Enable signature verification in background task

.gitlab-ci.yml

@@ -406,6 +406,22 @@ test-frame-examples-compile-to-wasm:
     - cargo +nightly build --target=wasm32-unknown-unknown --no-default-features
     - sccache -s
 
+test-frame-executive-features-compile-to-wasm:
+  # into one job
+  stage:                           test
+  <<:                              *docker-env
+  <<:                              *test-refs
+  variables:
+    <<:                            *default-vars
+    # Enable debug assertions since we are running optimized builds for testing
+    # but still want to have debug assertions.
+    RUSTFLAGS:                     "-Cdebug-assertions=y"
+    RUST_BACKTRACE: 1
+  script:
+    - cd ./frame/executive
+    - cargo +nightly build --target=wasm32-unknown-unknown --no-default-features --features background-signature-verification
+    - sccache -s
+
 test-linux-stable-int:
   <<:                              *test-linux
   stage:                           test

frame/executive/Cargo.toml

@@ -36,7 +36,9 @@ sp-inherents = { version = "4.0.0-dev", path = "../../primitives/inherents" }
 
 [features]
 default = ["std"]
-with-tracing = ["sp-tracing/with-tracing"]
+
+# Enable signature verification in background task
+background-signature-verification = []
 std = [
 	"codec/std",
 	"scale-info/std",
@@ -48,3 +50,4 @@ std = [
 	"sp-std/std",
 ]
 try-runtime = ["frame-support/try-runtime"]
+with-tracing = ["sp-tracing/with-tracing"]

frame/executive/src/lib.rs

@@ -125,18 +125,22 @@ use frame_support::{
 	},
 	weights::{DispatchClass, DispatchInfo, GetDispatchInfo},
 };
+#[cfg(not(feature = "background-signature-verification"))]
+use sp_runtime::traits::Checkable;
+#[cfg(feature = "background-signature-verification")]
+use sp_runtime::traits::{BackgroundCheckable as Checkable, Checkable as _};
 use sp_runtime::{
 	generic::Digest,
 	traits::{
-		self, Applyable, CheckEqual, Checkable, Dispatchable, Header, NumberFor, One, Saturating,
+		self, Applyable, CheckEqual, Dispatchable, Header, NumberFor, One, Saturating,
 		ValidateUnsigned, Zero,
 	},
 	transaction_validity::{TransactionSource, TransactionValidity},
 	ApplyExtrinsicResult,
 };
 use sp_std::{marker::PhantomData, prelude::*};
 
-pub type CheckedOf<E, C> = <E as Checkable<C>>::Checked;
+pub type CheckedOf<E, C> = <E as sp_runtime::traits::Checkable<C>>::Checked;
 pub type CallOf<E, C> = <CheckedOf<E, C> as Applyable>::Call;
 pub type OriginOf<E, C> = <CallOf<E, C> as Dispatchable>::Origin;
 
@@ -235,9 +239,19 @@ where
 		Self::initialize_block(block.header());
 		Self::initial_checks(&block);
 
+		#[cfg(feature = "background-signature-verification")]
+		let signature_batching = sp_runtime::SignatureBatching::start();
+
 		let (header, extrinsics) = block.deconstruct();
+		let checked_extrinsics = check_extrinsics(extrinsics);
+
+		Self::execute_checked_extrinsics_with_book_keeping(checked_extrinsics, *header.number());
 
-		Self::execute_extrinsics_with_book_keeping(extrinsics, *header.number());
+		#[cfg(feature = "background-signature-verification")]
+		// ensure that all background checks have been completed successfully.
+		if !signature_batching.verify() {
+			panic!("Signature verification failed.");
+		}
 
 		// do some of the checks that would normally happen in `final_checks`, but definitely skip
 		// the state root check.
@@ -351,6 +365,33 @@ where
 		}
 	}
 
