From a55cd286a82f137c0c3984edf61eb00c9fa959eb Mon Sep 17 00:00:00 2001 From: drskalman <35698397+drskalman@users.noreply.github.com> Date: Wed, 24 Jul 2024 05:35:58 -0400 Subject: [PATCH] Migrate BEEFY BLS crypto to bls12-381 curve (#4931) We are definitely going to use BLS12-381 for BEEFY and it is hard coded in JAM's spec. This PR implements missing tests for bls12-381 crypto, migrate BEEFY BLS crypto to bls12-381 and adapt the BEEFY primitive tests accordingly. --------- Co-authored-by: Davide Galassi --- .../client/consensus/beefy/src/keystore.rs | 22 +- substrate/client/keystore/src/local.rs | 56 +--- .../application-crypto/src/bls377.rs | 55 ---- .../application-crypto/src/bls381.rs | 30 ++ .../src/{ecdsa_bls377.rs => ecdsa_bls381.rs} | 8 +- .../primitives/application-crypto/src/lib.rs | 4 +- .../consensus/beefy/src/commitment.rs | 2 +- .../primitives/consensus/beefy/src/lib.rs | 12 +- .../primitives/consensus/beefy/src/witness.rs | 8 +- substrate/primitives/core/src/bls.rs | 308 +++++++++++++----- substrate/primitives/core/src/lib.rs | 2 +- .../primitives/core/src/paired_crypto.rs | 100 ++++++ substrate/primitives/core/src/testing.rs | 2 + substrate/primitives/io/src/lib.rs | 20 +- substrate/primitives/keystore/src/lib.rs | 137 +++----- substrate/primitives/keystore/src/testing.rs | 62 ++-- 16 files changed, 460 insertions(+), 368 deletions(-) delete mode 100644 substrate/primitives/application-crypto/src/bls377.rs rename substrate/primitives/application-crypto/src/{ecdsa_bls377.rs => ecdsa_bls381.rs} (87%) diff --git a/substrate/client/consensus/beefy/src/keystore.rs b/substrate/client/consensus/beefy/src/keystore.rs index 8daf3440c7d2c..888a11db89cbe 100644 --- a/substrate/client/consensus/beefy/src/keystore.rs +++ b/substrate/client/consensus/beefy/src/keystore.rs @@ -20,7 +20,7 @@ use log::warn; use sp_application_crypto::{key_types::BEEFY as BEEFY_KEY_TYPE, AppCrypto, RuntimeAppPublic}; #[cfg(feature = "bls-experimental")] -use sp_core::ecdsa_bls377; +use sp_core::ecdsa_bls381; use sp_core::{ecdsa, keccak_256}; use sp_keystore::KeystorePtr; @@ -100,13 +100,13 @@ impl BeefyKeystore { }, #[cfg(feature = "bls-experimental")] - ecdsa_bls377::CRYPTO_ID => { - let public: ecdsa_bls377::Public = - ecdsa_bls377::Public::try_from(public.as_slice()).unwrap(); + ecdsa_bls381::CRYPTO_ID => { + let public: ecdsa_bls381::Public = + ecdsa_bls381::Public::try_from(public.as_slice()).unwrap(); let sig = store - .ecdsa_bls377_sign_with_keccak256(BEEFY_KEY_TYPE, &public, &message) + .ecdsa_bls381_sign_with_keccak256(BEEFY_KEY_TYPE, &public, &message) .map_err(|e| error::Error::Keystore(e.to_string()))? - .ok_or_else(|| error::Error::Signature("bls377_sign() failed".to_string()))?; + .ok_or_else(|| error::Error::Signature("bls381_sign() failed".to_string()))?; let sig_ref: &[u8] = sig.as_ref(); sig_ref.to_vec() }, @@ -146,8 +146,8 @@ impl BeefyKeystore { }), #[cfg(feature = "bls-experimental")] - ecdsa_bls377::CRYPTO_ID => store - .ecdsa_bls377_public_keys(BEEFY_KEY_TYPE) + ecdsa_bls381::CRYPTO_ID => store + .ecdsa_bls381_public_keys(BEEFY_KEY_TYPE) .drain(..) .map(|pk| AuthorityId::try_from(pk.as_ref())) .collect::, _>>() @@ -254,9 +254,9 @@ pub mod tests { AuthorityId::decode(&mut pk.as_ref()).unwrap() }, #[cfg(feature = "bls-experimental")] - ecdsa_bls377::CRYPTO_ID => { + ecdsa_bls381::CRYPTO_ID => { let pk = store - .ecdsa_bls377_generate_new(key_type, optional_seed.as_deref()) + .ecdsa_bls381_generate_new(key_type, optional_seed.as_deref()) .ok() .unwrap(); AuthorityId::decode(&mut pk.as_ref()).unwrap() @@ -452,7 +452,7 @@ pub mod tests { #[cfg(feature = "bls-experimental")] #[test] fn sign_error_for_ecdsa_n_bls() { - sign_error::("bls377_sign() failed"); + sign_error::("bls381_sign() failed"); } #[test] diff --git a/substrate/client/keystore/src/local.rs b/substrate/client/keystore/src/local.rs index 8b922c11cbca9..91c52bfcd50a0 100644 --- a/substrate/client/keystore/src/local.rs +++ b/substrate/client/keystore/src/local.rs @@ -37,7 +37,7 @@ use sp_core::bandersnatch; } sp_keystore::bls_experimental_enabled! { -use sp_core::{bls377, bls381, ecdsa_bls377, KeccakHasher}; +use sp_core::{bls381, ecdsa_bls381, KeccakHasher}; } use crate::{Error, Result}; @@ -357,68 +357,42 @@ impl Keystore for LocalKeystore { self.sign::(key_type, public, msg) } - fn bls377_public_keys(&self, key_type: KeyTypeId) -> Vec { - self.public_keys::(key_type) + fn ecdsa_bls381_public_keys(&self, key_type: KeyTypeId) -> Vec { + self.public_keys::(key_type) } - /// Generate a new pair compatible with the 'bls377' signature scheme. + /// Generate a new pair of paired-keys compatible with the '(ecdsa,bls381)' signature scheme. /// /// If `[seed]` is `Some` then the key will be ephemeral and stored in memory. - fn bls377_generate_new( + fn ecdsa_bls381_generate_new( &self, key_type: KeyTypeId, seed: Option<&str>, - ) -> std::result::Result { - self.generate_new::(key_type, seed) + ) -> std::result::Result { + self.generate_new::(key_type, seed) } - fn bls377_sign( + fn ecdsa_bls381_sign( &self, key_type: KeyTypeId, - public: &bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> std::result::Result, TraitError> { - self.sign::(key_type, public, msg) + ) -> std::result::Result, TraitError> { + self.sign::(key_type, public, msg) } - fn ecdsa_bls377_public_keys(&self, key_type: KeyTypeId) -> Vec { - self.public_keys::(key_type) - } - - /// Generate a new pair of paired-keys compatible with the '(ecdsa,bls377)' signature scheme. - /// - /// If `[seed]` is `Some` then the key will be ephemeral and stored in memory. - fn ecdsa_bls377_generate_new( - &self, - key_type: KeyTypeId, - seed: Option<&str>, - ) -> std::result::Result { - self.generate_new::(key_type, seed) - } - - fn ecdsa_bls377_sign( - &self, - key_type: KeyTypeId, - public: &ecdsa_bls377::Public, - msg: &[u8], - ) -> std::result::Result, TraitError> { - self.sign::(key_type, public, msg) - } - - fn ecdsa_bls377_sign_with_keccak256( + fn ecdsa_bls381_sign_with_keccak256( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> std::result::Result, TraitError> { + ) -> std::result::Result, TraitError> { let sig = self.0 .read() - .key_pair_by_type::(public, key_type)? + .key_pair_by_type::(public, key_type)? .map(|pair| pair.sign_with_hasher::(msg)); Ok(sig) } - - } } diff --git a/substrate/primitives/application-crypto/src/bls377.rs b/substrate/primitives/application-crypto/src/bls377.rs deleted file mode 100644 index 9d346ea618343..0000000000000 --- a/substrate/primitives/application-crypto/src/bls377.rs +++ /dev/null @@ -1,55 +0,0 @@ -// This file is part of Substrate. - -// Copyright (C) Parity Technologies (UK) Ltd. -// SPDX-License-Identifier: Apache-2.0 - -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//! BLS12-377 crypto applications. -use crate::{KeyTypeId, RuntimePublic}; - -use alloc::vec::Vec; -pub use sp_core::bls::bls377::*; - -mod app { - crate::app_crypto!