Correct BABE randomness by calculating InOut bytes directly in pallet (#5876)

* vrf: remove Raw* types

* babe: remove Raw* types

* pallet-babe: switch representation of RawVRFOutput to Randomness

* pallet-babe: calculate inout within the pallet

* Remove make_transcript duplication

* Bump spec version

* Fix frame tests

* and_then -> map

* Always enable u64_backend

* Fix nostd compile

* fix import: should not use std

* Remove unused definition of RawVRFOutput

* Remove unused import of RuntimeDebug

Co-authored-by: Gavin Wood <gavin@parity.io>

substrate/primitives/consensus/babe/src/digests.rs

@@ -22,19 +22,17 @@ use super::{AuthorityId, AuthorityIndex, SlotNumber, BabeAuthorityWeight, BabeEp
 #[cfg(feature = "std")]
 use sp_runtime::{DigestItem, generic::OpaqueDigestItemId};
 #[cfg(feature = "std")]
-use std::{fmt::Debug, convert::{TryFrom, TryInto}};
+use std::fmt::Debug;
 use codec::{Decode, Encode};
 #[cfg(feature = "std")]
 use codec::Codec;
 use sp_std::vec::Vec;
 use sp_runtime::RuntimeDebug;
-use sp_consensus_vrf::schnorrkel::{self, Randomness};
-#[cfg(feature = "std")]
-use sp_consensus_vrf::schnorrkel::SignatureError;
+use sp_consensus_vrf::schnorrkel::{Randomness, VRFOutput, VRFProof};
 
 /// Raw BABE primary slot assignment pre-digest.
 #[derive(Clone, RuntimeDebug, Encode, Decode)]
-pub struct RawPrimaryPreDigest<VRFOutput=schnorrkel::RawVRFOutput, VRFProof=schnorrkel::RawVRFProof> {
+pub struct PrimaryPreDigest {
 	/// Authority index
 	pub authority_index: super::AuthorityIndex,
 	/// Slot number
@@ -45,24 +43,6 @@ pub struct RawPrimaryPreDigest<VRFOutput=schnorrkel::RawVRFOutput, VRFProof=schn
 	pub vrf_proof: VRFProof,
 }
 
-#[cfg(feature = "std")]
-/// BABE primary slot assignment pre-digest for std environment.
-pub type PrimaryPreDigest = RawPrimaryPreDigest<schnorrkel::VRFOutput, schnorrkel::VRFProof>;
-
-#[cfg(feature = "std")]
-impl TryFrom<RawPrimaryPreDigest> for PrimaryPreDigest {
-	type Error = SignatureError;
-
-	fn try_from(raw: RawPrimaryPreDigest) -> Result<PrimaryPreDigest, SignatureError> {
-		Ok(PrimaryPreDigest {
-			authority_index: raw.authority_index,
-			slot_number: raw.slot_number,
-			vrf_output: raw.vrf_output.try_into()?,
-			vrf_proof: raw.vrf_proof.try_into()?,
-		})
-	}
-}
-
 /// BABE secondary slot assignment pre-digest.
 #[derive(Clone, RuntimeDebug, Encode, Decode)]
 pub struct SecondaryPlainPreDigest {
@@ -79,7 +59,7 @@ pub struct SecondaryPlainPreDigest {
 
 /// BABE secondary deterministic slot assignment with VRF outputs.
 #[derive(Clone, RuntimeDebug, Encode, Decode)]
-pub struct RawSecondaryVRFPreDigest<VRFOutput=schnorrkel::RawVRFOutput, VRFProof=schnorrkel::RawVRFProof> {
+pub struct SecondaryVRFPreDigest {
 	/// Authority index
 	pub authority_index: super::AuthorityIndex,
 	/// Slot number
@@ -90,60 +70,38 @@ pub struct RawSecondaryVRFPreDigest<VRFOutput=schnorrkel::RawVRFOutput, VRFProof
 	pub vrf_proof: VRFProof,
 }
 
-#[cfg(feature = "std")]
-/// BABE secondary slot assignment with VRF outputs pre-digest, for std environment.
-pub type SecondaryVRFPreDigest = RawSecondaryVRFPreDigest<schnorrkel::VRFOutput, schnorrkel::VRFProof>;
-
-#[cfg(feature = "std")]
-impl TryFrom<RawSecondaryVRFPreDigest> for SecondaryVRFPreDigest {
-	type Error = SignatureError;
-
-	fn try_from(raw: RawSecondaryVRFPreDigest) -> Result<SecondaryVRFPreDigest, SignatureError> {
-		Ok(SecondaryVRFPreDigest {
-			authority_index: raw.authority_index,
-			slot_number: raw.slot_number,
-			vrf_output: raw.vrf_output.try_into()?,
-			vrf_proof: raw.vrf_proof.try_into()?,
-		})
-	}
-}
-
 /// A BABE pre-runtime digest. This contains all data required to validate a
 /// block and for the BABE runtime module. Slots can be assigned to a primary
 /// (VRF based) and to a secondary (slot number based).
 #[derive(Clone, RuntimeDebug, Encode, Decode)]
-pub enum RawPreDigest<VRFOutput=schnorrkel::RawVRFOutput, VRFProof=schnorrkel::RawVRFProof> {
+pub enum PreDigest {
 	/// A primary VRF-based slot assignment.
 	#[codec(index = "1")]
-	Primary(RawPrimaryPreDigest<VRFOutput, VRFProof>),
+	Primary(PrimaryPreDigest),
 	/// A secondary deterministic slot assignment.
 	#[codec(index = "2")]
 	SecondaryPlain(SecondaryPlainPreDigest),
 	/// A secondary deterministic slot assignment with VRF outputs.
 	#[codec(index = "3")]
-	SecondaryVRF(RawSecondaryVRFPreDigest<VRFOutput, VRFProof>),
+	SecondaryVRF(SecondaryVRFPreDigest),
 }
 
