mock signature verification

paritytech · Oct 31, 2022 · 20d9235 · 20d9235
1 parent 202e670
commit 20d9235
Show file tree

Hide file tree

Showing 8 changed files with 94 additions and 25 deletions.
diff --git a/bin/full-node/src/run/consensus_service.rs b/bin/full-node/src/run/consensus_service.rs
@@ -237,6 +237,7 @@ impl ConsensusService {
                             heap_pages,
                             exec_hint: executor::vm::ExecHint::CompileAheadOfTime, // TODO: probably should be decided by the optimisticsync
                             allow_unresolved_imports: false,
+                            mock_signature_verification_host_functions: false,
                         })
                         .unwrap()
                     },

diff --git a/src/chain_spec.rs b/src/chain_spec.rs
@@ -105,6 +105,7 @@ impl ChainSpec {
             heap_pages,
             exec_hint: executor::vm::ExecHint::Oneshot,
             allow_unresolved_imports: true,
+            mock_signature_verification_host_functions: false,
         })
         .map_err(FromGenesisStorageError::VmInitialization)?;
 

diff --git a/src/executor/host/host_vm.rs b/src/executor/host/host_vm.rs
@@ -656,10 +656,19 @@ impl ReadyToRun {
                         expect_pointer_constant_size!(2, 32),
                     );
                     if let Ok(public_key) = public_key {
-                        let signature =
-                            ed25519_zebra::Signature::from(expect_pointer_constant_size!(0, 64));
+                        let signature = expect_pointer_constant_size!(0, 64);
                         let message = expect_pointer_size!(1);
-                        public_key.verify(&signature, message.as_ref()).is_ok()
+
+                        if self.inner.mock_signature_verification_host_functions {
+                            is_magic_signature(signature.as_ref())
+                        } else {
+                            public_key
+                                .verify(
+                                    &ed25519_zebra::Signature::from(signature),
+                                    message.as_ref(),
+                                )
+                                .is_ok()
+                        }
                     } else {
                         false
                     }
@@ -684,13 +693,17 @@ impl ReadyToRun {
                     let signature = expect_pointer_constant_size!(0, 64);
                     let message = expect_pointer_size!(1);
 
-                    signing_public_key
-                        .verify_simple_preaudit_deprecated(
-                            b"substrate",
-                            message.as_ref(),
-                            &signature,
-                        )
-                        .is_ok()
+                    if self.inner.mock_signature_verification_host_functions {
+                        is_magic_signature(signature.as_ref())
+                    } else {
+                        signing_public_key
+                            .verify_simple_preaudit_deprecated(
+                                b"substrate",
+                                message.as_ref(),
+                                &signature,
+                            )
+                            .is_ok()
+                    }
                 };
 
                 HostVm::ReadyToRun(ReadyToRun {
@@ -705,13 +718,21 @@ impl ReadyToRun {
                     let signing_public_key =
                         schnorrkel::PublicKey::from_bytes(&expect_pointer_constant_size!(2, 32))
                             .unwrap();
-                    let signature =
-                        schnorrkel::Signature::from_bytes(&expect_pointer_constant_size!(0, 64))
-                            .unwrap();
+                    let signature = expect_pointer_constant_size!(0, 64);
 
-                    signing_public_key
-                        .verify_simple(b"substrate", expect_pointer_size!(1).as_ref(), &signature)
-                        .is_ok()
+                    if self.inner.mock_signature_verification_host_functions {
+                        is_magic_signature(signature.as_ref())
+                    } else {
+                        let signature = schnorrkel::Signature::from_bytes(&signature).unwrap();
+
+                        signing_public_key
+                            .verify_simple(
+                                b"substrate",
+                                expect_pointer_size!(1).as_ref(),
+                                &signature,
+                            )
+                            .is_ok()
+                    }
                 };
 
                 HostVm::ReadyToRun(ReadyToRun {
@@ -759,20 +780,25 @@ impl ReadyToRun {
 
                     // signature (64 bytes) + recovery ID (1 byte)
                     let sig_bytes = expect_pointer_constant_size!(0, 65);
-                    if let Ok(sig) = libsecp256k1::Signature::parse_standard_slice(&sig_bytes[..64])
-                    {
-                        if let Ok(ri) = libsecp256k1::RecoveryId::parse(sig_bytes[64]) {
-                            if let Ok(actual) = libsecp256k1::recover(&message, &sig, &ri) {
-                                expect_pointer_constant_size!(2, 33)[..]
-                                    == actual.serialize_compressed()[..]
+                    if self.inner.mock_signature_verification_host_functions {
+                        is_magic_signature(sig_bytes.as_ref())
+                    } else {
+                        if let Ok(sig) =
+                            libsecp256k1::Signature::parse_standard_slice(&sig_bytes[..64])
+                        {
+                            if let Ok(ri) = libsecp256k1::RecoveryId::parse(sig_bytes[64]) {
+                                if let Ok(actual) = libsecp256k1::recover(&message, &sig, &ri) {
+                                    expect_pointer_constant_size!(2, 33)[..]
+                                        == actual.serialize_compressed()[..]
+                                } else {
+                                    false
+                                }
                             } else {
                                 false
                             }
                         } else {
                             false
                         }
-                    } else {
-                        false
                     }
                 };
 