(super, sp_core::testing::BLS377); -} - -pub use app::{Pair as AppPair, Public as AppPublic, Signature as AppSignature}; - -impl RuntimePublic for Public { - type Signature = Signature; - - /// Dummy implementation. Returns an empty vector. - fn all(_key_type: KeyTypeId) -> Vec { - Vec::new() - } - - fn generate_pair(key_type: KeyTypeId, seed: Option>) -> Self { - sp_io::crypto::bls377_generate(key_type, seed) - } - - /// Dummy implementation. Returns `None`. - fn sign>(&self, _key_type: KeyTypeId, _msg: &M) -> Option { - None - } - - /// Dummy implementation. Returns `false`. - fn verify>(&self, _msg: &M, _signature: &Self::Signature) -> bool { - false - } - - fn to_raw_vec(&self) -> Vec { - sp_core::crypto::ByteArray::to_raw_vec(self) - } -} diff --git a/substrate/primitives/application-crypto/src/bls381.rs b/substrate/primitives/application-crypto/src/bls381.rs index d990f2e14c8e6..d4006720ce2e4 100644 --- a/substrate/primitives/application-crypto/src/bls381.rs +++ b/substrate/primitives/application-crypto/src/bls381.rs @@ -16,6 +16,9 @@ // limitations under the License. //! BLS12-381 crypto applications. +use crate::{KeyTypeId, RuntimePublic}; + +use alloc::vec::Vec; pub use sp_core::bls::bls381::*; @@ -26,3 +29,30 @@ mod app { #[cfg(feature = "full_crypto")] pub use app::Pair as AppPair; pub use app::{Public as AppPublic, Signature as AppSignature}; + +impl RuntimePublic for Public { + type Signature = Signature; + + /// Dummy implementation. Returns an empty vector. + fn all(_key_type: KeyTypeId) -> Vec { + Vec::new() + } + + fn generate_pair(key_type: KeyTypeId, seed: Option>) -> Self { + sp_io::crypto::bls381_generate(key_type, seed) + } + + /// Dummy implementation. Returns `None`. + fn sign>(&self, _key_type: KeyTypeId, _msg: &M) -> Option { + None + } + + /// Dummy implementation. Returns `false`. + fn verify>(&self, _msg: &M, _signature: &Self::Signature) -> bool { + false + } + + fn to_raw_vec(&self) -> Vec { + sp_core::crypto::ByteArray::to_raw_vec(self) + } +} diff --git a/substrate/primitives/application-crypto/src/ecdsa_bls377.rs b/substrate/primitives/application-crypto/src/ecdsa_bls381.rs similarity index 87% rename from substrate/primitives/application-crypto/src/ecdsa_bls377.rs rename to substrate/primitives/application-crypto/src/ecdsa_bls381.rs index 443d214d67729..f6c6ddd3ea257 100644 --- a/substrate/primitives/application-crypto/src/ecdsa_bls377.rs +++ b/substrate/primitives/application-crypto/src/ecdsa_bls381.rs @@ -15,15 +15,15 @@ // See the License for the specific language governing permissions and // limitations under the License. -//! ECDSA and BLS12-377 paired crypto applications. +//! ECDSA and BLS12-381 paired crypto applications. use crate::{KeyTypeId, RuntimePublic}; use alloc::vec::Vec; -pub use sp_core::paired_crypto::ecdsa_bls377::*; +pub use sp_core::paired_crypto::ecdsa_bls381::*; mod app { - crate::app_crypto!(super, sp_core::testing::ECDSA_BLS377); + crate::app_crypto!(super, sp_core::testing::ECDSA_BLS381); } #[cfg(feature = "full_crypto")] @@ -39,7 +39,7 @@ impl RuntimePublic for Public { } fn generate_pair(key_type: KeyTypeId, seed: Option>) -> Self { - sp_io::crypto::ecdsa_bls377_generate(key_type, seed) + sp_io::crypto::ecdsa_bls381_generate(key_type, seed) } /// Dummy implementation. Returns `None`. diff --git a/substrate/primitives/application-crypto/src/lib.rs b/substrate/primitives/application-crypto/src/lib.rs index 37949d7c41ded..a8eb6b786a317 100644 --- a/substrate/primitives/application-crypto/src/lib.rs +++ b/substrate/primitives/application-crypto/src/lib.rs @@ -47,12 +47,10 @@ pub use serde; #[cfg(feature = "bandersnatch-experimental")] pub mod bandersnatch; #[cfg(feature = "bls-experimental")] -pub mod bls377; -#[cfg(feature = "bls-experimental")] pub mod bls381; pub mod ecdsa; #[cfg(feature = "bls-experimental")] -pub mod ecdsa_bls377; +pub mod ecdsa_bls381; pub mod ed25519; pub mod sr25519; mod traits; diff --git a/substrate/primitives/consensus/beefy/src/commitment.rs b/substrate/primitives/consensus/beefy/src/commitment.rs index 8d3a6c6aa90f9..5d4338aca10f9 100644 --- a/substrate/primitives/consensus/beefy/src/commitment.rs +++ b/substrate/primitives/consensus/beefy/src/commitment.rs @@ -482,7 +482,7 @@ mod tests { assert_eq!( encoded, array_bytes::hex2bytes_unchecked( - "046d68343048656c6c6f20576f726c642105000000000000000000000000000000000000000000000004300400000008558455ad81279df0795cc985580e4fb75d72d948d1107b2ac80a09abed4da8480c746cc321f2319a5e99a830e314d10dd3cd68ce3dc0c33c86e99bcb7816f9ba015dd1c9b2237e54baa93d232cdf83a430b58a5efbc2f86ca1bab173a315ff6f15bef161425750c028055e9a23947b73002889a8b22168628438875a8ef25d76db998a80187b50719471286f054f3b3809b77a0cd87d7fe9c1a9d5d562683e25a70610f0804e92340549a43a7159b77b0c2d6e1f8105c337a86cdd9aaacdc496577f3db8c55ef9e6fd48f2c5c05a2274707491635d8ba3df64f324575b7b2a34487bca2324b6a0046395a71681be3d0c2a001074884b6998c82331bd57ffa0a02cbfd02483c765b9216eab6a1fc119206236bf7971be68acaebff7400edee943240006a6096c9cfa65e9eb4e67f025c27112d14b4574fb208c439500f45cf3a8060f6cf009044f3141cce0364a7c2710a19b1bdf4abf27f86e5e3db08bddd35a7d12" + "046d68343048656c6c6f20576f726c642105000000000000000000000000000000000000000000000004300400000008558455ad81279df0795cc985580e4fb75d72d948d1107b2ac80a09abed4da8480c746cc321f2319a5e99a830e314d10dd3cd68ce3dc0c33c86e99bcb7816f9ba0182022df4689ef25499205f7154a1a62eb2d6d5c4a3657efed321e2c277998130d1b01a264c928afb79534cb0fa9dcf79f67ed4e6bf2de576bb936146f2fa60fa56b8651677cc764ea4fe317c62294c2a0c5966e439653eed0572fded5e2461c888518e0769718dcce9f3ff612fb89d262d6e1f8105c337a86cdd9aaacdc496577f3db8c55ef9e6fd48f2c5c05a2274707491635d8ba3df64f324575b7b2a34487bca2324b6a0046395a71681be3d0c2a00a90973bea76fac3a4e2d76a25ec3926d6a5a20aacee15ec0756cd268088ed5612b67b4a49349cee70bc1185078d17c7f7df9d944e8be30022d9680d0437c4ba4600d74050692e8ee9b96e37df2a39d1cb4b4af4b6a058342dd9e8c7481a3a0b8975ad8614c953e950253aa327698d842" ) ); } diff --git a/substrate/primitives/consensus/beefy/src/lib.rs b/substrate/primitives/consensus/beefy/src/lib.rs index 020e1667cbc79..6ec4a727e2765 100644 --- a/substrate/primitives/consensus/beefy/src/lib.rs +++ b/substrate/primitives/consensus/beefy/src/lib.rs @@ -142,10 +142,10 @@ pub mod ecdsa_crypto { #[cfg(feature = "bls-experimental")] pub mod bls_crypto { use super::{AuthorityIdBound, BeefyAuthorityId, Hash, RuntimeAppPublic, KEY_TYPE}; - use sp_application_crypto::{app_crypto, bls377}; - use sp_core::{bls377::Pair as BlsPair, crypto::Wraps, Pair as _}; + use sp_application_crypto::{app_crypto, bls381}; + use sp_core::{bls381::Pair as BlsPair, crypto::Wraps, Pair as _}; - app_crypto!