feat(wasmer/crypto): move sig verifier to crypto pkg

lib/crypto/ed25519/ed25519.go

@@ -44,6 +44,20 @@ type PublicKey ed25519.PublicKey
 // PublicKeyBytes is an encoded ed25519 public key
 type PublicKeyBytes [PublicKeyLength]byte
 
+// SignVerify verify signature given pubkey and msg
+func SignVerify(pubkey, sig, msg []byte) (bool, error) {
+	pubKey, err := NewPublicKey(pubkey)
+	if err != nil {
+		return false, fmt.Errorf("failed to fetch ed25519 public key: %s", err)
+	}
+	ok, err := pubKey.Verify(msg, sig)
+	if err != nil || !ok {
+		return false, fmt.Errorf("failed to verify ed25519 signature: %s", err)
+	}
+
+	return true, nil
+}
+
 // String returns the PublicKeyBytes formatted as a hex string
 func (b PublicKeyBytes) String() string {
 	pk := [PublicKeyLength]byte(b)

lib/crypto/secp256k1/secp256k1.go

@@ -7,6 +7,7 @@ import (
 	"crypto/ecdsa"
 	"encoding/hex"
 	"errors"
+	"fmt"
 
 	"github.com/ChainSafe/gossamer/lib/common"
 	"github.com/ChainSafe/gossamer/lib/crypto"
@@ -36,6 +37,16 @@ type PublicKey struct {
 	key ecdsa.PublicKey
 }
 
+// SignVerify verify signature given pubkey and msg
+func SignVerify(pubkey, sig, msg []byte) (bool, error) {
+	ok := secp256k1.VerifySignature(pubkey, msg, sig)
+	if !ok {
+		return false, fmt.Errorf("failed to verify secp256k1 signature")
+	}
+
+	return true, nil
+}
+
 // RecoverPublicKey returns the 64-byte uncompressed public key that created the given signature.
 func RecoverPublicKey(msg, sig []byte) ([]byte, error) {
 	// update recovery bit

lib/runtime/sig_verifier.go → lib/crypto/sig_verifier.go

@@ -1,26 +1,24 @@
 // Copyright 2021 ChainSafe Systems (ON)
 // SPDX-License-Identifier: LGPL-3.0-only
 
-package runtime
+package crypto
 
 import (
-	"fmt"
 	"sync"
 	"time"
 
 	"github.com/ChainSafe/gossamer/internal/log"
-	"github.com/ChainSafe/gossamer/lib/crypto"
-	"github.com/ChainSafe/gossamer/lib/crypto/ed25519"
-	"github.com/ChainSafe/gossamer/lib/crypto/sr25519"
-	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 )
 
+// SigVerifyFunc verify an signature given a pubkey and msg
+type SigVerifyFunc func(pubkey, sig, msg []byte) (bool, error)
+
 // Signature ...
 type Signature struct {
-	PubKey    []byte
-	Sign      []byte
-	Msg       []byte
-	KeyTypeID crypto.KeyType
+	PubKey     []byte
+	Sign       []byte
+	Msg        []byte
+	VerifyFunc SigVerifyFunc
 }
 
 // SignatureVerifier ...
@@ -66,12 +64,12 @@ func (sv *SignatureVerifier) Start() {
 			case <-sv.closeCh:
 				return
 			default:
-				sign := sv.Remove()
-				if sign == nil {
+				sig := sv.Remove()
+				if sig == nil {
 					continue
 				}
-				err := sign.verify()
-				if err != nil {
+				ok, err := sig.VerifyFunc(sig.PubKey, sig.Sign, sig.Msg)
+				if err != nil || !ok {
 					sv.logger.Errorf("[ext_crypto_start_batch_verify_version_1]: %s", err)
 					sv.Invalid()
 					return
@@ -153,32 +151,3 @@ func (sv *SignatureVerifier) Finish() bool {
 	sv.Reset()
 	return !isInvalid
 }
-
-func (sig *Signature) verify() error {
-	switch sig.KeyTypeID {
-	case crypto.Ed25519Type:
-		pubKey, err := ed25519.NewPublicKey(sig.PubKey)
-		if err != nil {
-			return fmt.Errorf("failed to fetch ed25519 public key: %s", err)
-		}
-		ok, err := pubKey.Verify(sig.Msg, sig.Sign)
-		if err != nil || !ok {
-			return fmt.Errorf("failed to verify ed25519 signature: %s", err)
-		}
-	case crypto.Sr25519Type:
-		pubKey, err := sr25519.NewPublicKey(sig.PubKey)
-		if err != nil {
-			return fmt.Errorf("failed to fetch sr25519 public key: %s", err)
-		}
-		ok, err := pubKey.Verify(sig.Msg, sig.Sign)
-		if err != nil || !ok {
-			return fmt.Errorf("failed to verify sr25519 signature: %s", err)
-		}
-	case crypto.Secp256k1Type:
-		ok := secp256k1.VerifySignature(sig.PubKey, sig.Msg, sig.Sign)
-		if !ok {
-			return fmt.Errorf("failed to verify secp256k1 signature")
-		}
-	}
-	return nil
-}

lib/crypto/sr25519/sr25519.go

@@ -6,6 +6,7 @@ package sr25519
 import (
 	"encoding/hex"
 	"errors"
+	"fmt"
 