+	fn check_extrinsics(
+		extrinsics: Vec<Block::Extrinsic>,
+	) -> Vec<(CheckedOf<Block::Extrinsic, Context>, Vec<u8>)> {
+		extrinsics
+			.into_iter()
+			.map(|extrinsic| {
+				let encoded = extrinsic.encode();
+				#[cfg(feature = "background-signature-verification")]
+				match extrinsic.background_check(&Default::default()) {
+					Ok(checked_extrinsic) => (checked_extrinsic, encoded),
+					Err(e) => {
+						let err: &'static str = e.into();
+						panic!("{}", err)
+					},
+				}
+				#[cfg(not(feature = "background-signature-verification"))]
+				match extrinsic.check(&Default::default()) {
+					Ok(checked_extrinsic) => (checked_extrinsic, encoded),
+					Err(e) => {
+						let err: &'static str = e.into();
+						panic!("{}", err)
+					},
+				}
+			})
+			.collect()
+	}
+
 	/// Actually execute all transitions for `block`.
 	pub fn execute_block(block: Block) {
 		sp_io::init_tracing();
@@ -362,12 +403,18 @@ where
 			// any initial checks
 			Self::initial_checks(&block);
 
+			#[cfg(feature = "background-signature-verification")]
 			let signature_batching = sp_runtime::SignatureBatching::start();
 
-			// execute extrinsics
+			// check extrinsics in background
 			let (header, extrinsics) = block.deconstruct();
-			Self::execute_extrinsics_with_book_keeping(extrinsics, *header.number());
+			let checked_extrinsics = Self::check_extrinsics(extrinsics);
+
+			// execute extrinsics
+			Self::execute_checked_extrinsics_with_book_keeping(checked_extrinsics, *header.number());
 
+			#[cfg(feature = "background-signature-verification")]
+			// ensure that all background checks have been completed successfully.
 			if !signature_batching.verify() {
 				panic!("Signature verification failed.");
 			}
@@ -377,17 +424,21 @@ where
 		}
 	}
 
-	/// Execute given extrinsics and take care of post-extrinsics book-keeping.
-	fn execute_extrinsics_with_book_keeping(
-		extrinsics: Vec<Block::Extrinsic>,
+	/// Execute given checked extrinsics and take care of post-extrinsics book-keeping.
+	fn execute_checked_extrinsics_with_book_keeping(
+		checked_extrinsics: Vec<(CheckedOf<Block::Extrinsic, Context>, Vec<u8>)>,
 		block_number: NumberFor<Block>,
 	) {
-		extrinsics.into_iter().for_each(|e| {
-			if let Err(e) = Self::apply_extrinsic(e) {
-				let err: &'static str = e.into();
-				panic!("{}", err)
-			}
-		});
+		checked_extrinsics.into_iter().for_each(
+			|(checked_extrinsic, unchecked_extrinsic_encoded)| {
+				if let Err(e) =
+					Self::apply_extrinsic_with_len(checked_extrinsic, unchecked_extrinsic_encoded)
+				{
+					let err: &'static str = e.into();
+					panic!("{}", err)
+				}
+			},
+		);
 
 		// post-extrinsics book-keeping
 		<frame_system::Pallet<System>>::note_finished_extrinsics();
@@ -431,34 +482,37 @@ where
 	///
 	/// This doesn't attempt to validate anything regarding the block, but it builds a list of uxt
 	/// hashes.
-	pub fn apply_extrinsic(uxt: Block::Extrinsic) -> ApplyExtrinsicResult {
+	pub fn apply_extrinsic(unchecked_extrinsic: Block::Extrinsic) -> ApplyExtrinsicResult {
 		sp_io::init_tracing();
-		let encoded = uxt.encode();
-		let encoded_len = encoded.len();
-		Self::apply_extrinsic_with_len(uxt, encoded_len, encoded)
+		let unchecked_extrinsic_encoded = unchecked_extrinsic.encode();
+
+		// Verify that the signature is good.
+		let checked_extrinsic = unchecked_extrinsic.check(&Default::default())?;
+
+		Self::apply_extrinsic_with_len(checked_extrinsic, unchecked_extrinsic_encoded)
 	}
 
