Add Redeemer associated type to Verifier trait.

And move ugly repetitive decoding to the executive.

Author: JoshOrndorff

tuxedo-core/src/executive.rs

@@ -79,12 +79,12 @@ where
         let mut missing_inputs = Vec::new();
         for input in transaction.inputs.iter() {
             if let Some(input_utxo) = TransparentUtxoSet::<V>::peek_utxo(&input.output_ref) {
+                let redeemer = V::Redeemer::decode(&mut &input.redeemer[..])
+                    .map_err(|_| UtxoError::VerifierError)?;
                 ensure!(
-                    input_utxo.verifier.verify(
-                        &stripped_encoded,
-                        Self::block_height(),
-                        &input.redeemer
-                    ),
+                    input_utxo
+                        .verifier
+                        .verify(&stripped_encoded, Self::block_height(), &redeemer),
                     UtxoError::VerifierError
                 );
                 input_utxos.push(input_utxo);

tuxedo-core/src/verifier.rs

@@ -29,7 +29,11 @@ pub use simple_signature::{Sr25519P2PKH, Sr25519Signature};
 /// * An encoded redeemer supplied by the user attempting to spend the input.
 ///   The redeemer is opaque to the trait and must be interpreted by the implementation.
 pub trait Verifier: Debug + Encode + Decode + Clone {
-    fn verify(&self, simplified_tx: &[u8], block_height: u32, redeemer: &[u8]) -> bool;
+    /// The type that will be supplied to satisfy the verifier and redeem the UTXO.
+    type Redeemer: Decode;
+
+    /// Main function in the trait. Does the checks to make sure an output can be spent.
+    fn verify(&self, simplified_tx: &[u8], block_height: u32, redeemer: &Self::Redeemer) -> bool;
 }
 
 /// A simple verifier that allows anyone to consume an output at any time
@@ -39,7 +43,9 @@ pub trait Verifier: Debug + Encode + Decode + Clone {
 pub struct UpForGrabs;
 
 impl Verifier for UpForGrabs {
-    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &[u8]) -> bool {
+    type Redeemer = ();
+
+    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &()) -> bool {
         true
     }
 }
@@ -54,11 +60,15 @@ impl Verifier for UpForGrabs {
 pub struct Unspendable;
 
 impl Verifier for Unspendable {
-    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &[u8]) -> bool {
+    type Redeemer = ();
+
+    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &()) -> bool {
         false
     }
 }
 
+// Idea: It could be useful to allow delay deciding whether the redemption should succeed
+//       until spend-time. In that case you could pass it in as a verifier.
 /// A testing verifier that passes or depending on the enclosed
 /// boolean value.
 #[cfg(feature = "std")]
@@ -70,7 +80,9 @@ pub struct TestVerifier {
 
 #[cfg(feature = "std")]
 impl Verifier for TestVerifier {
-    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &[u8]) -> bool {
+    type Redeemer = ();
+
+    fn verify(&self, _simplified_tx: &[u8], __: u32, _: &()) -> bool {
         self.verifies
     }
 }
@@ -98,18 +110,18 @@ mod test {
 
     #[test]
     fn up_for_grabs_always_verifies() {
-        assert!(UpForGrabs.verify(&[], 0, &[]))
+        assert!(UpForGrabs.verify(&[], 0, &()))
     }
 
     #[test]
     fn test_verifier_passes() {
-        let result = TestVerifier { verifies: true }.verify(&[], 0, &[]);
+        let result = TestVerifier { verifies: true }.verify(&[], 0, &());
         assert!(result);
     }
 
     #[test]
     fn test_verifier_fails() {
-        let result = TestVerifier { verifies: false }.verify(&[], 0, &[]);
+        let result = TestVerifier { verifies: false }.verify(&[], 0, &());
         assert!(!result);
     }
 }

tuxedo-core/src/verifier/htlc.rs

@@ -42,7 +42,8 @@ pub struct TimeLock {
 }
 
 impl Verifier for TimeLock {
-    fn verify(&self, _: &[u8], block_height: u32, _: &[u8]) -> bool {
+    type Redeemer = ();
+    fn verify(&self, _: &[u8], block_height: u32, _: &()) -> bool {
         block_height >= self.unlock_block_height
     }
 }
@@ -64,8 +65,9 @@ impl BlakeTwoHashLock {
 }
 
 impl Verifier for BlakeTwoHashLock {
-    fn verify(&self, _: &[u8], _: u32, redeemer: &[u8]) -> bool {
-        BlakeTwo256::hash(redeemer) == self.hash_lock
+    type Redeemer = Vec<u8>;
+    fn verify(&self, _: &[u8], _: u32, secret: &Self::Redeemer) -> bool {
+        BlakeTwo256::hash(secret) == self.hash_lock
     }
 }
 
