Revert "Migrate from ring to ed25519-dalek, take 2 (#3844)" (#3868)

This reverts commit e9b82bacda.
2019-04-18 11:47:34 -06:00
parent f8543a268f
commit 6a878602f2
14 changed files with 111 additions and 150 deletions
--- a/core/src/chacha.rs
+++ b/core/src/chacha.rs
@ -94,7 +94,7 @@ mod tests {
    use crate::blocktree::Blocktree;
    use crate::chacha::chacha_cbc_encrypt_ledger;
    use crate::entry::Entry;
-    use crate::gen_keys::GenKeys;
+    use ring::signature::Ed25519KeyPair;
    use solana_sdk::hash::{hash, Hash, Hasher};
    use solana_sdk::signature::KeypairUtil;
    use solana_sdk::system_transaction;
@ -103,14 +103,19 @@ mod tests {
    use std::io::Read;
    use std::path::Path;
    use std::sync::Arc;
+    use untrusted::Input;

    fn make_tiny_deterministic_test_entries(num: usize) -> Vec<Entry> {
        let zero = Hash::default();
        let one = hash(&zero.as_ref());
-
-        let seed = [2u8; 32];
-        let mut rnd = GenKeys::new(seed);
-        let keypair = rnd.gen_keypair();
+        let pkcs = [
+            48, 83, 2, 1, 1, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32, 109, 148, 235, 20, 97, 127,
+            43, 194, 109, 43, 121, 76, 54, 38, 234, 14, 108, 68, 209, 227, 137, 191, 167, 144, 177,
+            174, 57, 182, 79, 198, 196, 93, 161, 35, 3, 33, 0, 116, 121, 255, 78, 31, 95, 179, 172,
+            30, 125, 206, 87, 88, 78, 46, 145, 25, 154, 161, 252, 3, 58, 235, 116, 39, 148, 193,
+            150, 111, 61, 20, 226,
+        ];
+        let keypair = Ed25519KeyPair::from_pkcs8(Input::from(&pkcs)).unwrap();

        let mut id = one;
        let mut num_hashes = 0;
@ -159,7 +164,7 @@ mod tests {
        use bs58;
        //  golden needs to be updated if blob stuff changes....
        let golden = Hash::new(
-            &bs58::decode("GD6xs6Loh9gci6b6P8FVVJ1c1whCqxDzaqBrQkpcxowA")
+            &bs58::decode("5NBn4cBZmNZRftkjxj3um8W1eyYPzn2RgUJSA3SVbHaJ")
                .into_vec()
                .unwrap(),
        );
--- a/core/src/gen_keys.rs
+++ b/core/src/gen_keys.rs
@ -4,6 +4,7 @@ use rand::{Rng, SeedableRng};
 use rand_chacha::ChaChaRng;
 use rayon::prelude::*;
 use solana_sdk::signature::Keypair;
+use untrusted::Input;

 pub struct GenKeys {
    generator: ChaChaRng,
@ -25,14 +26,10 @@ impl GenKeys {
        (0..n).map(|_| self.gen_seed()).collect()
    }

-    pub fn gen_keypair(&mut self) -> Keypair {
-        Keypair::generate(&mut self.generator)
-    }
-
    pub fn gen_n_keypairs(&mut self, n: u64) -> Vec<Keypair> {
        self.gen_n_seeds(n)
            .into_par_iter()
-            .map(|seed| Keypair::generate(&mut ChaChaRng::from_seed(seed)))
+            .map(|seed| Keypair::from_seed_unchecked(Input::from(&seed)).unwrap())
            .collect()
    }
 }
@ -55,17 +52,6 @@ mod tests {
        }
    }

-    #[test]
-    fn test_gen_keypair_is_deterministic() {
-        let seed = [0u8; 32];
-        let mut gen0 = GenKeys::new(seed);
-        let mut gen1 = GenKeys::new(seed);
-        assert_eq!(
-            gen0.gen_keypair().to_bytes().to_vec(),
-            gen1.gen_keypair().to_bytes().to_vec()
-        );
-    }
-
    fn gen_n_pubkeys(seed: [u8; 32], n: u64) -> HashSet<Pubkey> {
        GenKeys::new(seed)
            .gen_n_keypairs(n)
--- a/core/src/replicator.rs
+++ b/core/src/replicator.rs
@ -14,7 +14,6 @@ use crate::streamer::receiver;
 use crate::streamer::responder;
 use crate::window_service::WindowService;
 use bincode::deserialize;
-use ed25519_dalek;
 use rand::thread_rng;
 use rand::Rng;
 use solana_client::rpc_client::RpcClient;
@ -61,7 +60,7 @@ pub struct Replicator {
    slot: u64,
    ledger_path: String,
    storage_keypair: Arc<Keypair>,
-    signature: ed25519_dalek::Signature,
+    signature: ring::signature::Signature,
    cluster_entrypoint: ContactInfo,
    ledger_data_file_encrypted: PathBuf,
    sampling_offsets: Vec<u64>,
@ -108,10 +107,10 @@ pub fn sample_file(in_path: &Path, sample_offsets: &[u64]) -> io::Result<Hash> {
 }

