feat(msa): add support for unwrapped bytes (#2169)

Add support to verify signatures against unwrapped bytes. 
This allows for verification of signatures not using PolkadotUi.

#2134

Author: enddynayn

pallets/handles/Cargo.toml

@@ -28,8 +28,9 @@ sp-std = { workspace = true }
 # Frequency related dependencies
 common-primitives = { default-features = false, path = "../../common/primitives" }
 handles-utils = { default-features = false, path = "src/handles-utils" }
-[dev-dependencies]
 common-runtime = { path = "../../runtime/common", default-features = false }
+
+[dev-dependencies]
 env_logger = { workspace = true }
 pretty_assertions = { workspace = true }
 serde = { workspace = true, features = ["derive"] }

pallets/handles/src/benchmarking.rs

@@ -3,6 +3,7 @@
 
 use super::*;
 use crate::Pallet as Handles;
+use common_primitives::utils::wrap_binary_data;
 use frame_benchmarking::{benchmarks, whitelisted_caller};
 use frame_support::assert_ok;
 use frame_system::RawOrigin;

pallets/handles/src/lib.rs

@@ -50,21 +50,19 @@ use common_primitives::benchmarks::MsaBenchmarkHelper;
 use common_primitives::{
 	handles::*,
 	msa::{MessageSourceId, MsaLookup, MsaValidator},
-	utils::wrap_binary_data,
 };
 use frame_support::{dispatch::DispatchResult, ensure, pallet_prelude::*, traits::Get};
 use frame_system::pallet_prelude::*;
 use numtoa::*;
 pub use pallet::*;
 use sp_core::crypto::AccountId32;
-use sp_runtime::{
-	traits::{Convert, Verify},
-	DispatchError, MultiSignature,
-};
+use sp_runtime::{traits::Convert, DispatchError, MultiSignature};
 use sp_std::{prelude::*, vec::Vec};
 
 pub mod handles_signed_extension;
 
+use common_runtime::signature::check_signature;
+
 pub mod weights;
 pub use weights::*;
 
@@ -285,10 +283,9 @@ pub mod pallet {
 			signer: &T::AccountId,
 			payload: Vec<u8>,
 		) -> DispatchResult {
-			let key = T::ConvertIntoAccountId32::convert((*signer).clone());
-			let wrapped_payload = wrap_binary_data(payload);
+			let key = T::ConvertIntoAccountId32::convert(signer.clone());
 
-			ensure!(signature.verify(&wrapped_payload[..], &key), Error::<T>::InvalidSignature);
+			ensure!(check_signature(signature, key, payload), Error::<T>::InvalidSignature);
 
 			Ok(())
 		}

pallets/msa/Cargo.toml

@@ -30,9 +30,9 @@ common-primitives = { default-features = false, path = "../../common/primitives"
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true, features = ["alloc"] }
 hex = { workspace = true, default-features = false, features = ["alloc"] }
+common-runtime = { path = "../../runtime/common", default-features = false }
 
 [dev-dependencies]
-common-runtime = { path = "../../runtime/common", default-features = false }
 pallet-schemas = { path = "../schemas", default-features = false }
 pallet-handles = { path = "../handles", default-features = false }
 pallet-collective = { workspace = true }

pallets/msa/src/lib.rs

@@ -39,6 +39,8 @@ use frame_support::{
 };
 use parity_scale_codec::{Decode, Encode};
 
+use common_runtime::signature::check_signature;
+
 #[cfg(feature = "runtime-benchmarks")]
 use common_primitives::benchmarks::{MsaBenchmarkHelper, RegisterProviderBenchmarkHelper};
 
@@ -57,9 +59,7 @@ use log;
 use scale_info::TypeInfo;
 use sp_core::crypto::AccountId32;
 use sp_runtime::{
-	traits::{
-		BlockNumberProvider, Convert, DispatchInfoOf, Dispatchable, SignedExtension, Verify, Zero,
-	},
+	traits::{BlockNumberProvider, Convert, DispatchInfoOf, Dispatchable, SignedExtension, Zero},
 	ArithmeticError, DispatchError, MultiSignature,
 };
 use sp_std::{prelude::*, vec};
@@ -461,7 +461,10 @@ pub mod pallet {
 		) -> DispatchResult {
 			let provider_key = ensure_signed(origin)?;
 
