2018-06-07 14:51:29 -06:00
|
|
|
//! The `sigverify` module provides digital signature verification functions.
|
|
|
|
|
//! By default, signatures are verified in parallel using all available CPU
|
|
|
|
|
//! cores. When `--features=cuda` is enabled, signature verification is
|
|
|
|
|
//! offloaded to the GPU.
|
|
|
|
|
//!
|
|
|
|
|
|
2018-05-30 21:24:21 -07:00
|
|
|
use counter::Counter;
|
2018-03-26 21:07:11 -07:00
|
|
|
use packet::{Packet, SharedPackets};
|
2018-04-06 15:43:05 -06:00
|
|
|
use std::mem::size_of;
|
2018-05-30 21:24:21 -07:00
|
|
|
use std::sync::atomic::AtomicUsize;
|
2018-04-11 20:24:14 -06:00
|
|
|
use transaction::{PUB_KEY_OFFSET, SIGNED_DATA_OFFSET, SIG_OFFSET};
|
2018-03-26 21:07:11 -07:00
|
|
|
|
2018-05-24 00:29:01 -06:00
|
|
|
pub const TX_OFFSET: usize = 0;
|
2018-03-26 21:07:11 -07:00
|
|
|
|
|
|
|
|
#[cfg(feature = "cuda")]
|
|
|
|
|
#[repr(C)]
|
|
|
|
|
struct Elems {
|
|
|
|
|
elems: *const Packet,
|
|
|
|
|
num: u32,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(feature = "cuda")]
|
|
|
|
|
#[link(name = "cuda_verify_ed25519")]
|
|
|
|
|
extern "C" {
|
2018-07-14 22:58:08 +00:00
|
|
|
fn ed25519_init() -> bool;
|
|
|
|
|
fn ed25519_set_verbose(val: bool);
|
2018-03-26 21:07:11 -07:00
|
|
|
fn ed25519_verify_many(
|
|
|
|
|
vecs: *const Elems,
|
|
|
|
|
num: u32, //number of vecs
|
|
|
|
|
message_size: u32, //size of each element inside the elems field of the vec
|
|
|
|
|
public_key_offset: u32,
|
|
|
|
|
signature_offset: u32,
|
|
|
|
|
signed_message_offset: u32,
|
|
|
|
|
signed_message_len_offset: u32,
|
|
|
|
|
out: *mut u8, //combined length of all the items in vecs
|
|
|
|
|
) -> u32;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-14 22:58:08 +00:00
|
|
|
#[cfg(not(feature = "cuda"))]
|
|
|
|
|
pub fn init() {
|
|
|
|
|
// stub
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-26 21:07:11 -07:00
|
|
|
fn verify_packet(packet: &Packet) -> u8 {
|
2018-04-06 15:43:05 -06:00
|
|
|
use ring::signature;
|
|
|
|
|
use signature::{PublicKey, Signature};
|
2018-04-11 20:24:14 -06:00
|
|
|
use untrusted;
|
2018-04-06 15:43:05 -06:00
|
|
|
|
2018-03-26 21:07:11 -07:00
|
|
|
let msg_start = TX_OFFSET + SIGNED_DATA_OFFSET;
|
|
|
|
|
let sig_start = TX_OFFSET + SIG_OFFSET;
|
2018-04-06 15:43:05 -06:00
|
|
|
let sig_end = sig_start + size_of::<Signature>();
|
2018-03-26 21:07:11 -07:00
|
|
|
let pub_key_start = TX_OFFSET + PUB_KEY_OFFSET;
|
2018-04-06 15:43:05 -06:00
|
|
|
let pub_key_end = pub_key_start + size_of::<PublicKey>();
|
2018-03-26 21:07:11 -07:00
|
|
|
|
2018-04-06 15:24:15 -06:00
|
|
|
if packet.meta.size <= msg_start {
|
2018-03-26 21:07:11 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
2018-04-06 15:24:15 -06:00
|
|
|
|
|
|
|
|
let msg_end = packet.meta.size;
|
|
|
|
|
signature::verify(
|
|
|
|
|
&signature::ED25519,
|
|
|
|
|
untrusted::Input::from(&packet.data[pub_key_start..pub_key_end]),
|
|
|
|
|
untrusted::Input::from(&packet.data[msg_start..msg_end]),
|
|
|
