Investigate some design tweaks over Crypto Implementation

.changelog/unreleased/breaking-changes/1238-crypto-provider-traits.md

@@ -0,0 +1,42 @@
+- `[tendermint]` Make implementations of cryptographic primitives replaceable
+  ([#1238](https://github.com/informalsystems/tendermint-rs/pull/1238)).
+  * Provide a `Sha256` trait in module `crypto` and make digest hashing
+  implementations available through it.
+  * The module `crypto::default` provides pure Rust implementations of the
+    cryptographic traits, mostly conformant to the framework given in
+    the `digest` and `signature` crates. The module is made available by a
+    new `rust-crypto` feature, enabled by default.
+  * `merkle::simple_hash_from_byte_vectors` is made generic over an
+    implementation of the new `MerkleHash` trait. Implementations for
+    Rust-Crypto conformant digest objects and the non-incremental
+    `crypto::Sha256` API are provided in the crate.
+  * The `Header::hash` and `ValidatorSet::hash` methods are gated by the
+    `rust-crypto` feature. Generic hashing methods not dependent on
+    the default crypto implementations are added for both types,
+    named `hash_with`.
+  * Conversions to `account::Id` and `node::Id` from `PublicKey` and
+    curve-specific key types are gated by the `rust-crypto` feature.
+  * The `validator::Info::new` method is gated by the `rust-crypto` feature.
+  * Remove a deprecated constant `signature::ED25519_SIGNATURE_SIZE`.
+
+- `[tendermint-light-client-verifier]` Changes for the new Tendermint crypto API
+  ([#1238](https://github.com/informalsystems/tendermint-rs/pull/1238)).
+  * The `rust-crypto` feature, enabled by default, guards the
+    batteries-included implementation types: `ProdVerifier`, `ProdPredicates`.
+  * Remove the `operations::hasher` API (`Hasher` and `ProdHasher`),
+    made unnecessary by the new crypto abstractions in the `tendermint` crate.
+  * The `VerificationPredicates` trait features a `Sha256` associated type
+    to represent the hasher implementation, replacing the `&dyn Hasher`
+    parameter passed to methods.
+  * Change the type of the `VerificationErrorDetail::FaultySigner` field
+    `validator_set` to `ValidatorSet`. This removes a hasher dependency from
+    `CommitValidator`, and `ProdCommitValidator` is now an empty dummy type.
+
+- `[tendermint-light-client]` Changes for the new Tendermint crypto API
+  ([#1238](https://github.com/informalsystems/tendermint-rs/pull/1238)).
+  * The `rust-crypto` feature enables the default crypto implementations,
+    and is required by the `rpc-client` and `unstable` features.
+    `ProdForkDetector` is guarded by this feature, and is made a specific
+    type alias to the hasher-generic `ProvidedForkDetector` type.
+  * `LightClientBuilder` gets another type parameter for the Merkle hasher.
+    Its generic constructors lose the `Hasher` parameter.

light-client-js/src/lib.rs

@@ -15,10 +15,13 @@ use std::time::Duration;
 
 use serde::{Deserialize, Serialize};
 use tendermint::Time;
+// TODO: Use Web Crypto API for cryptographic routines.
+// https://github.com/informalsystems/tendermint-rs/issues/1241
+use tendermint_light_client_verifier::ProdVerifier;
 use tendermint_light_client_verifier::{
     options::Options,
     types::{LightBlock, TrustThreshold},
-    ProdVerifier, Verifier,
+    Verifier,
 };
 use wasm_bindgen::{prelude::*, JsValue};
 

light-client-verifier/Cargo.toml

@@ -35,3 +35,4 @@ flex-error = { version = "0.4.4", default-features = false }
 
 [dev-dependencies]
 tendermint-testgen = { path = "../testgen", default-features = false }
+sha2 = { version = "0.10", default-features = false }