 fn get_entry_heights_from_blockhash(
-    signature: &ed25519_dalek::Signature,
+    signature: &ring::signature::Signature,
    storage_entry_height: u64,
 ) -> u64 {
-    let signature_vec = signature.to_bytes();
+    let signature_vec = signature.as_ref();
    let mut segment_index = u64::from(signature_vec[0])
        | (u64::from(signature_vec[1]) << 8)
        | (u64::from(signature_vec[1]) << 16)
@ -355,7 +354,7 @@ impl Replicator {
        #[cfg(feature = "chacha")]
        {
            let mut ivec = [0u8; 64];
-            ivec.copy_from_slice(&self.signature.to_bytes());
+            ivec.copy_from_slice(self.signature.as_ref());

            let num_encrypted_bytes = chacha_cbc_encrypt_ledger(
                &self.blocktree,
@ -384,7 +383,7 @@ impl Replicator {
            use rand_chacha::ChaChaRng;

            let mut rng_seed = [0u8; 32];
-            rng_seed.copy_from_slice(&self.signature.to_bytes()[0..32]);
+            rng_seed.copy_from_slice(&self.signature.as_ref()[0..32]);
            let mut rng = ChaChaRng::from_seed(rng_seed);
            for _ in 0..NUM_STORAGE_SAMPLES {
                self.sampling_offsets
@ -449,7 +448,7 @@ impl Replicator {
            &self.storage_keypair.pubkey(),
            self.hash,
            self.slot,
-            Signature::new(&self.signature.to_bytes()),
+            Signature::new(self.signature.as_ref()),
        );
        let mut tx = Transaction::new_unsigned_instructions(vec![ix]);
        client
--- a/core/src/sigverify.rs
+++ b/core/src/sigverify.rs
@ -67,8 +67,10 @@ pub fn init() {
 }

 fn verify_packet(packet: &Packet) -> u8 {
+    use ring::signature;
    use solana_sdk::pubkey::Pubkey;
    use solana_sdk::signature::Signature;
+    use untrusted;

    let (sig_len, sig_start, msg_start, pubkey_start) = get_packet_offsets(packet, 0);
    let mut sig_start = sig_start as usize;
@ -88,11 +90,14 @@ fn verify_packet(packet: &Packet) -> u8 {
            return 0;
        }

-        let signature = Signature::new(&packet.data[sig_start..sig_end]);
-        if !signature.verify(
-            &packet.data[pubkey_start..pubkey_end],
-            &packet.data[msg_start..msg_end],
-        ) {
+        if signature::verify(
+            &signature::ED25519,
+            untrusted::Input::from(&packet.data[pubkey_start..pubkey_end]),
+            untrusted::Input::from(&packet.data[msg_start..msg_end]),
+            untrusted::Input::from(&packet.data[sig_start..sig_end]),
+        )
+        .is_err()
+        {
            return 0;
        }
        pubkey_start += size_of::<Pubkey>();
--- a/core/src/storage_stage.rs
+++ b/core/src/storage_stage.rs
@ -327,7 +327,7 @@ impl StorageStage {
        let tx = Transaction::new_unsigned_instructions(vec![ix]);
        tx_sender.send(tx)?;

-        seed.copy_from_slice(&signature.to_bytes()[..32]);
+        seed.copy_from_slice(&signature.as_ref()[..32]);

        let mut rng = ChaChaRng::from_seed(seed);

@ -340,7 +340,7 @@ impl StorageStage {
            return Ok(());
        }
        // TODO: what if the validator does not have this segment
-        let segment = signature.to_bytes()[0] as usize % num_segments;
+        let segment = signature.as_ref()[0] as usize % num_segments;

        debug!(
            "storage verifying: segment: {} identities: {}",