-			Self::verify_signature(&proof, &delegator_key, add_provider_payload.encode())?;
+			ensure!(
+				Self::verify_signature(&proof, &delegator_key, add_provider_payload.encode()),
+				Error::<T>::InvalidSignature
+			);
 
 			Self::register_signature(&proof, add_provider_payload.expiration.into())?;
 
@@ -551,9 +554,10 @@ pub mod pallet {
 		) -> DispatchResult {
 			let provider_key = ensure_signed(origin)?;
 
-			// delegator must have signed the payload.
-			Self::verify_signature(&proof, &delegator_key, add_provider_payload.encode())
-				.map_err(|_| Error::<T>::AddProviderSignatureVerificationFailed)?;
+			ensure!(
+				Self::verify_signature(&proof, &delegator_key, add_provider_payload.encode()),
+				Error::<T>::AddProviderSignatureVerificationFailed
+			);
 
 			Self::register_signature(&proof, add_provider_payload.expiration.into())?;
 			let (provider_id, delegator_id) =
@@ -647,19 +651,23 @@ pub mod pallet {
 		) -> DispatchResult {
 			let _ = ensure_signed(origin)?;
 
-			Self::verify_signature(
-				&msa_owner_proof,
-				&msa_owner_public_key,
-				add_key_payload.encode(),
-			)
-			.map_err(|_| Error::<T>::MsaOwnershipInvalidSignature)?;
+			ensure!(
+				Self::verify_signature(
+					&msa_owner_proof,
+					&msa_owner_public_key,
+					add_key_payload.encode()
+				),
+				Error::<T>::MsaOwnershipInvalidSignature
+			);
 
-			Self::verify_signature(
-				&new_key_owner_proof,
-				&add_key_payload.new_public_key.clone(),
-				add_key_payload.encode(),
-			)
-			.map_err(|_| Error::<T>::NewKeyOwnershipInvalidSignature)?;
+			ensure!(
+				Self::verify_signature(
+					&new_key_owner_proof,
+					&add_key_payload.new_public_key,
+					add_key_payload.encode()
+				),
+				Error::<T>::NewKeyOwnershipInvalidSignature
+			);
 
 			Self::register_signature(&msa_owner_proof, add_key_payload.expiration)?;
 			Self::register_signature(&new_key_owner_proof, add_key_payload.expiration)?;
@@ -1095,13 +1103,10 @@ impl<T: Config> Pallet<T> {
 		signature: &MultiSignature,
 		signer: &T::AccountId,
 		payload: Vec<u8>,
-	) -> DispatchResult {
+	) -> bool {
 		let key = T::ConvertIntoAccountId32::convert((*signer).clone());
-		let wrapped_payload = wrap_binary_data(payload);
 
-		ensure!(signature.verify(&wrapped_payload[..], &key), Error::<T>::InvalidSignature);
-
-		Ok(())
+		check_signature(signature, key, payload)
 	}
 
 	/// Add a provider to a delegator with the default permissions

pallets/msa/src/tests/creation_tests.rs

@@ -276,3 +276,45 @@ fn it_does_not_allow_duplicate_keys() {
 		assert_eq!(CurrentMsaIdentifierMaximum::<Test>::get(), 1);
 	});
 }
+
+#[test]
+fn verify_signature_with_wrapped_bytes() {
+	new_test_ext().execute_with(|| {
+		let provider_msa = 1;
+		let (key_pair_delegator, _) = sr25519::Pair::generate();
+
+		let expiration: BlockNumber = 10;
+
+		let add_provider_payload = AddProvider::new(provider_msa, None, expiration);
+		let encode_add_provider_data = wrap_binary_data(add_provider_payload.encode());
+
+		let signature: MultiSignature = key_pair_delegator.sign(&encode_add_provider_data).into();
+
+		assert!(Msa::verify_signature(
+			&signature,
+			&key_pair_delegator.public().into(),
+			add_provider_payload.encode()
+		));
+	});
+}
+
+#[test]
+fn verify_signature_without_wrapped_bytes() {
+	new_test_ext().execute_with(|| {
+		let provider_msa = 1;
+		let (key_pair_delegator, _) = sr25519::Pair::generate();
+
+		let expiration: BlockNumber = 10;
+
+		let add_provider_payload = AddProvider::new(provider_msa, None, expiration);
+
+		let signature: MultiSignature =
+			key_pair_delegator.sign(&add_provider_payload.encode()).into();
+
+		assert!(Msa::verify_signature(
+			&signature,
+			&key_pair_delegator.public().into(),
+			add_provider_payload.encode()
+		));
+	});
+}

