Make crypto implementations replaceable #1238
Conversation
It has been deprecated for some time.
The API needs to be abstract, so make p256k1 signature an associated type of CryptoProvider.
Guarded by the rust-crypto feature, this is an implementation of CryptoProvider with pure Rust crates.
Move CryptoProvider definition out of the crypto module into the provider sub-module. Rename default_provider to default.
Add generic methods Header::hash_with and ValidatorSet::hash_with enabling a custom CryptoProvider to be plugged in for calculating hashes. The .hash() methods, implemented with the DefaultCryptoProvider, are feature-gated behind "rust-crypto".
2usize.next_power_of_two() / 1 == 1, and we have eliminated the other two explicitly matched cases at the call site, so the non-catchall match branches and the panics are dead code.
The Hasher trait is obviated by CryptoProvider. Also, we could do with less dynamic dispatching.
|
Minimized the failing |
|
I have been reviewing the changes, some thoughts came to my mind, don’t know how much is applicable:
Therefore, e.g.: pub trait HashProvider: Default + Send + Sync {
// Using `Hash` instead of `Sha256` as it might accept other hashing algorithms
// Though, I noticed we also have `Hash` types in other places like:
// `tendermint/hash.rs` and `tendermint/merkle.rs` don't know if these could be integrated
type Hash: Digest<OutputSize = U32> + FixedOutputReset;
type Hasher: Hasher<Self::Hash>
pub trait Hasher<H: HashProvider> {
fn hasher(&self, hash: &H) -> Result<[u8; 32], Error>;
use signature::{Signature, Signer, Verifier};
pub trait SignatureProvider: Default + Send + Sync {
// Using `Signature` instead of `EcdsaSecp256k1Signature` to not be curve specific
type Signature: Signature;
type Signer: Signer<Self::Signature>;
type Verifier: Verifier<Self::Signature>;
}
pub trait HashTree: HashProvider {
fn simple_hash_from_byte_vectors(&self, byte_vecs: &[Vec<u8>]) -> Hash
} |
In this PR I actually managed to avoid introducing
I like it, this continues breaking down of
From the name it's not very clear what does this trait do. In other crypto code, the term "hasher" is typically used for the digest state objects, but here it looks like it's meant for hashing To think of it a bit more, maybe we just want to put more specialized and domain-friendly faces on top of
So it's actually a "hash-me" trait.
I would not couple hashing strategies in one trait hierarchy with the hashing provider, it seems to me like they could be implemented orthogonally. Alternative hashing strategies seem like YAGNI for the purposes of this change, so I'd put it off to a later redesign. |
I meant so. And actually, having one of
This could be a good idea
Agree, it could be the subject of future work if necessary |
Instead of a super-trait whose sole purpose is to bind down some associated types that provide the actual functionality, provide: - Sha256, a purpose-specific trait for SHA256 hashing that has a more human-friendly interface than rust-crypto. - Nothing else for signing and verifying! These are covered by the signature framework, and it's easy to plug into that as the alt_crypto test demonstrates. The crypto::default module, gated by the "rust-crypto" feature, provides aliases for pure Rust implementations.
|
I liked the generic interface over the Merkle tree 👍 While reviewing, I came up with some ideas you might want to consider.
|
|
#1238 (comment) would work for us as long as the |
|
FYI the |
We should update to it after ed25519-consensus and other crates release their updates using the same version. |
Do you have a list of all the crates we need to wait on? |
Not in this PR, but here's a brief survey of the dependency tree:
|
|
|
@tony-iqlusion Now that the warts in |
Define Verifier trait to abstract signature verification given a PublicKey. The ed25519-consensus dependency is made optional and gated by the "rust-crypto" feature. The Verifier implementation is provided for a dummy type crate::crypto::default::signature::Verifier, using ed25519-consensus. The Ed25519 key types in public_key and private_key module are redefined to in-crate newtypes.
mzabaluev
force-pushed
the
mikhail/add-crypto-provider
branch
from
dd57553
to
d525562
Compare
As we don't currently use the signature framework, it makes no sense to provide its traits through the crate.
Implement the new Verifier trait instead of the signature traits.
|
Really appreciate this!! |
|
@Farhad-Shabani can you please review this PR? We really need it merged :) |
|
@Farhad-Shabani I approved the PR and merged |
|
Thank you so much @mzabaluev, I truly appreciate your patience. And thank you @romac for reviewing it 🙏🏻 |
Resolves: #1213
I took some of the changes from #1214 and made more extensive use of them in tendermint hashing.
.changelog/