@@ -104,11 +106,9 @@ pub enum HtlcSpendPath {
 }
 
 impl Verifier for HashTimeLockContract {
-    fn verify(&self, simplified_tx: &[u8], block_height: u32, redeemer: &[u8]) -> bool {
-        let Ok(spend_path) = HtlcSpendPath::decode(&mut &redeemer[..]) else {
-            return false;
-        };
+    type Redeemer = HtlcSpendPath;
 
+    fn verify(&self, simplified_tx: &[u8], block_height: u32, spend_path: &HtlcSpendPath) -> bool {
         match spend_path {
             HtlcSpendPath::Claim { secret, signature } => {
                 // Claims are valid as long as the secret is correct and the receiver signature is correct.
@@ -145,23 +145,23 @@ mod test {
         let time_lock = TimeLock {
             unlock_block_height: 100,
         };
-        assert!(!time_lock.verify(&[], 10, &[]));
+        assert!(!time_lock.verify(&[], 10, &()));
     }
 
     #[test]
     fn time_lock_exactly_on_time() {
         let time_lock = TimeLock {
             unlock_block_height: 100,
         };
-        assert!(time_lock.verify(&[], 100, &[]));
+        assert!(time_lock.verify(&[], 100, &()));
     }
 
     #[test]
     fn time_lock_past_threshold() {
         let time_lock = TimeLock {
             unlock_block_height: 100,
         };
-        assert!(time_lock.verify(&[], 200, &[]));
+        assert!(time_lock.verify(&[], 200, &()));
     }
 
     #[test]

tuxedo-core/src/verifier/multi_signature.rs

@@ -50,16 +50,13 @@ pub struct SignatureAndIndex {
 }
 
 impl Verifier for ThresholdMultiSignature {
-    fn verify(&self, simplified_tx: &[u8], _: u32, redeemer: &[u8]) -> bool {
+    type Redeemer = Vec<SignatureAndIndex>;
+
+    fn verify(&self, simplified_tx: &[u8], _: u32, sigs: &Vec<SignatureAndIndex>) -> bool {
         if self.has_duplicate_signatories() {
             return false;
         }
 
-        let sigs = match Vec::<SignatureAndIndex>::decode(&mut &redeemer[..]) {
-            Ok(s) => s,
-            Err(_) => return false,
-        };
-
         if sigs.len() < self.threshold.into() {
             return false;
         }
@@ -121,13 +118,12 @@ mod test {
             })
             .collect();
 
-        let redeemer: &[u8] = &sigs.encode()[..];
         let threshold_multisig = ThresholdMultiSignature {
             threshold,
             signatories,
         };
 
-        assert!(threshold_multisig.verify(simplified_tx, 0, redeemer));
+        assert!(threshold_multisig.verify(simplified_tx, 0, &sigs));
     }
 
     #[test]
@@ -148,13 +144,12 @@ mod test {
             })
             .collect();
 
-        let redeemer: &[u8] = &sigs.encode()[..];
         let threshold_multisig = ThresholdMultiSignature {
             threshold,
             signatories,
         };
 
-        assert!(!threshold_multisig.verify(simplified_tx, 0, redeemer));
+        assert!(!threshold_multisig.verify(simplified_tx, 0, &sigs));
     }
 
     #[test]
@@ -174,13 +169,12 @@ mod test {
             })
             .collect();
 
-        let redeemer: &[u8] = &sigs.encode()[..];
         let threshold_multisig = ThresholdMultiSignature {
             threshold,
             signatories,
         };
 
-        assert!(threshold_multisig.verify(simplified_tx, 0, redeemer));
+        assert!(threshold_multisig.verify(simplified_tx, 0, &sigs));
     }
 