 	/// Actually apply an extrinsic given its `encoded_len`; this doesn't note its hash.
 	fn apply_extrinsic_with_len(
-		uxt: Block::Extrinsic,
-		encoded_len: usize,
-		to_note: Vec<u8>,
+		checked_extrinsic: CheckedOf<Block::Extrinsic, Context>,
+		unchecked_extrinsic_encoded: Vec<u8>,
 	) -> ApplyExtrinsicResult {
 		sp_tracing::enter_span!(sp_tracing::info_span!("apply_extrinsic",
-				ext=?sp_core::hexdisplay::HexDisplay::from(&uxt.encode())));
-		// Verify that the signature is good.
-		let xt = uxt.check(&Default::default())?;
+				ext=?sp_core::hexdisplay::HexDisplay::from(&unchecked_extrinsic_encoded)));
+
+		let encoded_len = unchecked_extrinsic_encoded.len();
 
 		// We don't need to make sure to `note_extrinsic` only after we know it's going to be
 		// executed to prevent it from leaking in storage since at this point, it will either
 		// execute or panic (and revert storage changes).
-		<frame_system::Pallet<System>>::note_extrinsic(to_note);
+		<frame_system::Pallet<System>>::note_extrinsic(unchecked_extrinsic_encoded);
 
 		// AUDIT: Under no circumstances may this function panic from here onwards.
 
 		// Decode parameters and dispatch
-		let dispatch_info = xt.get_dispatch_info();
-		let r = Applyable::apply::<UnsignedValidator>(xt, &dispatch_info, encoded_len)?;
+		let dispatch_info = checked_extrinsic.get_dispatch_info();
+		let r =
+			Applyable::apply::<UnsignedValidator>(checked_extrinsic, &dispatch_info, encoded_len)?;
 
 		<frame_system::Pallet<System>>::note_applied_extrinsic(&r, dispatch_info);
 

primitives/runtime/src/generic/unchecked_extrinsic.rs

@@ -20,8 +20,8 @@
 use crate::{
 	generic::CheckedExtrinsic,
 	traits::{
-		self, Checkable, Extrinsic, ExtrinsicMetadata, IdentifyAccount, MaybeDisplay, Member,
-		SignedExtension,
+		self, BackgroundCheckable, Checkable, Extrinsic, ExtrinsicMetadata, IdentifyAccount,
+		MaybeDisplay, Member, SignedExtension,
 	},
 	transaction_validity::{InvalidTransaction, TransactionValidityError},
 	OpaqueExtrinsic,
@@ -163,6 +163,36 @@ where
 	}
 }
 
+impl<Address, AccountId, Call, Signature, Extra, Lookup> BackgroundCheckable<Lookup>
+	for UncheckedExtrinsic<Address, Call, Signature, Extra>
+where
+	Address: Member + MaybeDisplay,
+	Call: Encode + Member,
+	Signature: Member + traits::BackgroundVerify,
+	<Signature as traits::Verify>::Signer: IdentifyAccount<AccountId = AccountId>,
+	Extra: SignedExtension<AccountId = AccountId>,
+	AccountId: Member + MaybeDisplay,
+	Lookup: traits::Lookup<Source = Address, Target = AccountId>,
+{
+	fn background_check(self, lookup: &Lookup) -> Result<Self::Checked, TransactionValidityError> {
+		Ok(match self.signature {
+			Some((signed, signature, extra)) => {
+				let signed = lookup.lookup(signed)?;
+				let raw_payload = SignedPayload::new(self.function, extra)?;
+				if !raw_payload
+					.using_encoded(|payload| signature.background_verify(payload, &signed))
+				{
+					return Err(InvalidTransaction::BadProof.into())
+				}
+
+				let (function, extra, _) = raw_payload.deconstruct();
+				CheckedExtrinsic { signed: Some((signed, extra)), function }
+			},
+			None => CheckedExtrinsic { signed: None, function: self.function },
+		})
+	}
+}
+
 impl<Address, Call, Signature, Extra> ExtrinsicMetadata
 	for UncheckedExtrinsic<Address, Call, Signature, Extra>
 where