 	"github.com/ChainSafe/gossamer/lib/common"
 	"github.com/ChainSafe/gossamer/lib/crypto"
@@ -43,6 +44,20 @@ type PrivateKey struct {
 	key *sr25519.SecretKey
 }
 
+// SignVerify verify signature given pubkey and msg
+func SignVerify(pubkey, sig, msg []byte) (bool, error) {
+	pubKey, err := NewPublicKey(pubkey)
+	if err != nil {
+		return false, fmt.Errorf("failed to fetch sr25519 public key: %s", err)
+	}
+	ok, err := pubKey.Verify(msg, sig)
+	if err != nil || !ok {
+		return false, fmt.Errorf("failed to verify sr25519 signature: %s", err)
+	}
+
+	return true, nil
+}
+
 // NewKeypair returns a sr25519 Keypair given a schnorrkel secret key
 func NewKeypair(priv *sr25519.SecretKey) (*Keypair, error) {
 	pub, err := priv.Public()

lib/runtime/life/instance.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/ChainSafe/gossamer/internal/log"
 	"github.com/ChainSafe/gossamer/lib/common"
+	"github.com/ChainSafe/gossamer/lib/crypto"
 	"github.com/ChainSafe/gossamer/lib/keystore"
 	"github.com/ChainSafe/gossamer/lib/runtime"
 
@@ -112,7 +113,7 @@ func NewInstance(code []byte, cfg *Config) (*Instance, error) {
 		NodeStorage: cfg.NodeStorage,
 		Network:     cfg.Network,
 		Transaction: cfg.Transaction,
-		SigVerifier: runtime.NewSignatureVerifier(logger),
+		SigVerifier: crypto.NewSignatureVerifier(logger),
 	}
 
 	logger.Debugf("creating new runtime instance with context: %v", runtimeCtx)

lib/runtime/life/resolver.go

@@ -933,11 +933,11 @@ func ext_crypto_ed25519_verify_version_1(vm *exec.VirtualMachine) int64 {
 	}
 
 	if sigVerifier.IsStarted() {
-		signature := runtime.Signature{
-			PubKey:    pubKey.Encode(),
-			Sign:      signature,
-			Msg:       message,
-			KeyTypeID: crypto.Ed25519Type,
+		signature := crypto.Signature{
+			PubKey:     pubKey.Encode(),
+			Sign:       signature,
+			Msg:        message,
+			VerifyFunc: ed25519.SignVerify,
 		}
 		sigVerifier.Add(&signature)
 		return 1
@@ -1120,11 +1120,11 @@ func ext_crypto_sr25519_verify_version_1(vm *exec.VirtualMachine) int64 {
 		pub.Hex(), message, signature)
 
 	if sigVerifier.IsStarted() {
-		signature := runtime.Signature{
-			PubKey:    pub.Encode(),
-			Sign:      signature,
-			Msg:       message,
-			KeyTypeID: crypto.Sr25519Type,
+		signature := crypto.Signature{
+			PubKey:     pub.Encode(),
+			Sign:       signature,
+			Msg:        message,
+			VerifyFunc: sr25519.SignVerify,
 		}
 		sigVerifier.Add(&signature)
 		return 1

lib/runtime/test_helpers.go

@@ -12,9 +12,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ChainSafe/gossamer/lib/crypto"
+
 	"github.com/ChainSafe/chaindb"
 	"github.com/ChainSafe/gossamer/lib/common"
-	"github.com/ChainSafe/gossamer/lib/crypto"
 	"github.com/ChainSafe/gossamer/lib/crypto/ed25519"
 	"github.com/ChainSafe/gossamer/lib/utils"
 	ma "github.com/multiformats/go-multiaddr"
@@ -115,9 +116,9 @@ func (*TestRuntimeNetwork) NetworkState() common.NetworkState {
 	}
 }
 
-func generateEd25519Signatures(t *testing.T, n int) []*Signature {
+func generateEd25519Signatures(t *testing.T, n int) []*crypto.Signature {
 	t.Helper()
-	signs := make([]*Signature, n)
+	signs := make([]*crypto.Signature, n)
 	for i := 0; i < n; i++ {
 		msg := []byte("Hello")
 		key, err := ed25519.GenerateKeypair()
@@ -126,11 +127,11 @@ func generateEd25519Signatures(t *testing.T, n int) []*Signature {
 		sign, err := key.Private().Sign(msg)
 		require.NoError(t, err)
 