@@ -2113,6 +2139,8 @@ pub struct Inner {
 
     /// Memory allocator in order to answer the calls to `malloc` and `free`.
     pub(crate) allocator: allocator::FreeingBumpHeapAllocator,
+
+    pub(crate) mock_signature_verification_host_functions: bool,
 }
 
 impl Inner {
@@ -2278,6 +2306,8 @@ impl Inner {
             heap_pages: self.heap_pages,
             allow_unresolved_imports: self.allow_unresolved_imports,
             memory_total_pages: self.memory_total_pages,
+            mock_signature_verification_host_functions: self
+                .mock_signature_verification_host_functions,
         }
     }
 }
@@ -2551,13 +2581,31 @@ impl<'a> allocator::Memory for MemAccess<'a> {
     }
 }
 
+fn is_magic_signature(signature: &[u8]) -> bool {
+    signature.starts_with(&[0xde, 0xad, 0xbe, 0xef]) && signature[4..].iter().all(|&b| b == 0xcd)
+}
+
 #[cfg(test)]
 mod tests {
-    use super::HostVm;
+    use super::{is_magic_signature, HostVm};
 
     #[test]
     fn is_send() {
         fn req<T: Send>() {}
         req::<HostVm>();
     }
+
+    #[test]
+    fn is_magic_signature_works() {
+        assert!(is_magic_signature(&[0xde, 0xad, 0xbe, 0xef, 0xcd, 0xcd]));
+        assert!(is_magic_signature(&[
+            0xde, 0xad, 0xbe, 0xef, 0xcd, 0xcd, 0xcd, 0xcd
+        ]));
+        assert!(!is_magic_signature(&[
+            0xde, 0xad, 0xbe, 0xef, 0xcd, 0xcd, 0xcd, 0x00
+        ]));
+        assert!(!is_magic_signature(&[
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        ]));
+    }
 }
diff --git a/src/executor/host/mod.rs b/src/executor/host/mod.rs
@@ -228,6 +228,12 @@ pub struct Config<TModule> {
     /// a [`Error::UnresolvedFunctionCalled`] error will be generated if the module tries to call
     /// an unresolved function.
     pub allow_unresolved_imports: bool,
+
+    /// Replace the signature verification related host functions with a mock implementation.
+    /// The mock implementation will return true IF the signature is true OR the signature is
+    /// magic value `0xdeadbeef` follow by `0xcd` filling the rest of bytes.
+    /// NOTE: This should only enabled for testing purposes.
+    pub mock_signature_verification_host_functions: bool,
 }
 
 /// Prototype for an [`HostVm`].
@@ -269,6 +275,12 @@ pub struct HostVmPrototype {
     /// Total number of pages of Wasm memory. This is equal to `heap_base / 64k` (rounded up) plus
     /// `heap_pages`.
     memory_total_pages: HeapPages,
+
+    /// Replace the signature verification related host functions with a mock implementation.
+    /// The mock implementation will return true IF the signature is true OR the signature is
+    /// magic value `0xdeadbeef` follow by `0xcd`.
+    /// NOTE: This should only enabled for testing purposes.
+    mock_signature_verification_host_functions: bool,
 }
 
 impl HostVmPrototype {
@@ -353,6 +365,7 @@ impl HostVmPrototype {
             heap_pages,
             allow_unresolved_imports,
             memory_total_pages,
+            mock_signature_verification_host_functions: false,
         };
 
         // Call `Core_version` if no runtime version is known yet.
@@ -484,6 +497,8 @@ impl HostVmPrototype {
                 registered_functions: self.registered_functions,
                 storage_transaction_depth: 0,
                 allocator,
+                mock_signature_verification_host_functions: self
+                    .mock_signature_verification_host_functions,
             },
         })
     }

diff --git a/src/executor/read_only_runtime_host.rs b/src/executor/read_only_runtime_host.rs
@@ -304,6 +304,7 @@ impl Inner {
                         heap_pages: executor::DEFAULT_HEAP_PAGES,
                         exec_hint: vm::ExecHint::Oneshot,
                         allow_unresolved_imports: false, // TODO: what is a correct value here?
+                        mock_signature_verification_host_functions: false,
                     }) {
                         Ok(w) => w,
                         Err(_) => {

diff --git a/src/executor/runtime_host.rs b/src/executor/runtime_host.rs
@@ -668,6 +668,7 @@ impl Inner {
                         heap_pages: executor::DEFAULT_HEAP_PAGES,
                         exec_hint: vm::ExecHint::Oneshot,
                         allow_unresolved_imports: false, // TODO: what is a correct value here?
+                        mock_signature_verification_host_functions: false,
                     }) {
                         Ok(w) => w,
                         Err(_) => {

diff --git a/src/sync/warp_sync.rs b/src/sync/warp_sync.rs
@@ -1105,6 +1105,7 @@ impl<TSrc, TRq> BuildRuntime<TSrc, TRq> {
                 heap_pages: decoded_heap_pages,
                 exec_hint,
                 allow_unresolved_imports,
+                mock_signature_verification_host_functions: false,
             }) {
                 Ok(runtime) => runtime,
                 Err(err) => {

diff --git a/src/verify/header_body.rs b/src/verify/header_body.rs
@@ -675,6 +675,7 @@ impl RuntimeCompilation {
             heap_pages: self.heap_pages,
             exec_hint: vm::ExecHint::CompileAheadOfTime,
             allow_unresolved_imports: false,
+            mock_signature_verification_host_functions: false,
         }) {
             Ok(vm) => vm,
             Err(err) => {