(bls377, KEY_TYPE); + app_crypto!(bls381, KEY_TYPE); /// Identity of a BEEFY authority using BLS as its crypto. pub type AuthorityId = Public; @@ -184,10 +184,10 @@ pub mod bls_crypto { #[cfg(feature = "bls-experimental")] pub mod ecdsa_bls_crypto { use super::{AuthorityIdBound, BeefyAuthorityId, Hash, RuntimeAppPublic, KEY_TYPE}; - use sp_application_crypto::{app_crypto, ecdsa_bls377}; - use sp_core::{crypto::Wraps, ecdsa_bls377::Pair as EcdsaBlsPair}; + use sp_application_crypto::{app_crypto, ecdsa_bls381}; + use sp_core::{crypto::Wraps, ecdsa_bls381::Pair as EcdsaBlsPair}; - app_crypto!(ecdsa_bls377, KEY_TYPE); + app_crypto!(ecdsa_bls381, KEY_TYPE); /// Identity of a BEEFY authority using (ECDSA,BLS) as its crypto. pub type AuthorityId = Public; diff --git a/substrate/primitives/consensus/beefy/src/witness.rs b/substrate/primitives/consensus/beefy/src/witness.rs index cfffc94254a4c..f27660cc0ca53 100644 --- a/substrate/primitives/consensus/beefy/src/witness.rs +++ b/substrate/primitives/consensus/beefy/src/witness.rs @@ -90,7 +90,7 @@ mod tests { #[cfg(feature = "bls-experimental")] use w3f_bls::{ single_pop_aggregator::SignatureAggregatorAssumingPoP, Message, SerializableToBytes, - Signed, TinyBLS377, + Signed, TinyBLS381, }; type TestCommitment = Commitment; @@ -198,7 +198,7 @@ mod tests { // from signed take a function as the aggregator TestBlsSignedCommitmentWitness::from_signed::<_, _>(signed, |sigs| { // we are going to aggregate the signatures here - let mut aggregatedsigs: SignatureAggregatorAssumingPoP = + let mut aggregatedsigs: SignatureAggregatorAssumingPoP = SignatureAggregatorAssumingPoP::new(Message::new(b"", b"mock payload")); for sig in sigs { @@ -206,7 +206,7 @@ mod tests { Some(sig) => { let serialized_sig : Vec = (*sig.1).to_vec(); aggregatedsigs.add_signature( - &w3f_bls::Signature::::from_bytes( + &w3f_bls::Signature::::from_bytes( serialized_sig.as_slice() ).unwrap() ); @@ -219,7 +219,7 @@ mod tests { // We can't use BlsSignature::try_from because it expected 112Bytes (CP (64) + BLS 48) // single signature while we are having a BLS aggregated signature corresponding to no CP. - w3f_bls::Signature::::from_bytes(witness.signature_accumulator.as_slice()) + w3f_bls::Signature::::from_bytes(witness.signature_accumulator.as_slice()) .unwrap(); } diff --git a/substrate/primitives/core/src/bls.rs b/substrate/primitives/core/src/bls.rs index a86f67844da2a..f721a6ae08d18 100644 --- a/substrate/primitives/core/src/bls.rs +++ b/substrate/primitives/core/src/bls.rs @@ -39,22 +39,22 @@ use w3f_bls::{ pub mod bls377 { pub use super::{PUBLIC_KEY_SERIALIZED_SIZE, SIGNATURE_SERIALIZED_SIZE}; use crate::crypto::CryptoTypeId; - use w3f_bls::TinyBLS377; + pub(crate) use w3f_bls::TinyBLS377 as BlsEngine; /// An identifier used to match public keys against BLS12-377 keys pub const CRYPTO_ID: CryptoTypeId = CryptoTypeId(*b"bls7"); #[doc(hidden)] - pub type Bls377Tag = TinyBLS377; + pub type Bls377Tag = BlsEngine; /// BLS12-377 key pair. - pub type Pair = super::Pair; + pub type Pair = super::Pair; /// BLS12-377 public key. - pub type Public = super::Public; + pub type Public = super::Public; /// BLS12-377 signature. - pub type Signature = super::Signature; + pub type Signature = super::Signature; - impl super::HardJunctionId for TinyBLS377 { + impl super::HardJunctionId for BlsEngine { const ID: &'static str = "BLS12377HDKD"; } } @@ -63,19 +63,22 @@ pub mod bls377 { pub mod bls381 { pub use super::{PUBLIC_KEY_SERIALIZED_SIZE, SIGNATURE_SERIALIZED_SIZE}; use crate::crypto::CryptoTypeId; - use w3f_bls::TinyBLS381; + pub(crate) use w3f_bls::TinyBLS381 as BlsEngine; /// An identifier used to match public keys against BLS12-381 keys pub const CRYPTO_ID: CryptoTypeId = CryptoTypeId(*b"bls8"); + #[doc(hidden)] + pub type Bls381Tag = BlsEngine; + /// BLS12-381 key pair. - pub type Pair = super::Pair; + pub type Pair = super::Pair; /// BLS12-381 public key. - pub type Public = super::Public; + pub type Public = super::Public; /// BLS12-381 signature. - pub type Signature = super::Signature; + pub type Signature = super::Signature; - impl super::HardJunctionId for TinyBLS381 { + impl super::HardJunctionId for BlsEngine { const ID: &'static str = "BLS12381HDKD"; } } @@ -235,30 +238,46 @@ mod tests { #[cfg(feature = "serde")] use crate::crypto::Ss58Codec; use crate::crypto::DEV_PHRASE; - use bls377::{Pair, Signature}; + use bls377::Pair as Bls377Pair; + use bls381::Pair as Bls381Pair; - #[test] - fn default_phrase_should_be_used() { + fn default_phrase_should_be_used() { assert_eq!( - Pair::from_string("//Alice///password", None).unwrap().public(), - Pair::from_string(&format!("{}//Alice", DEV_PHRASE), Some("password")) + Pair::::from_string("//Alice///password", None).unwrap().public(), + Pair::::from_string(&format!("{}//Alice", DEV_PHRASE), Some("password")) .unwrap() .public(), ); } #[test] - fn seed_and_derive_should_work() { + fn default_phrase_should_be_used_for_bls377() { + default_phrase_should_be_used::(); + } + + #[test] + fn default_phrase_should_be_used_for_bls381() { + default_phrase_should_be_used::(); + } + + fn seed_and_derive_should_work() -> Vec { let seed = array_bytes::hex2array_unchecked( "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", ); - let pair = Pair::from_seed(&seed); + let pair = Pair::::from_seed(&seed); // we are using hash-to-field so this is not going to work // assert_eq!(pair.seed(), seed); let path = vec![DeriveJunction::Hard([0u8; 32])]; let derived = pair.derive(path.into_iter(), None).ok().unwrap().0; + println!("derived is: {:?