Skip to content

Commit

Permalink
Keystore overhaul (final) (paritytech#13683)
Browse files Browse the repository at this point in the history
* Introduce keystore specialized sign methods

* Get rid of 'AppKey::UntypedGeneric' associated type.

Untyped generics are accessible using associated types 'Generic' associated type.
I.e. <T as AppKey>::Public::Generic

* Get rid of 'CryptoTypePublicPair'

* Trivial fix

* Small refactory of local keystore implementations

* Remove 'crypto_id' method from 'Public'

* Trivial rename of 'AppKey' to 'AppCrypto'

* Remove unused import

* Improve docs

* Better signature related errors for authority-discovery

* Apply review suggestion

* Apply review suggestions

Co-authored-by: Koute <koute@users.noreply.github.com>

* Authority discoverty signing error revisited

* Signing error revisited for babe and aura as well

* Further cleanup

---------

Co-authored-by: Koute <koute@users.noreply.github.com>
  • Loading branch information
2 people authored and breathx committed Apr 22, 2023
1 parent 77468db commit 6b424c7
Show file tree
Hide file tree
Showing 27 changed files with 478 additions and 542 deletions.
12 changes: 3 additions & 9 deletions bin/node/cli/src/service.rs
Original file line number Diff line number Diff line change
Expand Up @@ -592,7 +592,7 @@ mod tests {
use sc_service_test::TestNetNode;
use sc_transaction_pool_api::{ChainEvent, MaintainedTransactionPool};
use sp_consensus::{BlockOrigin, Environment, Proposer};
use sp_core::{crypto::Pair as CryptoPair, Public};
use sp_core::crypto::Pair;
use sp_inherents::InherentDataProvider;
use sp_keyring::AccountKeyring;
use sp_keystore::KeystorePtr;
Expand Down Expand Up @@ -737,16 +737,10 @@ mod tests {
// add it to a digest item.
let to_sign = pre_hash.encode();
let signature = keystore
.sign_with(
sp_consensus_babe::AuthorityId::ID,
&alice.to_public_crypto_pair(),
&to_sign,
)
.unwrap()
.sr25519_sign(sp_consensus_babe::AuthorityId::ID, alice.as_ref(), &to_sign)
.unwrap()
.try_into()
.unwrap();
let item = <DigestItem as CompatibleDigestItem>::babe_seal(signature);
let item = <DigestItem as CompatibleDigestItem>::babe_seal(signature.into());
slot += 1;

let mut params = BlockImportParams::new(BlockOrigin::File, new_header);
Expand Down
2 changes: 1 addition & 1 deletion bin/node/executor/tests/submit_transaction.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
use codec::Decode;
use frame_system::offchain::{SendSignedTransaction, Signer, SubmitTransaction};
use kitchensink_runtime::{Executive, Indices, Runtime, UncheckedExtrinsic};
use sp_application_crypto::AppKey;
use sp_application_crypto::AppCrypto;
use sp_core::offchain::{testing::TestTransactionPoolExt, TransactionPoolExt};
use sp_keyring::sr25519::Keyring::Alice;
use sp_keystore::{testing::MemoryKeystore, Keystore, KeystoreExt};
Expand Down
9 changes: 2 additions & 7 deletions client/authority-discovery/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@

//! Authority discovery errors.
use sp_core::crypto::CryptoTypePublicPair;

/// AuthorityDiscovery Result.
pub type Result<T> = std::result::Result<T, Error>;

Expand Down Expand Up @@ -60,11 +58,8 @@ pub enum Error {
#[error("Failed to parse a libp2p key.")]
ParsingLibp2pIdentity(#[from] libp2p::identity::error::DecodingError),

#[error("Failed to sign using a specific public key.")]
MissingSignature(CryptoTypePublicPair),

#[error("Failed to sign using all public keys.")]
Signing,
#[error("Failed to sign: {0}.")]
CannotSign(String),