light-client-verifier/src/errors.rs

@@ -9,7 +9,7 @@ use tendermint::{account::Id, Error as TendermintError};
 use crate::{
     operations::voting_power::VotingPowerTally,
     prelude::*,
-    types::{Hash, Height, Time, Validator, ValidatorAddress},
+    types::{Hash, Height, Time, Validator, ValidatorAddress, ValidatorSet},
 };
 
 define_error! {
@@ -161,13 +161,12 @@ define_error! {
         FaultySigner
             {
                 signer: Id,
-                validator_set: Hash
+                validator_set: ValidatorSet
             }
             | e | {
                 format_args!(
-                    "Found a faulty signer ({}) not present in the validator set ({})",
+                    "Found a faulty signer ({}) not present in the validator set",
                     e.signer,
-                    e.validator_set
                 )
             },
 

light-client-verifier/src/operations.rs

@@ -1,8 +1,5 @@
 //! Crypto function traits allowing mocking out during testing
 
-pub mod hasher;
-pub use self::hasher::*;
-
 pub mod voting_power;
 pub use self::voting_power::*;
 

light-client-verifier/src/operations/commit_validator.rs

@@ -4,48 +4,12 @@ use tendermint::block::CommitSig;
 
 use crate::{
     errors::VerificationError,
-    operations::{Hasher, ProdHasher},
     types::{SignedHeader, ValidatorSet},
 };
 
 /// Validates the commit associated with a header against a validator set
 pub trait CommitValidator: Send + Sync {
     /// Perform basic validation
-    fn validate(
-        &self,
-        signed_header: &SignedHeader,
-        validators: &ValidatorSet,
-    ) -> Result<(), VerificationError>;
-
-    /// Perform full validation, only necessary if we do full verification (2/3)
-    fn validate_full(
-        &self,
-        signed_header: &SignedHeader,
-        validator_set: &ValidatorSet,
-    ) -> Result<(), VerificationError>;
-}
-
-/// Production-ready implementation of a commit validator
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct ProdCommitValidator {
-    hasher: ProdHasher,
-}
-
-impl ProdCommitValidator {
-    /// Create a new commit validator using the given [`Hasher`]
-    /// to compute the hash of headers and validator sets.
-    pub fn new(hasher: ProdHasher) -> Self {
-        Self { hasher }
-    }
-}
-
-impl Default for ProdCommitValidator {
-    fn default() -> Self {
-        Self::new(ProdHasher::default())
-    }
-}
-
-impl CommitValidator for ProdCommitValidator {
     fn validate(
         &self,
         signed_header: &SignedHeader,
@@ -71,12 +35,7 @@ impl CommitValidator for ProdCommitValidator {
         Ok(())
     }
 
-    // This check is only necessary if we do full verification (2/3)
-    //
-    // See https://github.com/informalsystems/tendermint-rs/issues/281
-    //
-    // It returns `ImplementationSpecific` error if it detects a signer
-    // that is not present in the validator set
+    /// Perform full validation, only necessary if we do full verification (2/3)
     fn validate_full(
         &self,
         signed_header: &SignedHeader,
@@ -96,11 +55,17 @@ impl CommitValidator for ProdCommitValidator {
             if validator_set.validator(*validator_address).is_none() {
                 return Err(VerificationError::faulty_signer(
                     *validator_address,
-                    self.hasher.hash_validator_set(validator_set),
+                    validator_set.clone(),
                 ));
             }
         }
 
         Ok(())
     }
 }
+
+/// Production-ready implementation of a commit validator.
+#[derive(Copy, Clone, Default, Debug)]
+pub struct ProdCommitValidator;
+
+impl CommitValidator for ProdCommitValidator {}

light-client-verifier/src/operations/voting_power.rs

@@ -146,7 +146,7 @@ impl VotingPowerCalculator for ProdVotingPowerCalculator {
             // Check vote is valid
             let sign_bytes = signed_vote.sign_bytes();
             if validator
-                .verify_signature(&sign_bytes, signed_vote.signature())
+                .verify(&sign_bytes, signed_vote.signature())
                 .is_err()
             {
                 return Err(VerificationError::invalid_signature(