}", array_bytes::bytes2hex("", derived.to_raw_vec())); + derived.to_raw_vec() + } + + #[test] + fn seed_and_derive_should_work_for_bls377() { + let derived_as_raw_vector = seed_and_derive_should_work::(); assert_eq!( - derived.to_raw_vec(), + derived_as_raw_vector, array_bytes::hex2array_unchecked::<_, 32>( "3a0626d095148813cd1642d38254f1cfff7eb8cc1a2fc83b2a135377c3554c12" ) @@ -266,99 +285,163 @@ mod tests { } #[test] - fn test_vector_should_work() { - let pair = Pair::from_seed(&array_bytes::hex2array_unchecked( - "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", - )); + fn seed_and_derive_should_work_for_bls381() { + let derived_as_raw_vector = seed_and_derive_should_work::(); + assert_eq!( + derived_as_raw_vector, + array_bytes::hex2array_unchecked::<_, 32>( + "bb6ac58be00d3c7ae5608ca64180b5af628e79b58592b6067136bb46255cea27" + ) + ); + } + + fn test_vector_should_work( + pair: Pair, + hex_expected_pub_key: &str, + hex_expected_signature: &str, + ) { let public = pair.public(); + let public_bytes: &[u8] = public.as_ref(); + println!("pub key is: {:?}", array_bytes::bytes2hex("", public_bytes)); assert_eq!( public, - Public::unchecked_from(array_bytes::hex2array_unchecked( - "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400" - )) + Public::unchecked_from(array_bytes::hex2array_unchecked(hex_expected_pub_key)) ); let message = b""; - let signature = - array_bytes::hex2array_unchecked("d1e3013161991e142d8751017d4996209c2ff8a9ee160f373733eda3b4b785ba6edce9f45f87104bbe07aa6aa6eb2780aa705efb2c13d3b317d6409d159d23bdc7cdd5c2a832d1551cf49d811d49c901495e527dbd532e3a462335ce2686009104aba7bc11c5b22be78f3198d2727a0b" - ); - let signature = Signature::unchecked_from(signature); - assert!(pair.sign(&message[..]) == signature); + let expected_signature_bytes = array_bytes::hex2array_unchecked(hex_expected_signature); + + let expected_signature = Signature::unchecked_from(expected_signature_bytes); + let signature = pair.sign(&message[..]); + assert!(signature == expected_signature); assert!(Pair::verify(&signature, &message[..], &public)); } #[test] - fn test_vector_by_string_should_work() { - let pair = Pair::from_string( + fn test_vector_should_work_for_bls377() { + let pair = Bls377Pair::from_seed(&array_bytes::hex2array_unchecked( + "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", + )); + test_vector_should_work(pair, + "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400", + "d1e3013161991e142d8751017d4996209c2ff8a9ee160f373733eda3b4b785ba6edce9f45f87104bbe07aa6aa6eb2780aa705efb2c13d3b317d6409d159d23bdc7cdd5c2a832d1551cf49d811d49c901495e527dbd532e3a462335ce2686009104aba7bc11c5b22be78f3198d2727a0b" + ) + } + + #[test] + fn test_vector_should_work_for_bls381() { + let pair = Bls381Pair::from_seed(&array_bytes::hex2array_unchecked( + "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", + )); + test_vector_should_work(pair, + "88ff6c3a32542bc85f2adf1c490a929b7fcee50faeb95af9a036349390e9b3ea7326247c4fc4ebf88050688fd6265de0806284eec09ba0949f5df05dc93a787a14509749f36e4a0981bb748d953435483740907bb5c2fe8ffd97e8509e1a038b05fb08488db628ea0638b8d48c3ddf62ed437edd8b23d5989d6c65820fc70f80fb39b486a3766813e021124aec29a566", + "8c29473f44ac4f0a8ac4dc8c8da09adf9d2faa2dbe0cfdce3ce7c920714196a1b7bf48dc05048e453c161ebc2db9f44fae060b3be77e14e66d1a5262f14d3da0c3a18e650018761a7402b31abc7dd803d466bdcb71bc28c77eb73c610cbff53c00130b79116831e520a04a8ef6630e6f" + ) + } + + #[test] + fn test_vector_by_string_should_work_for_bls377() { + let pair = Bls377Pair::from_string( "0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", None, ) .unwrap(); - let public = pair.public(); - assert_eq!( - public, - Public::unchecked_from(array_bytes::hex2array_unchecked( - "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400" - )) - ); - let message = b""; - let signature = - array_bytes::hex2array_unchecked("d1e3013161991e142d8751017d4996209c2ff8a9ee160f373733eda3b4b785ba6edce9f45f87104bbe07aa6aa6eb2780aa705efb2c13d3b317d6409d159d23bdc7cdd5c2a832d1551cf49d811d49c901495e527dbd532e3a462335ce2686009104aba7bc11c5b22be78f3198d2727a0b" - ); - let expected_signature = Signature::unchecked_from(signature); - println!("signature is {:?}", pair.sign(&message[..])); - let signature = pair.sign(&message[..]); - assert!(signature == expected_signature); - assert!(Pair::verify(&signature, &message[..], &public)); + test_vector_should_work(pair, + "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400", + "d1e3013161991e142d8751017d4996209c2ff8a9ee160f373733eda3b4b785ba6edce9f45f87104bbe07aa6aa6eb2780aa705efb2c13d3b317d6409d159d23bdc7cdd5c2a832d1551cf49d811d49c901495e527dbd532e3a462335ce2686009104aba7bc11c5b22be78f3198d2727a0b" + ) } + #[test] - fn generated_pair_should_work() { - let (pair, _) = Pair::generate(); + fn test_vector_by_string_should_work_for_bls381() { + let pair = Bls381Pair::from_string( + "0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", + None, + ) + .unwrap(); + test_vector_should_work(pair, + "88ff6c3a32542bc85f2adf1c490a929b7fcee50faeb95af9a036349390e9b3ea7326247c4fc4ebf88050688fd6265de0806284eec09ba0949f5df05dc93a787a14509749f36e4a0981bb748d953435483740907bb5c2fe8ffd97e8509e1a038b05fb08488db628ea0638b8d48c3ddf62ed437edd8b23d5989d6c65820fc70f80fb39b486a3766813e021124aec29a566", + "8c29473f44ac4f0a8ac4dc8c8da09adf9d2faa2dbe0cfdce3ce7c920714196a1b7bf48dc05048e453c161ebc2db9f44fae060b3be77e14e66d1a5262f14d3da0c3a18e650018761a7402b31abc7dd803d466bdcb71bc28c77eb73c610cbff53c00130b79116831e520a04a8ef6630e6f" + ) + } + + fn test_pair(pair: Pair) -> (String, String) { let public = pair.public(); let message = b"Something important"; let signature = pair.sign(&message[..]); assert!(Pair::verify(&signature, &message[..], &public)); assert!(!Pair::verify(&signature, b"Something else", &public)); + let public_bytes: &[u8] = public.as_ref(); + let signature_bytes: &[u8] = signature.as_ref(); + (array_bytes::bytes2hex("", public_bytes), array_bytes::bytes2hex("", signature_bytes)) } #[test] - fn seeded_pair_should_work() { - let pair = Pair::from_seed(b"12345678901234567890123456789012"); - let public = pair.public(); + fn generated_pair_should_work_for_bls377() { + let (pair, _) = Bls377Pair::generate(); + test_pair(pair); + } + + #[test] + fn generated_pair_should_work_for_bls381() { + let (pair, _) = Bls381Pair::generate(); + test_pair(pair); + } + + #[test] + fn seeded_pair_should_work_for_bls377() { + let pair = Bls377Pair::from_seed(b"12345678901234567890123456789012"); + let (public, _) = test_pair(pair); assert_eq!