|
|
untrusted::Input::from(&packet.data[sig_start..sig_end]),
|
|
|
|
|
).is_ok() as u8
|
2018-03-26 21:07:11 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-31 16:54:24 -07:00
|
|
|
fn verify_packet_disabled(_packet: &Packet) -> u8 {
|
2018-07-30 13:57:10 -07:00
|
|
|
warn!("signature verification is disabled");
|
2018-07-31 16:54:24 -07:00
|
|
|
1
|
2018-07-30 13:57:10 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-11 14:40:46 -06:00
|
|
|
fn batch_size(batches: &[SharedPackets]) -> usize {
|
2018-05-24 23:18:41 -07:00
|
|
|
batches
|
|
|
|
|
.iter()
|
|
|
|
|
.map(|p| p.read().unwrap().packets.len())
|
2018-05-24 23:18:41 -07:00
|
|
|
.sum()
|
2018-05-24 23:18:41 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-11 21:10:25 -06:00
|
|
|
#[cfg_attr(feature = "cargo-clippy", allow(ptr_arg))]
|
2018-03-26 21:07:11 -07:00
|
|
|
#[cfg(not(feature = "cuda"))]
|
|
|
|
|
pub fn ed25519_verify(batches: &Vec<SharedPackets>) -> Vec<Vec<u8>> {
|
2018-08-01 14:10:39 -07:00
|
|
|
ed25519_verify_cpu(batches)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg_attr(feature = "cargo-clippy", allow(ptr_arg))]
|
|
|
|
|
pub fn ed25519_verify_cpu(batches: &Vec<SharedPackets>) -> Vec<Vec<u8>> {
|
2018-04-06 15:43:05 -06:00
|
|
|
use rayon::prelude::*;
|
2018-05-30 21:24:21 -07:00
|
|
|
let count = batch_size(batches);
|
2018-05-24 23:18:41 -07:00
|
|
|
info!("CPU ECDSA for {}", batch_size(batches));
|
2018-05-30 21:24:21 -07:00
|
|
|
let rv = batches
|
2018-04-06 15:21:49 -06:00
|
|
|
.into_par_iter()
|
|
|
|
|
.map(|p| {
|
|
|
|
|
p.read()
|
2018-05-09 18:19:23 -07:00
|
|
|
.expect("'p' read lock in ed25519_verify")
|
2018-04-06 15:21:49 -06:00
|
|
|
.packets
|
|
|
|
|
.par_iter()
|
|
|
|
|
.map(verify_packet)
|
|
|
|
|
.collect()
|
|
|
|
|
})
|
2018-05-30 21:24:21 -07:00
|
|
|
.collect();
|
2018-07-16 18:33:50 -07:00
|
|
|
inc_new_counter!("ed25519_verify", count);
|
2018-05-30 21:24:21 -07:00
|
|
|
rv
|
2018-03-26 21:07:11 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-31 16:54:24 -07:00
|
|
|
#[cfg_attr(feature = "cargo-clippy", allow(ptr_arg))]
|
|
|
|
|
pub fn ed25519_verify_disabled(batches: &Vec<SharedPackets>) -> Vec<Vec<u8>> {
|
|
|
|
|
use rayon::prelude::*;
|
|
|
|
|
let count = batch_size(batches);
|
|
|
|
|
info!("CPU ECDSA for {}", batch_size(batches));
|
|
|
|
|
let rv = batches
|
|
|
|
|
.into_par_iter()
|
|
|
|
|
.map(|p| {
|
|
|
|
|
p.read()
|
|
|
|
|
.expect("'p' read lock in ed25519_verify")
|
|
|
|
|
.packets
|
|
|
|
|
.par_iter()
|
|
|
|
|
.map(verify_packet_disabled)
|
|
|
|
|
.collect()
|
|
|
|
|
})
|
|
|
|
|
.collect();
|
|
|
|
|
inc_new_counter!("ed25519_verify", count);
|
|
|
|
|
rv
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-14 22:58:08 +00:00
|
|
|
#[cfg(feature = "cuda")]
|
|
|
|
|
pub fn init() {
|
|
|
|
|
unsafe {
|
|
|
|
|
ed25519_set_verbose(true);
|
|
|
|
|
if !ed25519_init() {
|
|
|
|
|
panic!("ed25519_init() failed");
|
|
|
|
|
}
|
|
|
|
|