-		signs[i] = &Signature{
-			PubKey:    key.Public().Encode(),
-			Sign:      sign,
-			Msg:       msg,
-			KeyTypeID: crypto.Ed25519Type,
+		signs[i] = &crypto.Signature{
+			PubKey:     key.Public().Encode(),
+			Sign:       sign,
+			Msg:        msg,
+			VerifyFunc: ed25519.SignVerify,
 		}
 	}
 	return signs

lib/runtime/types.go

@@ -6,6 +6,7 @@ package runtime
 import (
 	"github.com/ChainSafe/gossamer/internal/log"
 	"github.com/ChainSafe/gossamer/lib/common"
+	"github.com/ChainSafe/gossamer/lib/crypto"
 	"github.com/ChainSafe/gossamer/lib/keystore"
 	"github.com/ChainSafe/gossamer/lib/runtime/offchain"
 )
@@ -67,7 +68,7 @@ type Context struct {
 	NodeStorage     NodeStorage
 	Network         BasicNetwork
 	Transaction     TransactionState
-	SigVerifier     *SignatureVerifier
+	SigVerifier     *crypto.SignatureVerifier
 	OffchainHTTPSet *offchain.HTTPSet
 }
 

lib/runtime/types_test.go

@@ -19,7 +19,7 @@ import (
 
 func TestBackgroundSignVerification(t *testing.T) {
 	signs := generateEd25519Signatures(t, 2)
-	signVerify := NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
+	signVerify := crypto.NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
 
 	signVerify.Start()
 
@@ -34,7 +34,7 @@ func TestBackgroundSignVerification(t *testing.T) {
 
 func TestBackgroundSignVerificationMultipleStart(t *testing.T) {
 	signs := generateEd25519Signatures(t, 2)
-	signVerify := NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
+	signVerify := crypto.NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
 
 	for ii := 0; ii < 5; ii++ {
 		require.False(t, signVerify.IsStarted())
@@ -60,16 +60,16 @@ func TestInvalidSignatureBatch(t *testing.T) {
 	sigData, err := common.HexToBytes("0x90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301")
 	require.Nil(t, err)
 
-	signature := &Signature{
-		PubKey:    key.Public().Encode(),
-		Sign:      sigData,
-		Msg:       msg,
-		KeyTypeID: crypto.Ed25519Type,
+	signature := &crypto.Signature{
+		PubKey:     key.Public().Encode(),
+		Sign:       sigData,
+		Msg:        msg,
+		VerifyFunc: ed25519.SignVerify,
 	}
 
 	signs = append(signs, signature)
 
-	signVerify := NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
+	signVerify := crypto.NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
 	signVerify.Start()
 
 	for _, sig := range signs {
@@ -80,7 +80,7 @@ func TestInvalidSignatureBatch(t *testing.T) {
 
 func TestValidSignatureBatch(t *testing.T) {
 	signs := generateEd25519Signatures(t, 2)
-	signVerify := NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
+	signVerify := crypto.NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
 
 	signVerify.Start()
 
@@ -101,11 +101,11 @@ func TestAllCryptoTypeSignature(t *testing.T) {
 	srSig, err := srKey.Private().Sign(srMsg)
 	require.NoError(t, err)
 
-	srSignature := &Signature{
-		PubKey:    srKey.Public().Encode(),
-		Sign:      srSig,
-		Msg:       srMsg,
-		KeyTypeID: crypto.Sr25519Type,
+	srSignature := &crypto.Signature{
+		PubKey:     srKey.Public().Encode(),
+		Sign:       srSig,
+		Msg:        srMsg,
+		VerifyFunc: sr25519.SignVerify,
 	}
 
 	blakeHash, err := common.Blake2bHash([]byte("secp256k1"))
@@ -118,14 +118,14 @@ func TestAllCryptoTypeSignature(t *testing.T) {
 	require.NoError(t, err)
 
 	secpSigData = secpSigData[:len(secpSigData)-1] // remove recovery id
-	secpSignature := &Signature{
-		PubKey:    kp.Public().Encode(),
-		Sign:      secpSigData,
-		Msg:       blakeHash.ToBytes(),
-		KeyTypeID: crypto.Secp256k1Type,
+	secpSignature := &crypto.Signature{
+		PubKey:     kp.Public().Encode(),
+		Sign:       secpSigData,
+		Msg:        blakeHash.ToBytes(),
+		VerifyFunc: secp256k1.SignVerify,
 	}
 
-	signVerify := NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
+	signVerify := crypto.NewSignatureVerifier(log.New(log.SetWriter(io.Discard)))
 
 	signVerify.Start()