refactor: dip

crates/kilt-dip-support/Cargo.toml

@@ -14,6 +14,7 @@ version.workspace = true
 # External dependencies
 hash-db.workspace = true
 log.workspace = true
+cfg-if = "1.0"
 
 # Internal dependencies
 did.workspace = true

crates/kilt-dip-support/src/did.rs

@@ -26,7 +26,7 @@ use parity_scale_codec::{Decode, Encode};
 use scale_info::TypeInfo;
 use sp_core::RuntimeDebug;
 use sp_runtime::traits::CheckedSub;
-use sp_std::{marker::PhantomData, vec::Vec};
+use sp_std::vec::Vec;
 
 use crate::{
 	merkle::RevealedDidKey,
@@ -86,7 +86,7 @@ impl From<RevealedDidKeysSignatureAndCallVerifierError> for u8 {
 	}
 }
 
-/// Proof verifier that tries to verify a DID signature over a given payload by
+/// Function that tries to verify a DID signature over a given payload by
 /// using one of the DID keys revealed in the Merkle proof. This verifier is
 /// typically used in conjunction with a verifier that takes a user-provided
 /// input Merkle proof, verifies it, and transforms it into a struct that this
@@ -110,7 +110,7 @@ impl From<RevealedDidKeysSignatureAndCallVerifierError> for u8 {
 /// * `RemoteBlockNumber`: Definition of a block number on the provider chain.
 /// * `CallVerifier`: A type specifying whether the provided `Call` can be
 ///   dispatched with the information provided in the DIP proof.
-pub(crate) struct RevealedDidKeysSignatureAndCallVerifier<
+pub(crate) fn verify_did_signature_for_call<
 	Call,
 	Submitter,
 	DidLocalDetails,
@@ -121,42 +121,15 @@ pub(crate) struct RevealedDidKeysSignatureAndCallVerifier<
 	RemoteBlockNumber,
 	CallVerifier,
 >(
-	#[allow(clippy::type_complexity)]
-	PhantomData<(
-		Call,
-		Submitter,
-		DidLocalDetails,
-		MerkleProofEntries,
-		ContextProvider,
-		RemoteKeyId,
-		RemoteAccountId,
-		RemoteBlockNumber,
-		CallVerifier,
-	)>,
-);
-
-impl<
-		Call,
-		Submitter,
-		DidLocalDetails,
-		MerkleProofEntries,
-		ContextProvider,
-		RemoteKeyId,
-		RemoteAccountId,
-		RemoteBlockNumber,
-		CallVerifier,
-	>
-	RevealedDidKeysSignatureAndCallVerifier<
-		Call,
-		Submitter,
-		DidLocalDetails,
-		MerkleProofEntries,
-		ContextProvider,
-		RemoteKeyId,
-		RemoteAccountId,
-		RemoteBlockNumber,
-		CallVerifier,
-	> where
+	call: &Call,
+	submitter: &Submitter,
+	local_details: &mut Option<DidLocalDetails>,
+	merkle_revealed_did_signature: RevealedDidKeysAndSignature<MerkleProofEntries, ContextProvider::BlockNumber>,
+) -> Result<
+	(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship),
+	RevealedDidKeysSignatureAndCallVerifierError,
+>
+where
 	Call: Encode,
 	Submitter: Encode,
 	ContextProvider: DidSignatureVerifierContext,
@@ -169,144 +142,82 @@ impl<
 	CallVerifier:
 		DipCallOriginFilter<Call, OriginInfo = (DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship)>,
 {
-	#[cfg(not(feature = "runtime-benchmarks"))]
-	pub(crate) fn verify_did_signature_for_call(
-		call: &Call,
-		submitter: &Submitter,
-		local_details: &mut Option<DidLocalDetails>,
-		merkle_revealed_did_signature: RevealedDidKeysAndSignature<MerkleProofEntries, ContextProvider::BlockNumber>,
-	) -> Result<
-		(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship),
-		RevealedDidKeysSignatureAndCallVerifierError,
-	> {
-		use frame_support::ensure;
-
-		let block_number = ContextProvider::current_block_number();
-		let is_signature_fresh = if let Some(blocks_ago_from_now) =
-			block_number.checked_sub(&merkle_revealed_did_signature.did_signature.block_number)
-		{
-			// False if the signature is too old.
-			blocks_ago_from_now <= ContextProvider::SIGNATURE_VALIDITY.into()
+	cfg_if::cfg_if! {
+		if #[cfg(feature = "runtime-benchmarks")] {
+			{}
 		} else {
-			// Signature generated at a future time, not possible to verify.
-			false
-		};
-		ensure!(
-			is_signature_fresh,
-			RevealedDidKeysSignatureAndCallVerifierError::SignatureNotFresh,
-		);
-		let encoded_payload = (
-			call,
-			&local_details,
-			submitter,
-			&merkle_revealed_did_signature.did_signature.block_number,
-			ContextProvider::genesis_hash(),
-			ContextProvider::signed_extra(),
-		)
-			.encode();
-		// Only consider verification keys from the set of revealed keys.
-		let proof_verification_keys: Vec<(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship)> = merkle_revealed_did_signature.merkle_leaves.borrow().iter().filter_map(|RevealedDidKey {
+			let block_number = ContextProvider::current_block_number();
+			let is_signature_fresh = if let Some(blocks_ago_from_now) =
+				block_number.checked_sub(&merkle_revealed_did_signature.did_signature.block_number)
+			{
+				// False if the signature is too old.
+				blocks_ago_from_now <= ContextProvider::SIGNATURE_VALIDITY.into()
+			} else {
+				// Signature generated at a future time, not possible to verify.
+				false
+			};
+			frame_support::ensure!(
+				is_signature_fresh,
+				RevealedDidKeysSignatureAndCallVerifierError::SignatureNotFresh,
+			);
+		}
+	}
+	let encoded_payload = (
+		call,
+		&local_details,
+		submitter,
+		&merkle_revealed_did_signature.did_signature.block_number,
+		ContextProvider::genesis_hash(),
+		ContextProvider::signed_extra(),
+	)
+		.encode();
+	// Only consider verification keys from the set of revealed keys.
+	let proof_verification_keys: Vec<(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship)> = merkle_revealed_did_signature.merkle_leaves.borrow().iter().filter_map(|RevealedDidKey {
 			relationship, details: DidPublicKeyDetails { key, .. }, .. } | {
 				let DidPublicKey::PublicVerificationKey(key) = key else { return None };
 				if let Ok(vr) = DidVerificationKeyRelationship::try_from(*relationship) {
 					// TODO: Fix this logic to avoid cloning
 					Some(Ok((key.clone(), vr)))
 				} else {
-					log::error!("Should never fail to build a VerificationRelationship from the given DidKeyRelationship because we have already made sure the conditions hold.");
-					Some(Err(RevealedDidKeysSignatureAndCallVerifierError::Internal))
+					cfg_if::cfg_if! {
+						if #[cfg(feature = "runtime-benchmarks")] {
+							None
+						} else {
+							log::error!("Should never fail to build a VerificationRelationship from the given DidKeyRelationship because we have already made sure the conditions hold.");
+							Some(Err(RevealedDidKeysSignatureAndCallVerifierError::Internal))
+						}
+					}
 				}
 			}).collect::<Result<_, _>>()?;
-		let valid_signing_key = proof_verification_keys.iter().find(|(verification_key, _)| {
-			verification_key
-				.verify_signature(&encoded_payload, &merkle_revealed_did_signature.did_signature.signature)
-				.is_ok()
-		});
-		let Some((key, relationship)) = valid_signing_key else {
-			return Err(RevealedDidKeysSignatureAndCallVerifierError::SignatureUnverifiable);
-		};
-		if let Some(details) = local_details {
-			details.bump();
+	let valid_signing_key = proof_verification_keys.iter().find(|(verification_key, _)| {
+		verification_key
+			.verify_signature(&encoded_payload, &merkle_revealed_did_signature.did_signature.signature)
+			.is_ok()
+	});
+	cfg_if::cfg_if! {
+		if #[cfg(feature = "runtime-benchmarks")] {
+			let default = (
+				DidVerificationKey::Ed25519(sp_core::ed25519::Public::from_raw([0u8; 32])),
+				DidVerificationKeyRelationship::Authentication,
+			);
+			let (key, relationship) = valid_signing_key.unwrap_or(&default);
 		} else {
-			*local_details = Some(DidLocalDetails::default());
-		};
-		CallVerifier::check_call_origin_info(call, &(key.clone(), *relationship))
-			.map_err(|_| RevealedDidKeysSignatureAndCallVerifierError::OriginCheckFailed)?;
-		Ok((key.clone(), *relationship))
+			let (key, relationship) = valid_signing_key.ok_or(RevealedDidKeysSignatureAndCallVerifierError::SignatureUnverifiable)?;
+		}
 	}
 
