimplexMessage)
+}
+
+func (v BLSVerifier) Verify(message []byte, signature []byte, signer simplex.NodeID) error {
+	if len(signer) != ids.NodeIDLen {
+		return fmt.Errorf("expected signer to be %d bytes but got %d bytes", ids.NodeIDLen, len(signer))
+	}
+
+	key := ids.NodeID(signer)
+	pk, exists := v.nodeID2PK[key]
+	if !exists {
+		return fmt.Errorf("%w: signer %x", errSignerNotFound, key)
+	}
+
+	sig, err := bls.SignatureFromBytes(signature)
+	if err != nil {
+		return fmt.Errorf("failed to parse signature: %w", err)
+	}
+
+	message2Verify, err := encodeMessageToSign(message, v.chainID, v.subnetID)
+	if err != nil {
+		return fmt.Errorf("failed to encode message to verify: %w", err)
+	}
+
+	if !bls.Verify(&pk, sig, message2Verify) {
+		return errSignatureVerificationFailed
+	}
+
+	return nil
+}
+
+func createVerifier(config *Config) BLSVerifier {
+	verifier := BLSVerifier{
+		nodeID2PK: make(map[ids.NodeID]bls.PublicKey),
+		subnetID:  config.Ctx.SubnetID,
+		chainID:   config.Ctx.ChainID,
+	}
+
+	nodes := config.Validators.GetValidatorIDs(config.Ctx.SubnetID)
+	for _, node := range nodes {
+		validator, ok := config.Validators.GetValidator(config.Ctx.SubnetID, node)
+		if !ok {
+			continue
+		}
+		verifier.nodeID2PK[node] = *validator.PublicKey
+	}
+	return verifier
+}

simplex/bls_test.go

@@ -0,0 +1,133 @@
+// Copyright (C) 2019-2024, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+
+package simplex
+
+import (
+	"testing"
+
+	"github.com/ava-labs/avalanchego/ids"
+	"github.com/ava-labs/avalanchego/snow/validators"
+	"github.com/ava-labs/avalanchego/utils/crypto/bls"
+	"github.com/ava-labs/avalanchego/utils/crypto/bls/signer/localsigner"
+	"github.com/stretchr/testify/require"
+)
+
+var _ ValidatorInfo = (*testValidatorInfo)(nil)
+
+// testValidatorInfo is a mock implementation of ValidatorInfo for testing purposes.
+// it assumes all validators are in the same subnet and returns all of them for any subnetID.
+type testValidatorInfo struct {
+	validators map[ids.NodeID]validators.Validator
+}
+
+func (v *testValidatorInfo) GetValidatorIDs(_ ids.ID) []ids.NodeID {
+	if v.validators == nil {
+		return nil
+	}
+
+	ids := make([]ids.NodeID, 0, len(v.validators))
+	for id := range v.validators {
+		ids = append(ids, id)
+	}
+	return ids
+}
+
+func (v *testValidatorInfo) GetValidator(_ ids.ID, nodeID ids.NodeID) (*validators.Validator, bool) {
+	if v.validators == nil {
+		return nil, false
+	}
+
+	val, exists := v.validators[nodeID]
+	if !exists {
+		return nil, false
+	}
+	return &val, true
+}
+
+func newTestValidatorInfo(nodeIds []ids.NodeID, pks []*bls.PublicKey) *testValidatorInfo {
+	if len(nodeIds) != len(pks) {
+		panic("nodeIds and pks must have the same length")
+	}
+
+	vds := make(map[ids.NodeID]validators.Validator, len(pks))
+	for i, pk := range pks {
+		validator := validators.Validator{
+			PublicKey: pk,
+			NodeID:    nodeIds[i],
+		}
+		vds[nodeIds[i]] = validator
+	}
+	// all we need is to generate the public keys for the validators
+	return &testValidatorInfo{
+		validators: vds,
+	}
+}
+
+func newEngineConfig(ls *localsigner.LocalSigner) *Config {
+	nodeID := ids.GenerateTestNodeID()
+
+	simplexChainContext := SimplexChainContext{
+		NodeID:   nodeID,
+		ChainID:  ids.GenerateTestID(),
+		SubnetID: ids.GenerateTestID(),
+	}
+
+	return &Config{
+		Ctx:        simplexChainContext,
+		Validators: newTestValidatorInfo([]ids.NodeID{nodeID}, []*bls.PublicKey{ls.PublicKey()}),
+		SignBLS:    ls.Sign,
+	}
+}
+
+func TestBLSSignVerify(t *testing.T) {
+	ls, err := localsigner.New()
+	require.NoError(t, err)
+
+	config := newEngineConfig(ls)
+
+	signer, verifier := NewBLSAuth(config)
+
+	msg := "Begin at the beginning, and go on till you come to the end: then stop"
+
+	sig, err := signer.Sign([]byte(msg))
+	require.NoError(t, err)
+
+	err = verifier.Verify([]byte(msg), sig, signer.nodeID[:])
+	require.NoError(t, err)
+}
+
+func TestSignerNotInMemberSet(t *testing.T) {
+	ls, err := localsigner.New()
+	require.NoError(t, err)
+
+	config := newEngineConfig(ls)
+	signer, verifier := NewBLSAuth(config)
+
+	msg := "Begin at the beginning, and go on till you come to the end: then stop"
+
+	sig, err := signer.Sign([]byte(msg))
+	require.NoError(t, err)
+
+	notInMembershipSet := ids.GenerateTestNodeID()
+	err = verifier.Verify([]byte(msg), sig, notInMembershipSet[:])
+	require.ErrorIs(t, err, errSignerNotFound)
+}
+
+func TestSignerInvalidMessageEncoding(t *testing.T) {
+	ls, err := localsigner.New()
+	require.NoError(t, err)
+
+	config := newEngineConfig(ls)
+
+	// sign a message with invalid encoding
+	dummyMsg := []byte("dummy message")
+	sig, err := ls.Sign(dummyMsg)
+	require.NoError(t, err)
+
+	sigBytes := bls.SignatureToBytes(sig)
+
+	_, verifier := NewBLSAuth(config)
+	err = verifier.Verify(dummyMsg, sigBytes, config.Ctx.NodeID[:])
+	require.ErrorIs(t, err, errSignatureVerificationFailed)
+}

simplex/config.go

@@ -0,0 +1,33 @@
+// Copyright (C) 2019-2025, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+
+package simplex
+
+import (
+	"github.com/ava-labs/avalanchego/ids"
+	"github.com/ava-labs/avalanchego/snow/validators"
+	"github.com/ava-labs/avalanchego/utils/logging"
+)
+
+type ValidatorInfo interface {
+	GetValidatorIDs(subnetID ids.ID) []ids.NodeID
+	GetValidator(subnetID ids.ID, nodeID ids.NodeID) (*validators.Validator, bool)
+}
+
+// Config wraps all the parameters needed for a simplex engine
+type Config struct {
+	Ctx        SimplexChainContext
+	Log        logging.Logger
+	Validators ValidatorInfo
+	SignBLS    SignFunc
+}
+
+// Context is information about the current execution.
+// [SubnitID] is the ID of the subnet this context exists within.
+// [ChainID] is the ID of the chain this context exists within.
+// [NodeID] is the ID of this node
+type SimplexChainContext struct {
+	NodeID   ids.NodeID
+	ChainID  ids.ID
+	SubnetID ids.ID
+}