primitives/runtime/src/lib.rs

@@ -418,6 +418,36 @@ impl Verify for MultiSignature {
 	}
 }
 
+impl crate::traits::BackgroundVerify for MultiSignature {
+	fn background_verify<L: Lazy<[u8]>>(&self, mut msg: L, signer: &AccountId32) -> bool {
+		match (self, signer) {
+			(Self::Ed25519(ref sig), who) =>
+				if let Ok(pubkey) = ed25519::Public::from_slice(who.as_ref()) {
+					sig.background_verify(msg, &pubkey)
+				} else {
+					false
+				},
+			(Self::Sr25519(ref sig), who) =>
+				if let Ok(pubkey) = sr25519::Public::from_slice(who.as_ref()) {
+					sig.background_verify(msg, &pubkey)
+				} else {
+					false
+				},
+			(Self::Ecdsa(ref sig), who) => {
+				// Unfortunatly, ecdsa signature can't be verified in a background task
+				// because we don't known the public key.
+				let m = sp_io::hashing::blake2_256(msg.get());
+				match sp_io::crypto::secp256k1_ecdsa_recover_compressed(sig.as_ref(), &m) {
+					Ok(pubkey) =>
+						&sp_io::hashing::blake2_256(pubkey.as_ref()) ==
+							<dyn AsRef<[u8; 32]>>::as_ref(who),
+					_ => false,
+				}
+			},
+		}
+	}
+}
+
 /// Signature verify that can work with any known signature types..
 #[derive(Eq, PartialEq, Clone, Default, Encode, Decode, RuntimeDebug)]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]

primitives/runtime/src/traits.rs

@@ -164,6 +164,57 @@ where
 	}
 }
 
+/// A signature that supports background verification.
+pub trait BackgroundVerify: Verify {
+	/// Register a signature for background verification.
+	///
+	/// This requires that background verification is enabled by doing XYZ.
+	///
+	/// Returns `true` when the signature was successfully registered for background verification
+	/// or if background verification is not enabled the signature could be verified successfully
+	/// immediately.
+	///
+	/// # Warning
+	///
+	/// This requires that the background verification is finished by calling finalize_verify to
+	/// check the result of all submitted signature verifications.
+	fn background_verify<L: Lazy<[u8]>>(
+		&self,
+		msg: L,
+		signer: &<Self::Signer as IdentifyAccount>::AccountId,
+	) -> bool;
+}
+
+impl BackgroundVerify for sp_core::ed25519::Signature {
+	fn background_verify<L: Lazy<[u8]>>(
+		&self,
+		mut msg: L,
+		signer: &<Self::Signer as IdentifyAccount>::AccountId,
+	) -> bool {
+		sp_io::crypto::ed25519_batch_verify(self, msg.get(), signer)
+	}
+}
+
+impl BackgroundVerify for sp_core::sr25519::Signature {
+	fn background_verify<L: Lazy<[u8]>>(
+		&self,
+		mut msg: L,
+		signer: &<Self::Signer as IdentifyAccount>::AccountId,
+	) -> bool {
+		sp_io::crypto::sr25519_batch_verify(self, msg.get(), signer)
+	}
+}
+
+impl BackgroundVerify for sp_core::ecdsa::Signature {
+	fn background_verify<L: Lazy<[u8]>>(
+		&self,
+		mut msg: L,
+		signer: &<Self::Signer as IdentifyAccount>::AccountId,
+	) -> bool {
+		sp_io::crypto::ecdsa_batch_verify(self, msg.get(), signer)
+	}
+}
+
 /// An error type that indicates that the origin is invalid.
 #[derive(Encode, Decode, RuntimeDebug)]
 pub struct BadOrigin;
@@ -769,6 +820,18 @@ pub trait Checkable<Context>: Sized {
 	fn check(self, c: &Context) -> Result<Self::Checked, TransactionValidityError>;
 }
 
+/// A piece of information "checkable" in a background task, used by the standard Substrate
+/// Executive in order to check the validity of a piece of extrinsic information, usually by
+/// verifying the signature. Implement for pieces of information that require some additional
+/// context `Context` in order to be checked.
+pub trait BackgroundCheckable<Context>: Checkable<Context> {
+	/// Check self in a background tas, given an instance of Context.
+	fn background_check(
+		self,
+		c: &Context,
+	) -> Result<<Self as Checkable<Context>>::Checked, TransactionValidityError>;
+}
+
 /// A "checkable" piece of information, used by the standard Substrate Executive in order to
 /// check the validity of a piece of extrinsic information, usually by verifying the signature.
 /// Implement for pieces of information that don't require additional context in order to be