( - public, - Public::unchecked_from( - array_bytes::hex2array_unchecked( - "754d2f2bbfa67df54d7e0e951979a18a1e0f45948857752cc2bac6bbb0b1d05e8e48bcc453920bf0c4bbd5993212480112a1fb433f04d74af0a8b700d93dc957ab3207f8d071e948f5aca1a7632c00bdf6d06be05b43e2e6216dccc8a5d55a0071cb2313cfd60b7e9114619cd17c06843b352f0b607a99122f6651df8f02e1ad3697bd208e62af047ddd7b942ba80080") - ) + public, + "754d2f2bbfa67df54d7e0e951979a18a1e0f45948857752cc2bac6bbb0b1d05e8e48bcc453920bf0c4bbd5993212480112a1fb433f04d74af0a8b700d93dc957ab3207f8d071e948f5aca1a7632c00bdf6d06be05b43e2e6216dccc8a5d55a0071cb2313cfd60b7e9114619cd17c06843b352f0b607a99122f6651df8f02e1ad3697bd208e62af047ddd7b942ba80080" ); - let message = - array_bytes::hex2bytes_unchecked("2f8c6129d816cf51c374bc7f08c3e63ed156cf78aefb4a6550d97b87997977ee00000000000000000200d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a4500000000000000" - ); - let signature = pair.sign(&message[..]); - println!("Correct signature: {:?}", signature); - assert!(Pair::verify(&signature, &message[..], &public)); - assert!(!Pair::verify(&signature, "Other message", &public)); } #[test] - fn generate_with_phrase_recovery_possible() { - let (pair1, phrase, _) = Pair::generate_with_phrase(None); - let (pair2, _) = Pair::from_phrase(&phrase, None).unwrap(); + fn seeded_pair_should_work_for_bls381() { + let pair = Bls381Pair::from_seed(b"12345678901234567890123456789012"); + let (public, _) = test_pair(pair); + assert_eq!( + public, + "abe9554cc2cab7fdc391a4e07ed0f45544cf0fe235babedf553c098d37dd162d9402a0aed95c00ed01349a6017a3d864adcc9756e98b7931aa3526b1511730c9cbacf3cbe781ae5efefdb177b301bca0229a5cf87432251cd31341c9b88aea9501005fa16e814ad31a95fcc396633baf563f6306e982ddec978faa0399ba73c1c1a87fa4791b3f5bbb719c1401b2af37" + ); + } - assert_eq!(pair1.public(), pair2.public()); + fn test_recover_with_phrase( + pair: Pair, + phrase: String, + password: Option<&str>, + ) { + let (recovered_pair, _) = Pair::from_phrase(&phrase, password).unwrap(); + + assert_eq!(pair.public(), recovered_pair.public()); } #[test] - fn generate_with_password_phrase_recovery_possible() { - let (pair1, phrase, _) = Pair::generate_with_phrase(Some("password")); - let (pair2, _) = Pair::from_phrase(&phrase, Some("password")).unwrap(); + fn generate_with_phrase_recovery_possible_for_bls377() { + let (pair, phrase, _) = Bls377Pair::generate_with_phrase(None); + test_recover_with_phrase(pair, phrase, None); + } - assert_eq!(pair1.public(), pair2.public()); + #[test] + fn generate_with_phrase_recovery_possible_for_bls381() { + let (pair, phrase, _) = Bls381Pair::generate_with_phrase(None); + test_recover_with_phrase(pair, phrase, None); } #[test] - fn generate_with_phrase_should_be_recoverable_with_from_string() { - let (pair, phrase, seed) = Pair::generate_with_phrase(None); + fn generate_with_password_phrase_recovery_possible_for_bls377() { + let (pair, phrase, _) = Bls377Pair::generate_with_phrase(Some("password")); + test_recover_with_phrase(pair, phrase, Some("password")); + } + + #[test] + fn generate_with_password_phrase_recovery_possible_for_bls381() { + let (pair, phrase, _) = Bls381Pair::generate_with_phrase(Some("password")); + test_recover_with_phrase(pair, phrase, Some("password")); + } + + fn test_recover_from_seed_and_string(pair: Pair, phrase: String, seed: Seed) { let repair_seed = Pair::from_seed_slice(seed.as_ref()).expect("seed slice is valid"); assert_eq!(pair.public(), repair_seed.public()); assert_eq!(pair.to_raw_vec(), repair_seed.to_raw_vec()); @@ -374,17 +457,37 @@ mod tests { } #[test] - fn password_does_something() { - let (pair1, phrase, _) = Pair::generate_with_phrase(Some("password")); - let (pair2, _) = Pair::from_phrase(&phrase, None).unwrap(); + fn generate_with_phrase_should_be_recoverable_with_from_string_for_bls377() { + let (pair, phrase, seed) = Bls377Pair::generate_with_phrase(None); + test_recover_from_seed_and_string(pair, phrase, seed); + } + + #[test] + fn generate_with_phrase_should_be_recoverable_with_from_string_for_bls381() { + let (pair, phrase, seed) = Bls381Pair::generate_with_phrase(None); + test_recover_from_seed_and_string(pair, phrase, seed); + } + + fn password_does_something() { + let (pair1, phrase, _) = Pair::::generate_with_phrase(Some("password")); + let (pair2, _) = Pair::::from_phrase(&phrase, None).unwrap(); assert_ne!(pair1.public(), pair2.public()); assert_ne!(pair1.to_raw_vec(), pair2.to_raw_vec()); } #[test] - fn ss58check_roundtrip_works() { - let pair = Pair::from_seed(b"12345678901234567890123456789012"); + fn password_does_something_for_bls377() { + password_does_something::(); + } + + #[test] + fn password_does_something_for_bls381() { + password_does_something::(); + } + + fn ss58check_roundtrip_works() { + let pair = Pair::::from_seed(b"12345678901234567890123456789012"); let public = pair.public(); let s = public.to_ss58check(); println!("Correct: {}", s); @@ -393,25 +496,52 @@ mod tests { } #[test] - fn signature_serialization_works() { - let pair = Pair::from_seed(b"12345678901234567890123456789012"); + fn ss58check_roundtrip_works_for_bls377() { + ss58check_roundtrip_works::(); + } + + #[test] + fn ss58check_roundtrip_works_for_bls381() { + ss58check_roundtrip_works::(); + } + + fn signature_serialization_works() { + let pair = Pair::::from_seed(b"12345678901234567890123456789012"); let message = b"Something important"; let signature = pair.sign(&message[..]); let serialized_signature = serde_json::to_string(&signature).unwrap(); // Signature is 112 bytes, hexify * 2, so 224 chars + 2 quote chars assert_eq!(serialized_signature.len(), 226); let signature = serde_json::from_str(&serialized_signature).unwrap(); - assert!(Pair::verify(&signature, &message[..], &pair.public())); + assert!(Pair::::verify(&signature, &message[..], &pair.public())); + } + #[test] + fn signature_serialization_works_for_bls377() { + signature_serialization_works::(); } #[test] - fn signature_serialization_doesnt_panic() { - fn deserialize_signature(text: &str) -> Result { + fn signature_serialization_works_for_bls381() { + signature_serialization_works::(); + } + fn signature_serialization_doesnt_panic() { + fn deserialize_signature( + text: &str, + ) -> Result, serde_json::error::Error> { serde_json::from_str(text) } - assert!