ed25519_set_verbose(false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-26 21:07:11 -07:00
|
|
|
#[cfg(feature = "cuda")]
|
|
|
|
|
pub fn ed25519_verify(batches: &Vec<SharedPackets>) -> Vec<Vec<u8>> {
|
2018-04-06 15:43:05 -06:00
|
|
|
use packet::PACKET_DATA_SIZE;
|
2018-05-30 21:24:21 -07:00
|
|
|
let count = batch_size(batches);
|
2018-08-01 14:10:39 -07:00
|
|
|
|
|
|
|
|
// micro-benchmarks show GPU time for smallest batch around 15-20ms
|
|
|
|
|
// and CPU speed for 64-128 sig verifies around 10-20ms. 64 is a nice
|
|
|
|
|
// power-of-two number around that accounting for the fact that the CPU
|
|
|
|
|
// may be busy doing other things while being a real fullnode
|
|
|
|
|
// TODO: dynamically adjust this crossover
|
|
|
|
|
if count < 64 {
|
|
|
|
|
return ed25519_verify_cpu(batches);
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-24 23:18:41 -07:00
|
|
|
info!("CUDA ECDSA for {}", batch_size(batches));
|
2018-03-26 21:07:11 -07:00
|
|
|
let mut out = Vec::new();
|
|
|
|
|
let mut elems = Vec::new();
|
|
|
|
|
let mut locks = Vec::new();
|
|
|
|
|
let mut rvs = Vec::new();
|
|
|
|
|
|
|
|
|
|
for packets in batches {
|
2018-05-11 11:38:52 -07:00
|
|
|
locks.push(
|
|
|
|
|
packets
|
|
|
|
|
.read()
|
|
|
|
|
.expect("'packets' read lock in pub fn ed25519_verify"),
|
|
|
|
|
);
|
2018-03-26 21:07:11 -07:00
|
|
|
}
|
|
|
|
|
let mut num = 0;
|
|
|
|
|
for p in locks {
|
|
|
|
|
elems.push(Elems {
|
|
|
|
|
elems: p.packets.as_ptr(),
|
|
|
|
|
num: p.packets.len() as u32,
|
|
|
|
|
});
|
|
|
|
|
let mut v = Vec::new();
|
|
|
|
|
v.resize(p.packets.len(), 0);
|
|
|
|
|
rvs.push(v);
|
|
|
|
|
num += p.packets.len();
|
|
|
|
|
}
|
|
|
|
|
out.resize(num, 0);
|
|
|
|
|
trace!("Starting verify num packets: {}", num);
|
|
|
|
|
trace!("elem len: {}", elems.len() as u32);
|
|
|
|
|
trace!("packet sizeof: {}", size_of::<Packet>() as u32);
|
|
|
|
|
trace!("pub key: {}", (TX_OFFSET + PUB_KEY_OFFSET) as u32);
|
|
|
|
|
trace!("sig offset: {}", (TX_OFFSET + SIG_OFFSET) as u32);
|
|
|
|
|
trace!("sign data: {}", (TX_OFFSET + SIGNED_DATA_OFFSET) as u32);
|
|
|
|
|
trace!("len offset: {}", PACKET_DATA_SIZE as u32);
|
|
|
|
|
unsafe {
|
|
|
|
|
let res = ed25519_verify_many(
|
|
|
|
|
elems.as_ptr(),
|
|
|
|
|
elems.len() as u32,
|
|
|
|
|
size_of::<Packet>() as u32,
|
|
|
|
|
(TX_OFFSET + PUB_KEY_OFFSET) as u32,
|
|
|
|
|
(TX_OFFSET + SIG_OFFSET) as u32,
|
|
|
|
|
(TX_OFFSET + SIGNED_DATA_OFFSET) as u32,
|
|
|
|
|
PACKET_DATA_SIZE as u32,
|
|
|
|
|
out.as_mut_ptr(),
|
|
|
|
|
);
|
|
|
|
|
if res != 0 {
|
|
|
|
|
trace!("RETURN!!!: {}", res);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
trace!("done verify");
|
|
|
|
|
let mut num = 0;
|
|
|
|
|
for vs in rvs.iter_mut() {
|
|
|
|
|
for mut v in vs.iter_mut() {
|
|
|
|
|
*v = out[num];
|
|
|
|
|
if *v != 0 {
|
|
|
|
|
trace!("VERIFIED PACKET!!!!!");
|
|
|
|
|
}
|
|
|
|
|
num += 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-07-16 18:33:50 -07:00
|
|
|
inc_new_counter!("ed25519_verify", count);
|