-#[cfg(feature = "std")]
-/// A BABE pre-runtime digest for std.
-pub type PreDigest = RawPreDigest<schnorrkel::VRFOutput, schnorrkel::VRFProof>;
-
-impl<VRFOutput, VRFProof> RawPreDigest<VRFOutput, VRFProof> {
+impl PreDigest {
 	/// Returns the slot number of the pre digest.
 	pub fn authority_index(&self) -> AuthorityIndex {
 		match self {
-			RawPreDigest::Primary(primary) => primary.authority_index,
-			RawPreDigest::SecondaryPlain(secondary) => secondary.authority_index,
-			RawPreDigest::SecondaryVRF(secondary) => secondary.authority_index,
+			PreDigest::Primary(primary) => primary.authority_index,
+			PreDigest::SecondaryPlain(secondary) => secondary.authority_index,
+			PreDigest::SecondaryVRF(secondary) => secondary.authority_index,
 		}
 	}
 
 	/// Returns the slot number of the pre digest.
 	pub fn slot_number(&self) -> SlotNumber {
 		match self {
-			RawPreDigest::Primary(primary) => primary.slot_number,
-			RawPreDigest::SecondaryPlain(secondary) => secondary.slot_number,
-			RawPreDigest::SecondaryVRF(secondary) => secondary.slot_number,
+			PreDigest::Primary(primary) => primary.slot_number,
+			PreDigest::SecondaryPlain(secondary) => secondary.slot_number,
+			PreDigest::SecondaryVRF(secondary) => secondary.slot_number,
 		}
 	}
 
@@ -151,25 +109,12 @@ impl<VRFOutput, VRFProof> RawPreDigest<VRFOutput, VRFProof> {
 	/// of the chain.
 	pub fn added_weight(&self) -> crate::BabeBlockWeight {
 		match self {
-			RawPreDigest::Primary(_) => 1,
-			RawPreDigest::SecondaryPlain(_) | RawPreDigest::SecondaryVRF(_) => 0,
+			PreDigest::Primary(_) => 1,
+			PreDigest::SecondaryPlain(_) | PreDigest::SecondaryVRF(_) => 0,
 		}
 	}
 }
 
-#[cfg(feature = "std")]
-impl TryFrom<RawPreDigest> for PreDigest {
-	type Error = SignatureError;
-
-	fn try_from(raw: RawPreDigest) -> Result<PreDigest, SignatureError> {
-		Ok(match raw {
-			RawPreDigest::Primary(primary) => PreDigest::Primary(primary.try_into()?),
-			RawPreDigest::SecondaryPlain(secondary) => PreDigest::SecondaryPlain(secondary),
-			RawPreDigest::SecondaryVRF(secondary) => PreDigest::SecondaryVRF(secondary.try_into()?),
-		})
-	}
-}
-
 /// Information about the next epoch. This is broadcast in the first block
 /// of the epoch.
 #[derive(Decode, Encode, PartialEq, Eq, Clone, RuntimeDebug)]

substrate/primitives/consensus/babe/src/lib.rs

@@ -25,6 +25,7 @@ pub mod inherents;
 pub use sp_consensus_vrf::schnorrkel::{
 	Randomness, VRF_PROOF_LENGTH, VRF_OUTPUT_LENGTH, RANDOMNESS_LENGTH
 };
+pub use merlin::Transcript;
 
 use codec::{Encode, Decode};
 use sp_std::vec::Vec;
@@ -39,6 +40,9 @@ mod app {
 /// The prefix used by BABE for its VRF keys.
 pub const BABE_VRF_PREFIX: &[u8] = b"substrate-babe-vrf";
 
+/// BABE VRFInOut context.
+pub static BABE_VRF_INOUT_CONTEXT: &[u8] = b"BabeVRFInOutContext";
+
 /// A Babe authority keypair. Necessarily equivalent to the schnorrkel public key used in
 /// the main Babe module. If that ever changes, then this must, too.
 #[cfg(feature = "std")]
@@ -76,6 +80,19 @@ pub type BabeAuthorityWeight = u64;
 /// The weight of a BABE block.
 pub type BabeBlockWeight = u32;
 
+/// Make a VRF transcript from given randomness, slot number and epoch.
+pub fn make_transcript(
+	randomness: &Randomness,
+	slot_number: u64,
+	epoch: u64,
+) -> Transcript {
+	let mut transcript = Transcript::new(&BABE_ENGINE_ID);
+	transcript.append_u64(b"slot number", slot_number);
+	transcript.append_u64(b"current epoch", epoch);
+	transcript.append_message(b"chain randomness", &randomness[..]);
+	transcript
+}
+
 /// An consensus log item for BABE.
 #[derive(Decode, Encode, Clone, PartialEq, Eq)]
 pub enum ConsensusLog {