(deserialize_signature("Not valid json.").is_err()); - assert!(deserialize_signature("\"Not an actual signature.\"").is_err()); + assert!(deserialize_signature::("Not valid json.").is_err()); + assert!(deserialize_signature::("\"Not an actual signature.\"").is_err()); // Poorly-sized - assert!(deserialize_signature("\"abc123\"").is_err()); + assert!(deserialize_signature::("\"abc123\"").is_err()); + } + #[test] + fn signature_serialization_doesnt_panic_for_bls377() { + signature_serialization_doesnt_panic::(); + } + + #[test] + fn signature_serialization_doesnt_panic_for_bls381() { + signature_serialization_doesnt_panic::(); } } diff --git a/substrate/primitives/core/src/lib.rs b/substrate/primitives/core/src/lib.rs index 46503921453de..bb05bebc62748 100644 --- a/substrate/primitives/core/src/lib.rs +++ b/substrate/primitives/core/src/lib.rs @@ -83,7 +83,7 @@ pub mod sr25519; #[cfg(feature = "bls-experimental")] pub use bls::{bls377, bls381}; #[cfg(feature = "bls-experimental")] -pub use paired_crypto::ecdsa_bls377; +pub use paired_crypto::{ecdsa_bls377, ecdsa_bls381}; pub use self::{ hash::{convert_hash, H160, H256, H512}, diff --git a/substrate/primitives/core/src/paired_crypto.rs b/substrate/primitives/core/src/paired_crypto.rs index 57bc5b006197b..bf5b26366571a 100644 --- a/substrate/primitives/core/src/paired_crypto.rs +++ b/substrate/primitives/core/src/paired_crypto.rs @@ -126,6 +126,106 @@ pub mod ecdsa_bls377 { } } +/// ECDSA and BLS12-381 paired crypto scheme +#[cfg(feature = "bls-experimental")] +pub mod ecdsa_bls381 { + use crate::{bls381, crypto::CryptoTypeId, ecdsa}; + #[cfg(feature = "full_crypto")] + use crate::{ + crypto::{Pair as PairT, UncheckedFrom}, + Hasher, + }; + + /// An identifier used to match public keys against BLS12-381 keys + pub const CRYPTO_ID: CryptoTypeId = CryptoTypeId(*b"ecb8"); + + const PUBLIC_KEY_LEN: usize = + ecdsa::PUBLIC_KEY_SERIALIZED_SIZE + bls381::PUBLIC_KEY_SERIALIZED_SIZE; + const SIGNATURE_LEN: usize = + ecdsa::SIGNATURE_SERIALIZED_SIZE + bls381::SIGNATURE_SERIALIZED_SIZE; + + #[doc(hidden)] + pub struct EcdsaBls381Tag(ecdsa::EcdsaTag, bls381::Bls381Tag); + + impl super::PairedCryptoSubTagBound for EcdsaBls381Tag {} + + /// (ECDSA,BLS12-381) key-pair pair. + pub type Pair = + super::Pair; + + /// (ECDSA,BLS12-381) public key pair. + pub type Public = super::Public; + + /// (ECDSA,BLS12-381) signature pair. + pub type Signature = super::Signature; + + impl super::CryptoType for Public { + type Pair = Pair; + } + + impl super::CryptoType for Signature { + type Pair = Pair; + } + + impl super::CryptoType for Pair { + type Pair = Pair; + } + + #[cfg(feature = "full_crypto")] + impl Pair { + /// Hashes the `message` with the specified [`Hasher`] before signing with the ECDSA secret + /// component. + /// + /// The hasher does not affect the BLS12-381 component. This generates BLS12-381 Signature + /// according to IETF standard. + pub fn sign_with_hasher(&self, message: &[u8]) -> Signature + where + H: Hasher, + H::Out: Into<[u8; 32]>, + { + let msg_hash = H::hash(message).into(); + + let mut raw: [u8; SIGNATURE_LEN] = [0u8; SIGNATURE_LEN]; + raw[..ecdsa::SIGNATURE_SERIALIZED_SIZE] + .copy_from_slice(self.left.sign_prehashed(&msg_hash).as_ref()); + raw[ecdsa::SIGNATURE_SERIALIZED_SIZE..] + .copy_from_slice(self.right.sign(message).as_ref()); + ::Signature::unchecked_from(raw) + } + + /// Hashes the `message` with the specified [`Hasher`] before verifying with the ECDSA + /// public component. + /// + /// The hasher does not affect the the BLS12-381 component. This verifies whether the + /// BLS12-381 signature was hashed and signed according to IETF standard + pub fn verify_with_hasher(sig: &Signature, message: &[u8], public: &Public) -> bool + where + H: Hasher, + H::Out: Into<[u8; 32]>, + { + let msg_hash = H::hash(message).into(); + + let Ok(left_pub) = public.0[..ecdsa::PUBLIC_KEY_SERIALIZED_SIZE].try_into() else { + return false + }; + let Ok(left_sig) = sig.0[..ecdsa::SIGNATURE_SERIALIZED_SIZE].try_into() else { + return false + }; + if !ecdsa::Pair::verify_prehashed(&left_sig, &msg_hash, &left_pub) { + return false + } + + let Ok(right_pub) = public.0[ecdsa::PUBLIC_KEY_SERIALIZED_SIZE..].try_into() else { + return false + }; + let Ok(right_sig) = sig.0[ecdsa::SIGNATURE_SERIALIZED_SIZE..].try_into() else { + return false + }; + bls381::Pair::verify(&right_sig, message, &right_pub) + } + } +} + /// Secure seed length. /// /// Currently only supporting sub-schemes whose seed is a 32-bytes array. diff --git a/substrate/primitives/core/src/testing.rs b/substrate/primitives/core/src/testing.rs index c26e23d442f1f..378b3416db7c5 100644 --- a/substrate/primitives/core/src/testing.rs +++ b/substrate/primitives/core/src/testing.rs @@ -33,6 +33,8 @@ pub const BLS377: KeyTypeId = KeyTypeId(*b"bls7"); pub const BLS381: KeyTypeId = KeyTypeId(*b"bls8"); /// Key type for (ECDSA,BLS12-377) key pair pub const ECDSA_BLS377: KeyTypeId = KeyTypeId(*b"ecb7"); +/// Key type for (ECDSA,BLS12-381) key pair +pub const ECDSA_BLS381: KeyTypeId = KeyTypeId(*b"ecb8"); /// Macro for exporting functions from wasm in with the expected signature for using it with the /// wasm executor. This is useful for tests where you need to call a function in wasm. diff --git a/substrate/primitives/io/src/lib.rs b/substrate/primitives/io/src/lib.rs index b39a06ed2115a..38cf72a0c7909 100644 --- a/substrate/primitives/io/src/lib.rs +++ b/substrate/primitives/io/src/lib.rs @@ -108,7 +108,7 @@ use sp_core::{ }; #[cfg(feature = "bls-experimental")] -use sp_core::{bls377, ecdsa_bls377}; +use sp_core::{bls381, ecdsa_bls381}; #[cfg(feature = "std")] use sp_trie::{LayoutV0, LayoutV1, TrieConfiguration}; @@ -1204,38 +1204,38 @@ pub trait Crypto { Ok(pubkey.serialize()) } - /// Generate an `bls12-377` key for the given key type using an optional `seed` and + /// Generate an `bls12-381` key for the given key type using an optional `seed` and /// store it in the keystore. /// /// The `seed` needs to be a valid utf8. /// /// Returns the public key. #[cfg(feature = "bls-experimental")] - fn bls377_generate(&mut self, id: KeyTypeId, seed: Option>) -> bls377::Public { + fn bls381_generate(&mut self, id: KeyTypeId, seed: Option>) -> bls381::Public { let seed = seed.as_ref().map(|s| std::str::from_utf8(s).expect("Seed is