pallets/passkey/src/benchmarking.rs

@@ -10,6 +10,7 @@ use crate::{
 	},
 	types::*,
 };
+use common_primitives::utils::wrap_binary_data;
 use frame_benchmarking::benchmarks;
 use frame_support::assert_ok;
 use sp_core::{crypto::KeyTypeId, Encode};

pallets/passkey/src/lib.rs

@@ -16,8 +16,7 @@
 	rustdoc::invalid_codeblock_attributes,
 	missing_docs
 )]
-use common_primitives::utils::wrap_binary_data;
-use common_runtime::extensions::check_nonce::CheckNonce;
+use common_runtime::{extensions::check_nonce::CheckNonce, signature::check_signature};
 use frame_support::{
 	dispatch::{DispatchInfo, GetDispatchInfo, PostDispatchInfo},
 	pallet_prelude::*,
@@ -27,7 +26,7 @@ use frame_system::pallet_prelude::*;
 use pallet_transaction_payment::OnChargeTransaction;
 use sp_runtime::{
 	generic::Era,
-	traits::{Convert, Dispatchable, SignedExtension, Verify, Zero},
+	traits::{Convert, Dispatchable, SignedExtension, Zero},
 	transaction_validity::{TransactionValidity, TransactionValidityError},
 	AccountId32, MultiSignature,
 };
@@ -315,14 +314,12 @@ impl<T: Config> PasskeySignatureCheck<T> {
 		signature: &MultiSignature,
 	) -> DispatchResult {
 		let key = T::ConvertIntoAccountId32::convert((*signer).clone());
-		let signed_payload: Vec<u8> = wrap_binary_data(signed_data.clone().into());
 
-		let verified = signature.verify(&signed_payload[..], &key);
-		if verified {
-			Ok(())
-		} else {
-			Err(Error::<T>::InvalidAccountSignature.into())
+		if !check_signature(signature, key, signed_data.clone()) {
+			return Err(Error::<T>::InvalidAccountSignature.into());
 		}
+
+		Ok(())
 	}
 }
 

pallets/passkey/src/tests.rs

@@ -1,6 +1,7 @@
 //! Unit tests for the passkey module.
 use super::*;
 use crate::mock::Passkey;
+use common_primitives::utils::wrap_binary_data;
 use frame_support::{assert_err, assert_noop, assert_ok, dispatch::RawOrigin};
 use frame_system::{limits::BlockLength, Call as SystemCall};
 use mock::*;

pallets/stateful-storage/Cargo.toml

@@ -27,9 +27,9 @@ sp-runtime = { workspace = true }
 sp-std = { workspace = true }
 # Frequency related dependencies
 common-primitives = { default-features = false, path = "../../common/primitives" }
+common-runtime = { path = "../../runtime/common", default-features = false }
 
 [dev-dependencies]
-common-runtime = { path = "../../runtime/common", default-features = false }
 env_logger = { workspace = true }
 pretty_assertions = { workspace = true }
 sp-keystore = { workspace = true }

pallets/stateful-storage/src/benchmarking.rs

@@ -4,6 +4,7 @@ use crate::{types::ItemAction, Pallet as StatefulStoragePallet};
 use common_primitives::{
 	schema::{ModelType, PayloadLocation},
 	stateful_storage::{PageHash, PageId},
+	utils::wrap_binary_data,
 };
 use frame_benchmarking::{benchmarks, whitelisted_caller};
 use frame_support::assert_ok;