#[error("Failed to register Prometheus metric.")]
Prometheus(#[from] prometheus_endpoint::PrometheusError),
Expand Down
27 changes: 16 additions & 11 deletions client/authority-discovery/src/worker.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ use std::{
use futures::{channel::mpsc, future, stream::Fuse, FutureExt, Stream, StreamExt};

use addr_cache::AddrCache;
use codec::Decode;
use codec::{Decode, Encode};
use ip_network::IpNetwork;
use libp2p::{
core::multiaddr,
Expand All @@ -43,6 +43,7 @@ use log::{debug, error, log_enabled};
use prometheus_endpoint::{register, Counter, CounterVec, Gauge, Opts, U64};
use prost::Message;
use rand::{seq::SliceRandom, thread_rng};

use sc_network::{
event::DhtEvent, KademliaKey, NetworkDHTProvider, NetworkSigner, NetworkStateInfo, Signature,
};
Expand All @@ -51,8 +52,7 @@ use sp_authority_discovery::{
AuthorityDiscoveryApi, AuthorityId, AuthorityPair, AuthoritySignature,
};
use sp_blockchain::HeaderBackend;

use sp_core::crypto::{key_types, CryptoTypePublicPair, Pair};
use sp_core::crypto::{key_types, ByteArray, Pair};
use sp_keystore::{Keystore, KeystorePtr};
use sp_runtime::traits::Block as BlockT;

Expand Down Expand Up @@ -127,7 +127,7 @@ pub struct Worker<Client, Network, Block, DhtEventStream> {
publish_if_changed_interval: ExpIncInterval,
/// List of keys onto which addresses have been published at the latest publication.
/// Used to check whether they have changed.
latest_published_keys: HashSet<CryptoTypePublicPair>,
latest_published_keys: HashSet<AuthorityId>,
/// Same value as in the configuration.
publish_non_global_ips: bool,
/// Same value as in the configuration.
Expand Down Expand Up @@ -346,7 +346,7 @@ where
let keys = Worker::<Client, Network, Block, DhtEventStream>::get_own_public_keys_within_authority_set(
key_store.clone(),
self.client.as_ref(),
).await?.into_iter().map(Into::into).collect::<HashSet<_>>();
).await?.into_iter().collect::<HashSet<_>>();

if only_if_changed && keys == self.latest_published_keys {
return Ok(())
Expand Down Expand Up @@ -661,7 +661,7 @@ fn sign_record_with_peer_id(
) -> Result<schema::PeerSignature> {
let signature = network
.sign_with_local_identity(serialized_record)
.map_err(|_| Error::Signing)?;
.map_err(|e| Error::CannotSign(format!("{} (network packet)", e)))?;
let public_key = signature.public_key.to_protobuf_encoding();
let signature = signature.bytes;
Ok(schema::PeerSignature { signature, public_key })
Expand All @@ -671,15 +671,20 @@ fn sign_record_with_authority_ids(
serialized_record: Vec<u8>,
peer_signature: Option<schema::PeerSignature>,
key_store: &dyn Keystore,
keys: Vec<CryptoTypePublicPair>,
keys: Vec<AuthorityId>,
) -> Result<Vec<(KademliaKey, Vec<u8>)>> {
let mut result = Vec::with_capacity(keys.len());

for key in keys.iter() {
let auth_signature = key_store
.sign_with(key_types::AUTHORITY_DISCOVERY, key, &serialized_record)
.map_err(|_| Error::Signing)?
.ok_or_else(|| Error::MissingSignature(key.clone()))?;
.sr25519_sign(key_types::AUTHORITY_DISCOVERY, key.as_ref(), &serialized_record)
.map_err(|e| Error::CannotSign(format!("{}. Key: {:?}", e, key)))?
.ok_or_else(|| {
Error::CannotSign(format!("Could not find key in keystore. Key: {:?}", key))
})?;

// Scale encode
let auth_signature = auth_signature.encode();

let signed_record = schema::SignedAuthorityRecord {
record: serialized_record.clone(),
Expand All @@ -688,7 +693,7 @@ fn sign_record_with_authority_ids(
}
.encode_to_vec();

result.push((hash_authority_id(&key.1), signed_record));
result.push((hash_authority_id(key.as_slice()), signed_record));
}