valid utf8!")); self.extension::() .expect("No `keystore` associated for the current context!") - .bls377_generate_new(id, seed) - .expect("`bls377_generate` failed") + .bls381_generate_new(id, seed) + .expect("`bls381_generate` failed") } - /// Generate an `(ecdsa,bls12-377)` key for the given key type using an optional `seed` and + /// Generate an `(ecdsa,bls12-381)` key for the given key type using an optional `seed` and /// store it in the keystore. /// /// The `seed` needs to be a valid utf8. /// /// Returns the public key. #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_generate( + fn ecdsa_bls381_generate( &mut self, id: KeyTypeId, seed: Option>, - ) -> ecdsa_bls377::Public { + ) -> ecdsa_bls381::Public { let seed = seed.as_ref().map(|s| std::str::from_utf8(s).expect("Seed is valid utf8!")); self.extension::() .expect("No `keystore` associated for the current context!") - .ecdsa_bls377_generate_new(id, seed) - .expect("`ecdsa_bls377_generate` failed") + .ecdsa_bls381_generate_new(id, seed) + .expect("`ecdsa_bls381_generate` failed") } /// Generate a `bandersnatch` key pair for the given key type using an optional diff --git a/substrate/primitives/keystore/src/lib.rs b/substrate/primitives/keystore/src/lib.rs index 64f0e3ea49e8b..42ad2c600d02b 100644 --- a/substrate/primitives/keystore/src/lib.rs +++ b/substrate/primitives/keystore/src/lib.rs @@ -27,7 +27,7 @@ pub mod testing; #[cfg(feature = "bandersnatch-experimental")] use sp_core::bandersnatch; #[cfg(feature = "bls-experimental")] -use sp_core::{bls377, bls381, ecdsa_bls377}; +use sp_core::{bls381, ecdsa_bls381}; use sp_core::{ crypto::{ByteArray, CryptoTypeId, KeyTypeId}, ecdsa, ed25519, sr25519, @@ -280,13 +280,9 @@ pub trait Keystore: Send + Sync { #[cfg(feature = "bls-experimental")] fn bls381_public_keys(&self, id: KeyTypeId) -> Vec; - /// Returns all bls12-377 public keys for the given key type. + /// Returns all (ecdsa,bls12-381) paired public keys for the given key type. #[cfg(feature = "bls-experimental")] - fn bls377_public_keys(&self, id: KeyTypeId) -> Vec; - - /// Returns all (ecdsa,bls12-377) paired public keys for the given key type. - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_public_keys(&self, id: KeyTypeId) -> Vec; + fn ecdsa_bls381_public_keys(&self, id: KeyTypeId) -> Vec; /// Generate a new bls381 key pair for the given key type and an optional seed. /// @@ -299,27 +295,16 @@ pub trait Keystore: Send + Sync { seed: Option<&str>, ) -> Result; - /// Generate a new bls377 key pair for the given key type and an optional seed. - /// - /// Returns an `bls377::Public` key of the generated key pair or an `Err` if - /// something failed during key generation. - #[cfg(feature = "bls-experimental")] - fn bls377_generate_new( - &self, - key_type: KeyTypeId, - seed: Option<&str>, - ) -> Result; - - /// Generate a new (ecdsa,bls377) key pair for the given key type and an optional seed. + /// Generate a new (ecdsa,bls381) key pair for the given key type and an optional seed. /// - /// Returns an `ecdsa_bls377::Public` key of the generated key pair or an `Err` if + /// Returns an `ecdsa_bls381::Public` key of the generated key pair or an `Err` if /// something failed during key generation. #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_generate_new( + fn ecdsa_bls381_generate_new( &self, key_type: KeyTypeId, seed: Option<&str>, - ) -> Result; + ) -> Result; /// Generate a bls381 signature for a given message. /// @@ -337,55 +322,39 @@ pub trait Keystore: Send + Sync { msg: &[u8], ) -> Result, Error>; - /// Generate a bls377 signature for a given message. - /// - /// Receives [`KeyTypeId`] and a [`bls377::Public`] key to be able to map - /// them to a private key that exists in the keystore. - /// - /// Returns an [`bls377::Signature`] or `None` in case the given `key_type` - /// and `public` combination doesn't exist in the keystore. - /// An `Err` will be returned if generating the signature itself failed. - #[cfg(feature = "bls-experimental")] - fn bls377_sign( - &self, - key_type: KeyTypeId, - public: &bls377::Public, - msg: &[u8], - ) -> Result, Error>; - - /// Generate a (ecdsa,bls377) signature pair for a given message. + /// Generate a (ecdsa,bls381) signature pair for a given message. /// - /// Receives [`KeyTypeId`] and a [`ecdsa_bls377::Public`] key to be able to map + /// Receives [`KeyTypeId`] and a [`ecdsa_bls381::Public`] key to be able to map /// them to a private key that exists in the keystore. /// - /// Returns an [`ecdsa_bls377::Signature`] or `None` in case the given `key_type` + /// Returns an [`ecdsa_bls381::Signature`] or `None` in case the given `key_type` /// and `public` combination doesn't exist in the keystore. /// An `Err` will be returned if generating the signature itself failed. #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign( + fn ecdsa_bls381_sign( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error>; + ) -> Result, Error>; /// Hashes the `message` using keccak256 and then signs it using ECDSA - /// algorithm. It does not affect the behavior of BLS12-377 component. It generates - /// BLS12-377 Signature according to IETF standard. + /// algorithm. It does not affect the behavior of BLS12-381 component. It generates + /// BLS12-381 Signature according to IETF standard. /// - /// Receives [`KeyTypeId`] and a [`ecdsa_bls377::Public`] key to be able to map + /// Receives [`KeyTypeId`] and a [`ecdsa_bls381::Public`] key to be able to map /// them to a private key that exists in the keystore. /// - /// Returns an [`ecdsa_bls377::Signature`] or `None` in case the given `key_type` + /// Returns an [`ecdsa_bls381::Signature`] or `None` in case the given `key_type` /// and `public` combination doesn't exist in the keystore. /// An `Err` will be returned if generating the signature itself failed. #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign_with_keccak256( + fn ecdsa_bls381_sign_with_keccak256( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error>; + ) -> Result, Error>; /// Insert a new secret key. fn insert(&self, key_type: KeyTypeId, suri: &str, public: &[u8]) -> Result<(), ()>; @@ -411,8 +380,7 @@ pub trait Keystore: Send + Sync { /// - ecdsa /// - bandersnatch /// - bls381 - /// - bls377 - /// - (ecdsa,bls377) paired keys + /// - (ecdsa,bls381) paired keys /// /// To support more schemes you can overwrite this