Make some BEEFY keystore logic more generic #10763
Conversation
serban300
changed the title
serban300
force-pushed
the
small_fixes_beefy
branch
2 times, most recently
from
d74c2d6 to
ca1d586
Compare
The BEEFY keystore doesn't support simple BLS keys
serban300
force-pushed
the
small_fixes_beefy
branch
from
ca1d586 to
ccf1be1
Compare
| let msg_hash = keccak_256(msg); | ||
| let public = ecdsa::Public::try_from(self.as_slice()).unwrap(); | ||
|
|
||
| let maybe_sig = store.ecdsa_sign_prehashed(BEEFY_KEY_TYPE, &public, &msg_hash)?; |
There was a problem hiding this comment.
I assume that you can do this in no_std and when it gets called actually in no_std it panics? Is it acceptable behavoir?
There was a problem hiding this comment.
Added a #[cfg(feature = "std")] guard for try_sign().
| )); | ||
| let blake2_256_signature: ecdsa_crypto::Signature = | ||
| pair.as_inner_ref().sign_prehashed(&blake2_256(msg)).into(); | ||
| assert!(!BeefyAuthorityId::verify(&pair.public(), &blake2_256_signature, msg)); |
There was a problem hiding this comment.
What is the point of keeping this? The test was showing that signing with different hash works, now it doesn't, do we need it to demonestrate that something doesn't work?
|
|
||
| #[test] | ||
| #[cfg(feature = "bls-experimental")] | ||
| fn bls_beefy_verify_works() { |
There was a problem hiding this comment.
Why are we removing bls tests?
There was a problem hiding this comment.
Added back the support for bls_crypto
| { | ||
| fn sign_with_hasher(&self, message: &[u8]) -> <Self as AppCrypto>::Signature { | ||
| let hashed_message = <MsgHash as Hash>::hash(message).into(); | ||
| impl BeefySignerAuthority for <ecdsa_crypto::AuthorityId as AppCrypto>::Pair { |
There was a problem hiding this comment.
We don't need to define BeefySignerAuthority because apparently BeefyAuthority can sign itself. Right?
There was a problem hiding this comment.
I think we still need it because these are different use cases. BeefySignerAuthority signs using the private key. BeefyAuthorityId signs using a keystore. Also renamed BeefyAuthority::try_sign() to try_sign_with_store()
I see that BeefySignerAuthority is used in the tests and we don't always have the store in those scenarios. Maybe we could try to modify the tests to always use a key store, but sounds like some work and I don't know if it's worth it.
There was a problem hiding this comment.
Ok let makes that explicit in the comment so it is less confusing.
| let raw_signature = BeefyAuthorityId::try_sign(public, store, message) | ||
| .map_err(|e| error::Error::Keystore(e.to_string()))? | ||
| .ok_or_else(|| { | ||
| error::Error::Signature("BeefyAuthorityId::try_sign() returned None".to_string()) |
There was a problem hiding this comment.
It seems to me that error messages were more expressive before. Now we only getting "returned None" with no further clarification.
| pub trait BeefyAuthorityId<MsgHash: Hash>: RuntimeAppPublic { | ||
| pub trait BeefyAuthorityId: RuntimeAppPublic { | ||
| /// Get all the public keys of the current type from a provided `Keystore`. | ||
| fn get_all_from_store(store: KeystorePtr) -> Vec<impl AsRef<[u8]>>; |
There was a problem hiding this comment.
| fn get_all_from_store(store: KeystorePtr) -> Vec<impl AsRef<[u8]>>; | |
| fn get_all_public_keys_from_store(store: KeystorePtr) -> Vec<impl AsRef<[u8]>>; |
I could not figure out the puprose of the function from "get_all_from_store"
|
@drskalman thank you for the review ! I think I addressed all your comments. Can you PTAL when you have time ? |
drskalman
left a comment
drskalman
left a comment
There was a problem hiding this comment.
I actually liked your using of BEEFY_KEY_TYPE it was more expressive but I'm on going to dwell on that :-)
| { | ||
| fn sign_with_hasher(&self, message: &[u8]) -> <Self as AppCrypto>::Signature { | ||
| let hashed_message = <MsgHash as Hash>::hash(message).into(); | ||
| impl BeefySignerAuthority for <ecdsa_crypto::AuthorityId as AppCrypto>::Pair { |
There was a problem hiding this comment.
Ok let makes that explicit in the comment so it is less confusing.
Renamed it back to |
|
/cmd prdoc --audience node_dev --bump patch |
…e_dev --bump patch'
drskalman
left a comment
drskalman
left a comment
There was a problem hiding this comment.
Thank you very much! LGTM 👍
a6082b3
3 participants
This PR:
sign()public_keys()This is done by implementing the specific logic in the
BeefyAuthorityId.BeefyAuthorityId::SignatureHashersince for some algorithms it doesn't make sense to have a hasher.Also since now the
BeefyAuthorityIdimplements both the signing and the verification logic, we should have better consistency.Related to #8707 (comment)