Ok(result)
Expand Down
59 changes: 28 additions & 31 deletions client/consensus/aura/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ use sc_consensus_slots::{
};
use sc_telemetry::TelemetryHandle;
use sp_api::{Core, ProvideRuntimeApi};
use sp_application_crypto::{AppKey, AppPublic};
use sp_application_crypto::{AppCrypto, AppPublic};
use sp_blockchain::{HeaderBackend, Result as CResult};
use sp_consensus::{BlockOrigin, Environment, Error as ConsensusError, Proposer, SelectChain};
use sp_consensus_slots::Slot;
Expand Down Expand Up @@ -205,7 +205,7 @@ pub fn start_aura<P, B, C, SC, I, PF, SO, L, CIDP, BS, Error>(
telemetry,
compatibility_mode,
}: StartAuraParams<C, SC, I, PF, SO, L, CIDP, BS, NumberFor<B>>,
) -> Result<impl Future<Output = ()>, sp_consensus::Error>
) -> Result<impl Future<Output = ()>, ConsensusError>
where
P: Pair + Send + Sync,
P::Public: AppPublic + Hash + Member + Encode + Decode,
Expand All @@ -222,7 +222,7 @@ where
CIDP: CreateInherentDataProviders<B, ()> + Send + 'static,
CIDP::InherentDataProviders: InherentDataProviderExt + Send,
BS: BackoffAuthoringBlocksStrategy<NumberFor<B>> + Send + Sync + 'static,
Error: std::error::Error + Send + From<sp_consensus::Error> + 'static,
Error: std::error::Error + Send + From<ConsensusError> + 'static,
{
let worker = build_aura_worker::<P, _, _, _, _, _, _, _, _>(BuildAuraWorkerParams {
client,
Expand Down Expand Up @@ -320,7 +320,7 @@ where
P::Public: AppPublic + Hash + Member + Encode + Decode,
P::Signature: TryFrom<Vec<u8>> + Hash + Member + Encode + Decode,
I: BlockImport<B, Transaction = sp_api::TransactionFor<C, B>> + Send + Sync + 'static,
Error: std::error::Error + Send + From<sp_consensus::Error> + 'static,
Error: std::error::Error + Send + From<ConsensusError> + 'static,
SO: SyncOracle + Send + Sync + Clone,
L: sc_consensus::JustificationSyncLink<B>,
BS: BackoffAuthoringBlocksStrategy<NumberFor<B>> + Send + Sync + 'static,
Expand Down Expand Up @@ -374,13 +374,13 @@ where
SO: SyncOracle + Send + Clone + Sync,
L: sc_consensus::JustificationSyncLink<B>,
BS: BackoffAuthoringBlocksStrategy<NumberFor<B>> + Send + Sync + 'static,
Error: std::error::Error + Send + From<sp_consensus::Error> + 'static,
Error: std::error::Error + Send + From<ConsensusError> + 'static,
{
type BlockImport = I;
type SyncOracle = SO;
type JustificationSyncLink = L;
type CreateProposer =
Pin<Box<dyn Future<Output = Result<E::Proposer, sp_consensus::Error>> + Send + 'static>>;
Pin<Box<dyn Future<Output = Result<E::Proposer, ConsensusError>> + Send + 'static>>;
type Proposer = E::Proposer;
type Claim = P::Public;
type AuxData = Vec<AuthorityId<P>>;
Expand All @@ -393,11 +393,7 @@ where
&mut self.block_import
}

fn aux_data(
&self,
header: &B::Header,
_slot: Slot,
) -> Result<Self::AuxData, sp_consensus::Error> {
fn aux_data(&self, header: &B::Header, _slot: Slot) -> Result<Self::AuxData, ConsensusError> {
authorities(
self.client.as_ref(),
header.hash(),
Expand All @@ -406,17 +402,17 @@ where
)
}

fn authorities_len(&self, epoch_data: &Self::AuxData) -> Option<usize> {
Some(epoch_data.len())
fn authorities_len(&self, authorities: &Self::AuxData) -> Option<usize> {
Some(authorities.len())
}