method. /// @@ -457,18 +425,11 @@ pub trait Keystore: Send + Sync { self.bls381_sign(id, &public, msg)?.map(|s| s.encode()) }, #[cfg(feature = "bls-experimental")] - bls377::CRYPTO_ID => { - let public = bls377::Public::from_slice(public) + ecdsa_bls381::CRYPTO_ID => { + let public = ecdsa_bls381::Public::from_slice(public) .map_err(|_| Error::ValidationError("Invalid public key format".into()))?; - self.bls377_sign(id, &public, msg)?.map(|s| s.encode()) + self.ecdsa_bls381_sign(id, &public, msg)?.map(|s| s.encode()) }, - #[cfg(feature = "bls-experimental")] - ecdsa_bls377::CRYPTO_ID => { - let public = ecdsa_bls377::Public::from_slice(public) - .map_err(|_| Error::ValidationError("Invalid public key format".into()))?; - self.ecdsa_bls377_sign(id, &public, msg)?.map(|s| s.encode()) - }, - _ => return Err(Error::KeyNotSupported(id)), }; Ok(signature) @@ -627,13 +588,8 @@ impl Keystore for Arc { } #[cfg(feature = "bls-experimental")] - fn bls377_public_keys(&self, id: KeyTypeId) -> Vec { - (**self).bls377_public_keys(id) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_public_keys(&self, id: KeyTypeId) -> Vec { - (**self).ecdsa_bls377_public_keys(id) + fn ecdsa_bls381_public_keys(&self, id: KeyTypeId) -> Vec { + (**self).ecdsa_bls381_public_keys(id) } #[cfg(feature = "bls-experimental")] @@ -646,21 +602,12 @@ impl Keystore for Arc { } #[cfg(feature = "bls-experimental")] - fn bls377_generate_new( + fn ecdsa_bls381_generate_new( &self, key_type: KeyTypeId, seed: Option<&str>, - ) -> Result { - (**self).bls377_generate_new(key_type, seed) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_generate_new( - &self, - key_type: KeyTypeId, - seed: Option<&str>, - ) -> Result { - (**self).ecdsa_bls377_generate_new(key_type, seed) + ) -> Result { + (**self).ecdsa_bls381_generate_new(key_type, seed) } #[cfg(feature = "bls-experimental")] @@ -674,33 +621,23 @@ impl Keystore for Arc { } #[cfg(feature = "bls-experimental")] - fn bls377_sign( - &self, - key_type: KeyTypeId, - public: &bls377::Public, - msg: &[u8], - ) -> Result, Error> { - (**self).bls377_sign(key_type, public, msg) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign( + fn ecdsa_bls381_sign( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error> { - (**self).ecdsa_bls377_sign(key_type, public, msg) + ) -> Result, Error> { + (**self).ecdsa_bls381_sign(key_type, public, msg) } #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign_with_keccak256( + fn ecdsa_bls381_sign_with_keccak256( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error> { - (**self).ecdsa_bls377_sign_with_keccak256(key_type, public, msg) + ) -> Result, Error> { + (**self).ecdsa_bls381_sign_with_keccak256(key_type, public, msg) } fn insert(&self, key_type: KeyTypeId, suri: &str, public: &[u8]) -> Result<(), ()> { diff --git a/substrate/primitives/keystore/src/testing.rs b/substrate/primitives/keystore/src/testing.rs index 1403e4745ff11..745f42e3477ab 100644 --- a/substrate/primitives/keystore/src/testing.rs +++ b/substrate/primitives/keystore/src/testing.rs @@ -22,7 +22,7 @@ use crate::{Error, Keystore, KeystorePtr}; #[cfg(feature = "bandersnatch-experimental")] use sp_core::bandersnatch; #[cfg(feature = "bls-experimental")] -use sp_core::{bls377, bls381, ecdsa_bls377, KeccakHasher}; +use sp_core::{bls381, ecdsa_bls381, KeccakHasher}; use sp_core::{ crypto::{ByteArray, KeyTypeId, Pair, VrfSecret}, ecdsa, ed25519, sr25519, @@ -299,62 +299,38 @@ impl Keystore for MemoryKeystore { } #[cfg(feature = "bls-experimental")] - fn bls377_public_keys(&self, key_type: KeyTypeId) -> Vec { - self.public_keys::(key_type) + fn ecdsa_bls381_public_keys(&self, key_type: KeyTypeId) -> Vec { + self.public_keys::(key_type) } #[cfg(feature = "bls-experimental")] - fn bls377_generate_new( + fn ecdsa_bls381_generate_new( &self, key_type: KeyTypeId, seed: Option<&str>, - ) -> Result { - self.generate_new::(key_type, seed) + ) -> Result { + self.generate_new::(key_type, seed) } #[cfg(feature = "bls-experimental")] - fn bls377_sign( + fn ecdsa_bls381_sign( &self, key_type: KeyTypeId, - public: &bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error> { - self.sign::(key_type, public, msg) + ) -> Result, Error> { + self.sign::(key_type, public, msg) } #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_public_keys(&self, key_type: KeyTypeId) -> Vec { - self.public_keys::(key_type) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_generate_new( - &self, - key_type: KeyTypeId, - seed: Option<&str>, - ) -> Result { - self.generate_new::(key_type, seed) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign( - &self, - key_type: KeyTypeId, - public: &ecdsa_bls377::Public, - msg: &[u8], - ) -> Result, Error> { - self.sign::(key_type, public, msg) - } - - #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign_with_keccak256( + fn ecdsa_bls381_sign_with_keccak256( &self, key_type: KeyTypeId, - public: &ecdsa_bls377::Public, + public: &ecdsa_bls381::Public, msg: &[u8], - ) -> Result, Error> { + ) -> Result, Error> { let sig = self - .pair::(key_type, public) + .pair::(key_type, public) .map(|pair| pair.sign_with_hasher::(msg)); Ok(sig) } @@ -508,13 +484,13 @@ mod tests { #[test] #[cfg(feature = "bls-experimental")] - fn ecdsa_bls377_sign_with_keccak_works() { + fn ecdsa_bls381_sign_with_keccak_works() { use sp_core::testing::ECDSA_BLS377; let store = MemoryKeystore::new(); let suri = "//Alice"; - let pair = ecdsa_bls377::Pair::from_string(suri, None).unwrap(); + let pair = ecdsa_bls381::Pair::from_string(suri, None).unwrap(); let msg = b"this should be a normal unhashed message not a hash of a message because bls scheme comes with its own hashing"; @@ -522,16 +498,16 @@ mod tests { store.insert(ECDSA_BLS377, suri, pair.public().as_ref()).unwrap(); let res = store - .ecdsa_bls377_sign_with_keccak256(ECDSA_BLS377, &pair.public(), &msg[..]) + .ecdsa_bls381_sign_with_keccak256(ECDSA_BLS377, &pair.public(), &msg[..]) .unwrap(); assert!(res.is_some()); // does not verify with default out-of-the-box verification - assert!(!ecdsa_bls377::Pair::verify(&res.unwrap(), &msg[..], &pair.public())); + assert!(!ecdsa_bls381::Pair::verify(&res.unwrap(), &msg[..], &pair.public())); // should verify using keccak256 as hasher - assert!(ecdsa_bls377::Pair::verify_with_hasher::( + assert!(ecdsa_bls381::Pair::verify_with_hasher::( &res.unwrap(), msg, &pair.public()