-	#[cfg(feature = "runtime-benchmarks")]
-	#[allow(clippy::result_unit_err)]
-	pub(crate) fn verify_did_signature_for_call(
-		call: &Call,
-		submitter: &Submitter,
-		local_details: &mut Option<DidLocalDetails>,
-		merkle_revealed_did_signature: RevealedDidKeysAndSignature<MerkleProofEntries, ContextProvider::BlockNumber>,
-	) -> Result<
-		(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship),
-		RevealedDidKeysSignatureAndCallVerifierError,
-	> {
-		use sp_core::ed25519;
-
-		let block_number = ContextProvider::current_block_number();
-		// Computed but ignored
-		if let Some(blocks_ago_from_now) =
-			block_number.checked_sub(&merkle_revealed_did_signature.did_signature.block_number)
-		{
-			// False if the signature is too old.
-			blocks_ago_from_now <= ContextProvider::SIGNATURE_VALIDITY.into()
+	if let Some(details) = local_details {
+		details.bump();
+	} else {
+		*local_details = Some(DidLocalDetails::default());
+	};
+	let res = CallVerifier::check_call_origin_info(call, &(key.clone(), *relationship));
+	cfg_if::cfg_if! {
+		if #[cfg(feature = "runtime-benchmarks")] {
+			drop(res);
 		} else {
-			// Signature generated at a future time, not possible to verify.
-			false
-		};
-		let encoded_payload = (
-			call,
-			&local_details,
-			submitter,
-			&merkle_revealed_did_signature.did_signature.block_number,
-			ContextProvider::genesis_hash(),
-			ContextProvider::signed_extra(),
-		)
-			.encode();
-		// Only consider verification keys from the set of revealed keys.
-		let proof_verification_keys: Vec<(DidVerificationKey<RemoteAccountId>, DidVerificationKeyRelationship)> =
-			merkle_revealed_did_signature
-				.merkle_leaves
-				.borrow()
-				.iter()
-				.filter_map(
-					|RevealedDidKey {
-					     relationship,
-					     details: DidPublicKeyDetails { key, .. },
-					     ..
-					 }| {
-						let DidPublicKey::PublicVerificationKey(key) = key else {
-							return None;
-						};
-						if let Ok(vr) = DidVerificationKeyRelationship::try_from(*relationship) {
-							Some(Ok((key.clone(), vr)))
-						} else {
-							None
-						}
-					},
-				)
-				.collect::<Result<_, _>>()?;
-		let valid_signing_key = proof_verification_keys.iter().find(|(verification_key, _)| {
-			verification_key
-				.verify_signature(&encoded_payload, &merkle_revealed_did_signature.did_signature.signature)
-				.is_ok()
-		});
-		let default = (
-			DidVerificationKey::Ed25519(ed25519::Public::from_raw([0u8; 32])),
-			DidVerificationKeyRelationship::Authentication,
-		);
-		let (key, relationship) = valid_signing_key.unwrap_or(&default);
-		if let Some(details) = local_details {
-			details.bump();
-		} else {
-			*local_details = Some(DidLocalDetails::default());
-		};
-		// Ignore the result of this call
-		let _ = CallVerifier::check_call_origin_info(call, &(key.clone(), *relationship));
-		Ok((key.clone(), *relationship))
+			res.map_err(|_| RevealedDidKeysSignatureAndCallVerifierError::OriginCheckFailed)?;
+		}
 	}
+	Ok((key.clone(), *relationship))
 }

