//! The `sigverify` module provides digital signature verification functions. //! By default, signatures are verified in parallel using all available CPU //! cores. When `--features=cuda` is enabled, signature verification is //! offloaded to the GPU. //! use crate::counter::Counter; use crate::packet::{Packet, SharedPackets}; use crate::result::Result; use byteorder::{LittleEndian, ReadBytesExt}; use log::Level; use solana_sdk::pubkey::Pubkey; use solana_sdk::signature::Signature; #[cfg(test)] use solana_sdk::transaction::Transaction; use std::io; use std::mem::size_of; use std::sync::atomic::AtomicUsize; pub const TX_OFFSET: usize = 0; type TxOffsets = (Vec, Vec, Vec, Vec, Vec>); #[cfg(feature = "cuda")] #[repr(C)] struct Elems { elems: *const Packet, num: u32, } #[cfg(feature = "cuda")] #[link(name = "cuda-crypt")] extern "C" { fn ed25519_init() -> bool; fn ed25519_set_verbose(val: bool); fn ed25519_verify_many( vecs: *const Elems, num: u32, //number of vecs message_size: u32, //size of each element inside the elems field of the vec total_packets: u32, total_signatures: u32, message_lens: *const u32, pubkey_offsets: *const u32, signature_offsets: *const u32, signed_message_offsets: *const u32, out: *mut u8, //combined length of all the items in vecs ) -> u32; pub fn chacha_cbc_encrypt_many_sample( input: *const u8, sha_state: *mut u8, in_len: usize, keys: *const u8, ivec: *mut u8, num_keys: u32, samples: *const u64, num_samples: u32, starting_block: u64, time_us: *mut f32, ); pub fn chacha_init_sha_state(sha_state: *mut u8, num_keys: u32); pub fn chacha_end_sha_state(sha_state_in: *const u8, out: *mut u8, num_keys: u32); } #[cfg(not(feature = "cuda"))] pub fn init() { // stub } fn verify_packet(packet: &Packet) -> u8 { use ring::signature; use solana_sdk::pubkey::Pubkey; use solana_sdk::signature::Signature; use untrusted; let (sig_len, sig_start, msg_start, pubkey_start) = get_packet_offsets(packet, 0); let mut sig_start = sig_start as usize; let mut pubkey_start = pubkey_start as usize; let msg_start = msg_start as usize; if packet.meta.size <= msg_start { return 0; } let msg_end = packet.meta.size; for _ in 0..sig_len { let pubkey_end = pubkey_start as usize + size_of::(); let sig_end = sig_start as usize + size_of::(); if pubkey_end >= packet.meta.size || sig_end >= packet.meta.size { return 0; } if signature::verify( &signature::ED25519, untrusted::Input::from(&packet.data[pubkey_start..pubkey_end]), untrusted::Input::from(&packet.data[msg_start..msg_end]), untrusted::Input::from(&packet.data[sig_start..sig_end]), ) .is_err() { return 0; } pubkey_start += size_of::(); sig_start += size_of::(); } 1 } fn verify_packet_disabled(_packet: &Packet) -> u8 { warn!("signature verification is disabled"); 1 } fn batch_size(batches: &[SharedPackets]) -> usize { batches .iter() .map(|p| p.read().unwrap().packets.len()) .sum() } #[cfg(not(feature = "cuda"))] pub fn ed25519_verify(batches: &[SharedPackets]) -> Vec> { ed25519_verify_cpu(batches) } pub fn get_packet_offsets(packet: &Packet, current_offset: u32) -> (u32, u32, u32, u32) { // Read in u64 as the size of signatures array let mut rdr = io::Cursor::new(&packet.data[TX_OFFSET..size_of::()]); let sig_len = rdr.read_u64::().unwrap() as u32; let msg_start_offset = current_offset + size_of::() as u32 + sig_len * size_of::() as u32; let pubkey_offset = msg_start_offset + size_of::() as u32; let sig_start = TX_OFFSET as u32 + size_of::() as u32; (sig_len, sig_start, msg_start_offset, pubkey_offset) } pub fn generate_offsets(batches: &[SharedPackets]) -> Result { let mut signature_offsets: Vec<_> = Vec::new(); let mut pubkey_offsets: Vec<_> = Vec::new(); let mut msg_start_offsets: Vec<_> = Vec::new(); let mut msg_sizes: Vec<_> = Vec::new(); let mut current_packet = 0; let mut v_sig_lens = Vec::new(); batches.into_iter().for_each(|p| { let mut sig_lens = Vec::new(); p.read().unwrap().packets.iter().for_each(|packet| { let current_offset = current_packet as u32 * size_of::() as u32; let (sig_len, _sig_start, msg_start_offset, pubkey_offset) = get_packet_offsets(packet, current_offset); let mut pubkey_offset = pubkey_offset; sig_lens.push(sig_len); trace!