async fn claim_slot(
&self,
_header: &B::Header,
slot: Slot,
epoch_data: &Self::AuxData,
authorities: &Self::AuxData,
) -> Option<Self::Claim> {
let expected_author = slot_author::<P>(slot, epoch_data);
let expected_author = slot_author::<P>(slot, authorities);
expected_author.and_then(|p| {
if self
.keystore
Expand All @@ -440,29 +436,30 @@ where
body: Vec<B::Extrinsic>,
storage_changes: StorageChanges<<Self::BlockImport as BlockImport<B>>::Transaction, B>,
public: Self::Claim,
_epoch: Self::AuxData,
_authorities: Self::AuxData,
) -> Result<
sc_consensus::BlockImportParams<B, <Self::BlockImport as BlockImport<B>>::Transaction>,
sp_consensus::Error,
ConsensusError,
> {
// sign the pre-sealed hash of the block and then
// add it to a digest item.
let public_type_pair = public.to_public_crypto_pair();
let public = public.to_raw_vec();
let signature = self
.keystore
.sign_with(<AuthorityId<P> as AppKey>::ID, &public_type_pair, header_hash.as_ref())
.map_err(|e| sp_consensus::Error::CannotSign(public.clone(), e.to_string()))?
.sign_with(
<AuthorityId<P> as AppCrypto>::ID,
<AuthorityId<P> as AppCrypto>::CRYPTO_ID,
public.as_slice(),
header_hash.as_ref(),
)
.map_err(|e| ConsensusError::CannotSign(format!("{}. Key: {:?}", e, public)))?
.ok_or_else(|| {
sp_consensus::Error::CannotSign(
public.clone(),
"Could not find key in keystore.".into(),
)
ConsensusError::CannotSign(format!(
"Could not find key in keystore. Key: {:?}",
public
))
})?;
let signature = signature
.clone()
.try_into()
.map_err(|_| sp_consensus::Error::InvalidSignature(signature, public))?;
.map_err(|_| ConsensusError::InvalidSignature(signature, public.to_raw_vec()))?;

let signature_digest_item =
<DigestItem as CompatibleDigestItem<P::Signature>>::aura_seal(signature);
Expand Down Expand Up @@ -507,7 +504,7 @@ where
fn proposer(&mut self, block: &B::Header) -> Self::CreateProposer {
self.env
.init(block)
.map_err(|e| sp_consensus::Error::ClientImport(format!("{:?}", e)))
.map_err(|e| ConsensusError::ClientImport(format!("{:?}", e)))
.boxed()
}

Expand Down Expand Up @@ -620,14 +617,14 @@ where
Default::default(),
),
)
.map_err(|_| sp_consensus::Error::InvalidAuthoritiesSet)?;
.map_err(|_| ConsensusError::InvalidAuthoritiesSet)?;
},
}

runtime_api
.authorities(parent_hash)
.ok()
.ok_or(sp_consensus::Error::InvalidAuthoritiesSet)
.ok_or(ConsensusError::InvalidAuthoritiesSet)
}

#[cfg(test)]
Expand Down
2 changes: 1 addition & 1 deletion client/consensus/babe/rpc/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ use sc_consensus_epochs::{descendent_query, Epoch as EpochT, SharedEpochChanges}
use sc_rpc_api::DenyUnsafe;
use serde::{Deserialize, Serialize};
use sp_api::ProvideRuntimeApi;
use sp_application_crypto::AppKey;
use sp_application_crypto::AppCrypto;
use sp_blockchain::{Error as BlockChainError, HeaderBackend, HeaderMetadata};
use sp_consensus::{Error as ConsensusError, SelectChain};
use sp_consensus_babe::{
Expand Down
2 changes: 1 addition & 1 deletion client/consensus/babe/src/authorship.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use super::Epoch;
use codec::Encode;
use sc_consensus_epochs::Epoch as EpochT;
use schnorrkel::{keys::PublicKey, vrf::VRFInOut};
use sp_application_crypto::AppKey;
use sp_application_crypto::AppCrypto;
use sp_consensus_babe::{
digests::{PreDigest, PrimaryPreDigest, SecondaryPlainPreDigest, SecondaryVRFPreDigest},
make_transcript, make_transcript_data, AuthorityId, BabeAuthorityWeight, Slot, BABE_VRF_PREFIX,
Expand Down
Loading

0 comments on commit 6b424c7

Please sign in to comment.