pallets/stateful-storage/src/lib.rs

@@ -46,14 +46,13 @@ use common_primitives::{
 	msa::{
 		DelegatorId, MessageSourceId, MsaLookup, MsaValidator, ProviderId, SchemaGrantValidator,
 	},
-	node::Verify,
 	schema::{PayloadLocation, SchemaId, SchemaInfoResponse, SchemaProvider, SchemaSetting},
 	stateful_storage::{
 		ItemizedStoragePageResponse, ItemizedStorageResponse, PageHash, PageId,
 		PaginatedStorageResponse,
 	},
-	utils::wrap_binary_data,
 };
+
 use frame_support::{dispatch::DispatchResult, ensure, pallet_prelude::*, traits::Get};
 use frame_system::pallet_prelude::*;
 pub use pallet::*;
@@ -687,10 +686,12 @@ impl<T: Config> Pallet<T> {
 		signer: &T::AccountId,
 		payload: Vec<u8>,
 	) -> DispatchResult {
-		let key = T::ConvertIntoAccountId32::convert((*signer).clone());
-		let wrapped_payload = wrap_binary_data(payload);
+		let key = T::ConvertIntoAccountId32::convert(signer.clone());
 
-		ensure!(signature.verify(&wrapped_payload[..], &key), Error::<T>::InvalidSignature);
+		ensure!(
+			common_runtime::signature::check_signature(signature, key, payload),
+			Error::<T>::InvalidSignature
+		);
 
 		Ok(())
 	}

runtime/common/src/lib.rs

@@ -4,6 +4,7 @@ pub mod constants;
 pub mod extensions;
 pub mod fee;
 pub mod proxy;
+pub mod signature;
 pub mod weights;
 
 /// Macro to set a value (e.g. when using the `parameter_types` macro) to either a production value

runtime/common/src/signature.rs

@@ -0,0 +1,53 @@
+use common_primitives::utils::wrap_binary_data;
+use sp_runtime::{traits::Verify, AccountId32, MultiSignature};
+use sp_std::vec::Vec;
+
+pub fn check_signature(signature: &MultiSignature, signer: AccountId32, payload: Vec<u8>) -> bool {
+	let verify_signature = |payload: &[u8]| signature.verify(payload, &signer.clone().into());
+
+	if verify_signature(&payload) {
+		return true;
+	}
+
+	let wrapped_payload = wrap_binary_data(payload);
+	verify_signature(&wrapped_payload)
+}
+
+#[cfg(test)]
+use sp_core::{sr25519, Pair};
+
+#[test]
+fn test_verify_signature_with_wrapped_bytes() {
+	let (key_pair_delegator, _) = sr25519::Pair::generate();
+
+	let payload = b"test_payload".to_vec();
+	let encode_add_provider_data = wrap_binary_data(payload.clone());
+
+	let signature: MultiSignature = key_pair_delegator.sign(&encode_add_provider_data).into();
+
+	assert!(check_signature(&signature, key_pair_delegator.public().into(), payload.clone()));
+}
+
+#[test]
+fn test_verify_signature_without_wrapped_bytes() {
+	let (signer, _) = sr25519::Pair::generate();
+
+	let payload = b"test_payload".to_vec();
+
+	let signature: MultiSignature = signer.sign(&payload).into();
+
+	assert!(check_signature(&signature, signer.public().into(), payload));
+}
+
+#[test]
+fn test_check_signature_with_invalid_signature() {
+	let (signer, _) = sr25519::Pair::generate();
+
+	let payload = b"test_payload".to_vec();
+
+	let signature: MultiSignature = signer.sign(&payload).into();
+
+	let invalid_payload = b"invalid_payload".to_vec();
+
+	assert!(!check_signature(&signature, signer.public().into(), invalid_payload));
+}

runtime/frequency/src/lib.rs

@@ -377,7 +377,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
 	spec_name: create_runtime_str!("frequency"),
 	impl_name: create_runtime_str!("frequency"),
 	authoring_version: 1,
-	spec_version: 117,
+	spec_version: 118,
 	impl_version: 0,
 	apis: apis::RUNTIME_API_VERSIONS,
 	transaction_version: 1,
@@ -391,7 +391,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
 	spec_name: create_runtime_str!("frequency-testnet"),
 	impl_name: create_runtime_str!("frequency"),
 	authoring_version: 1,
-	spec_version: 117,
+	spec_version: 118,
 	impl_version: 0,
 	apis: apis::RUNTIME_API_VERSIONS,
 	transaction_version: 1,