crates/kilt-dip-support/src/export/child.rs

@@ -494,12 +494,11 @@ pub mod v0 {
 
 	use crate::{
 		did::{
-			RevealedDidKeysAndSignature, RevealedDidKeysSignatureAndCallVerifier,
-			RevealedDidKeysSignatureAndCallVerifierError,
+			verify_did_signature_for_call, RevealedDidKeysAndSignature, RevealedDidKeysSignatureAndCallVerifierError,
 		},
 		export::common::v0::{DipMerkleProofAndDidSignature, ParachainRootStateProof},
 		merkle::{
-			DidMerkleProofVerifier, DidMerkleProofVerifierError, RevealedDidMerkleProofLeaf,
+			verify_dip_merkle_proof, DidMerkleProofVerifierError, RevealedDidMerkleProofLeaf,
 			RevealedDidMerkleProofLeaves,
 		},
 		state_proofs::{
@@ -776,7 +775,7 @@ pub mod v0 {
 				.map_err(DipChildProviderStateProofVerifierError::IdentityCommitmentMerkleProof)?;
 
 			// 4. Verify DIP merkle proof.
-			let proof_leaves = DidMerkleProofVerifier::<
+			let proof_leaves = verify_dip_merkle_proof::<
 				ProviderDipMerkleHasher,
 				_,
 				_,
@@ -785,30 +784,20 @@ pub mod v0 {
 				_,
 				MAX_REVEALED_KEYS_COUNT,
 				MAX_REVEALED_ACCOUNTS_COUNT,
-			>::verify_dip_merkle_proof(&subject_identity_commitment, proof.did.leaves)
+			>(&subject_identity_commitment, proof.did.leaves)
 			.map_err(DipChildProviderStateProofVerifierError::DipProof)?;
 
 			// 5. Verify DID signature.
-			RevealedDidKeysSignatureAndCallVerifier::<
-					_,
-					_,
-					_,
-					_,
-					LocalContextProvider,
-					_,
-					_,
-					_,
-					LocalDidCallVerifier,
-				>::verify_did_signature_for_call(
-					call,
-					submitter,
-					identity_details,
-					RevealedDidKeysAndSignature {
-						merkle_leaves: proof_leaves.borrow(),
-						did_signature: proof.did.signature,
-					},
-				)
-				.map_err(DipChildProviderStateProofVerifierError::DidSignature)?;
+			verify_did_signature_for_call::<_, _, _, _, LocalContextProvider, _, _, _, LocalDidCallVerifier>(
+				call,
+				submitter,
+				identity_details,
+				RevealedDidKeysAndSignature {
+					merkle_leaves: proof_leaves.borrow(),
+					did_signature: proof.did.signature,
+				},
+			)
+			.map_err(DipChildProviderStateProofVerifierError::DidSignature)?;
 			Ok(proof_leaves)
 		}
 	}