2018-03-26 21:07:11 -07:00
|
|
|
rvs
|
|
|
|
|
}
|
2018-04-11 12:18:00 -07:00
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests {
|
|
|
|
|
use bincode::serialize;
|
|
|
|
|
use packet::{Packet, Packets, SharedPackets};
|
2018-05-25 16:52:17 -06:00
|
|
|
use sigverify;
|
2018-04-11 20:24:14 -06:00
|
|
|
use std::sync::RwLock;
|
2018-05-11 11:38:52 -07:00
|
|
|
use transaction::Transaction;
|
2018-05-15 12:15:29 -06:00
|
|
|
use transaction::{memfind, test_tx};
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_layout() {
|
2018-05-25 16:05:37 -06:00
|
|
|
let tx = test_tx();
|
|
|
|
|
let tx_bytes = serialize(&tx).unwrap();
|
|
|
|
|
let packet = serialize(&tx).unwrap();
|
2018-05-25 16:52:17 -06:00
|
|
|
assert_matches!(memfind(&packet, &tx_bytes), Some(sigverify::TX_OFFSET));
|
2018-05-15 12:15:29 -06:00
|
|
|
assert_matches!(memfind(&packet, &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]), None);
|
|
|
|
|
}
|
2018-04-11 12:18:00 -07:00
|
|
|
|
2018-05-25 16:05:37 -06:00
|
|
|
fn make_packet_from_transaction(tx: Transaction) -> Packet {
|
|
|
|
|
let tx_bytes = serialize(&tx).unwrap();
|
2018-04-11 12:18:00 -07:00
|
|
|
let mut packet = Packet::default();
|
2018-05-25 16:05:37 -06:00
|
|
|
packet.meta.size = tx_bytes.len();
|
|
|
|
|
packet.data[..packet.meta.size].copy_from_slice(&tx_bytes);
|
2018-04-11 12:18:00 -07:00
|
|
|
return packet;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn test_verify_n(n: usize, modify_data: bool) {
|
2018-05-25 16:05:37 -06:00
|
|
|
let tx = test_tx();
|
|
|
|
|
let mut packet = make_packet_from_transaction(tx);
|
2018-04-11 12:18:00 -07:00
|
|
|
|
|
|
|
|
// jumble some data to test failure
|
|
|
|
|
if modify_data {
|
2018-07-11 15:05:03 -06:00
|
|
|
packet.data[20] = packet.data[20].wrapping_add(10);
|
2018-04-11 12:18:00 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// generate packet vector
|
|
|
|
|
let mut packets = Packets::default();
|
|
|
|
|
packets.packets = Vec::new();
|
|
|
|
|
for _ in 0..n {
|
|
|
|
|
packets.packets.push(packet.clone());
|
|
|
|
|
}
|
|
|
|
|
let shared_packets = SharedPackets::new(RwLock::new(packets));
|
|
|
|
|
let batches = vec![shared_packets.clone(), shared_packets.clone()];
|
|
|
|
|
|
|
|
|
|
// verify packets
|
2018-05-25 16:52:17 -06:00
|
|
|
let ans = sigverify::ed25519_verify(&batches);
|
2018-04-11 12:18:00 -07:00
|
|
|
|
|
|
|
|
// check result
|
|
|
|
|
let ref_ans = if modify_data { 0u8 } else { 1u8 };
|
|
|
|
|
assert_eq!(ans, vec![vec![ref_ans; n], vec![ref_ans; n]]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_verify_zero() {
|
|
|
|
|
test_verify_n(0, false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_verify_one() {
|
|
|
|
|
test_verify_n(1, false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_verify_seventy_one() {
|
|
|
|
|
test_verify_n(71, false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_verify_fail() {
|
|
|
|
|
test_verify_n(5, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