     #[test]
@@ -203,13 +197,12 @@ mod test {
             },
         ];
 
-        let redeemer: &[u8] = &sigs.encode()[..];
         let threshold_multisig = ThresholdMultiSignature {
             threshold,
             signatories,
         };
 
-        assert!(!threshold_multisig.verify(simplified_tx, 0, redeemer));
+        assert!(!threshold_multisig.verify(simplified_tx, 0, &sigs));
     }
 
     #[test]
@@ -230,31 +223,12 @@ mod test {
                 index: i.try_into().unwrap(),
             })
             .collect();
-        let redeemer: &[u8] = &sigs.encode()[..];
 
         let threshold_multisig = ThresholdMultiSignature {
             threshold,
             signatories,
         };
 
-        assert!(!threshold_multisig.verify(simplified_tx, 0, redeemer));
-    }
-
-    #[test]
-    fn threshold_multisig_bogus_redeemer_encoding_fails() {
-        use crate::dynamic_typing::testing::Bogus;
-
-        let bogus = Bogus;
-
-        let threshold_multisig = ThresholdMultiSignature {
-            threshold: 3,
-            signatories: vec![],
-        };
-
-        assert!(!threshold_multisig.verify(
-            b"bogus_message".as_slice(),
-            0,
-            bogus.encode().as_slice()
-        ))
+        assert!(!threshold_multisig.verify(simplified_tx, 0, &sigs));
     }
 }

tuxedo-core/src/verifier/simple_signature.rs

@@ -43,13 +43,10 @@ impl Sr25519Signature {
 }
 
 impl Verifier for Sr25519Signature {
-    fn verify(&self, simplified_tx: &[u8], _: u32, redeemer: &[u8]) -> bool {
-        let sig = match Signature::try_from(redeemer) {
-            Ok(s) => s,
-            Err(_) => return false,
-        };
+    type Redeemer = Signature;
 
-        sp_io::crypto::sr25519_verify(&sig, simplified_tx, &Public::from_h256(self.owner_pubkey))
+    fn verify(&self, simplified_tx: &[u8], _: u32, sig: &Signature) -> bool {
+        sp_io::crypto::sr25519_verify(sig, simplified_tx, &Public::from_h256(self.owner_pubkey))
     }
 }
 
@@ -66,9 +63,9 @@ pub struct Sr25519P2PKH {
 }
 
 impl Verifier for Sr25519P2PKH {
-    fn verify(&self, simplified_tx: &[u8], _: u32, redeemer: &[u8]) -> bool {
-        //TODO verifier trait should have associated type for decoding the redeemer. Otherwise each and every redeemer impl has to do it.
-        // Decode the redeemer and expect to find both a pubkey and a signature.
+    type Redeemer = (Public, Signature);
+
+    fn verify(&self, simplified_tx: &[u8], _: u32, (pubkey, signature): &Self::Redeemer) -> bool {
         // Check that the hash stored matches the pubkey given.
         // Check that the signature given is valid over the tx from the pubkey given.
         todo!()
@@ -85,24 +82,26 @@ mod test {
         let pair = Pair::from_seed(&[0u8; 32]);
         let simplified_tx = b"hello world".as_slice();
         let sig = pair.sign(simplified_tx);
-        let redeemer: &[u8] = sig.as_ref();
 
         let sr25519_signature = Sr25519Signature {
             owner_pubkey: pair.public().into(),
         };
 
-        assert!(sr25519_signature.verify(simplified_tx, 0, redeemer));
+        assert!(sr25519_signature.verify(simplified_tx, 0, &sig));
     }
 
     #[test]
     fn sr25519_signature_with_bad_sig() {
         let simplified_tx = b"hello world".as_slice();
-        let redeemer = b"bogus_signature".as_slice();
+        let bad_sig = Signature::from_slice(
+            b"bogus_signature_bogus_signature_bogus_signature_bogus_signature!".as_slice(),
+        )
+        .expect("Should be able to create a bogus signature.");
 
         let sr25519_signature = Sr25519Signature {
             owner_pubkey: H256::zero(),
         };
 
-        assert!(!sr25519_signature.verify(simplified_tx, 0, redeemer));
+        assert!(!sr25519_signature.verify(simplified_tx, 0, &bad_sig));
     }
 }