("pubkey_offset: {}", pubkey_offset); let mut sig_offset = current_offset + size_of::() as u32; for _ in 0..sig_len { signature_offsets.push(sig_offset); sig_offset += size_of::() as u32; pubkey_offsets.push(pubkey_offset); pubkey_offset += size_of::() as u32; msg_start_offsets.push(msg_start_offset); msg_sizes.push(current_offset + (packet.meta.size as u32) - msg_start_offset); } current_packet += 1; }); v_sig_lens.push(sig_lens); }); Ok(( signature_offsets, pubkey_offsets, msg_start_offsets, msg_sizes, v_sig_lens, )) } pub fn ed25519_verify_cpu(batches: &[SharedPackets]) -> Vec> { use rayon::prelude::*; let count = batch_size(batches); info!("CPU ECDSA for {}", batch_size(batches)); let rv = batches .into_par_iter() .map(|p| { p.read() .unwrap() .packets .par_iter() .map(verify_packet) .collect() }) .collect(); inc_new_counter_info!("ed25519_verify_cpu", count); rv } pub fn ed25519_verify_disabled(batches: &[SharedPackets]) -> Vec> { use rayon::prelude::*; let count = batch_size(batches); info!("disabled ECDSA for {}", batch_size(batches)); let rv = batches .into_par_iter() .map(|p| { p.read() .unwrap() .packets .par_iter() .map(verify_packet_disabled) .collect() }) .collect(); inc_new_counter_info!("ed25519_verify_disabled", count); rv } #[cfg(feature = "cuda")] pub fn init() { unsafe { ed25519_set_verbose(true); if !ed25519_init() { panic!("ed25519_init() failed"); } ed25519_set_verbose(false); } } #[cfg(feature = "cuda")] pub fn ed25519_verify(batches: &[SharedPackets]) -> Vec> { use packet::PACKET_DATA_SIZE; let count = batch_size(batches); // micro-benchmarks show GPU time for smallest batch around 15-20ms // and CPU speed for 64-128 sigverifies around 10-20ms. 64 is a nice // power-of-two number around that accounting for the fact that the CPU // may be busy doing other things while being a real fullnode // TODO: dynamically adjust this crossover if count < 64 { return ed25519_verify_cpu(batches); } let (signature_offsets, pubkey_offsets, msg_start_offsets, msg_sizes, sig_lens) = generate_offsets(batches).unwrap(); info!("CUDA ECDSA for {}", batch_size(batches)); let mut out = Vec::new(); let mut elems = Vec::new(); let mut locks = Vec::new(); let mut rvs = Vec::new(); for packets in batches { locks.push(packets.read().unwrap()); } let mut num_packets = 0; for p in locks { elems.push(Elems { elems: p.packets.as_ptr(), num: p.packets.len() as u32, }); let mut v = Vec::new(); v.resize(p.packets.len(), 0); rvs.push(v); num_packets += p.packets.len(); } out.resize(signature_offsets.len(), 0); trace!("Starting verify num packets: {}", num_packets); trace!("elem len: {}", elems.len() as u32); trace!("packet sizeof: {}", size_of::() as u32); trace!("len offset: {}", PACKET_DATA_SIZE as u32); unsafe { let res = ed25519_verify_many( elems.as_ptr(), elems.len() as u32, size_of::() as u32, num_packets as u32, signature_offsets.len() as u32, msg_sizes.as_ptr(), pubkey_offsets.as_ptr(), signature_offsets.as_ptr(), msg_start_offsets.as_ptr(), out.as_mut_ptr(), ); if res != 0 { trace!("RETURN!!!: {}", res); } } trace!("done verify"); let mut num = 0; for (vs, sig_vs) in rvs.iter_mut().zip(sig_lens.iter()) { for (mut v, sig_v) in vs.iter_mut().zip(sig_vs.iter()) { let mut vout = 1; for _ in 0..*sig_v { if 0 == out[num] { vout = 0; } num += 1; } *v = vout; if *v != 0 { trace!("VERIFIED PACKET!!!!!"); } } } inc_new_counter_info!("ed25519_verify_gpu", count); rvs } #[cfg(test)] pub fn make_packet_from_transaction(tx: Transaction) -> Packet { use bincode::serialize; let tx_bytes = serialize(&tx).unwrap(); let mut packet = Packet::default(); packet.meta.size = tx_bytes.len(); packet.data[..packet.meta.size].copy_from_slice(&tx_bytes); return packet; } #[cfg(test)] mod tests { use crate::packet::{Packet, SharedPackets}; use crate::sigverify; use crate::test_tx::test_tx; use bincode::{deserialize, serialize}; use solana_sdk::budget_program; use solana_sdk::hash::Hash; use solana_sdk::signature::{Keypair, KeypairUtil}; use solana_sdk::system_instruction::SystemInstruction; use solana_sdk::system_program; use solana_sdk::transaction::{Instruction, Transaction, SIG_OFFSET}; pub fn memfind(a: &[A], b: &[A]) -> Option { assert!(a.len() >= b.len()); let end = a.len() - b.len() + 1; for i in 0..end { if a[i..i + b.len()] == b[..] { return Some(i); } } None } #[test] fn test_layout() { let tx = test_tx(); let tx_bytes = serialize(&tx).unwrap(); let packet = serialize(&tx).unwrap(); assert_matches!(memfind(&packet, &tx_bytes), Some(sigverify::TX_OFFSET)); assert_matches!(memfind(&packet, &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]), None); } #[test] fn test_system_transaction_layout() { let tx = test_tx(); let tx_bytes = serialize(&tx).unwrap(); let sign_data = tx.get_sign_data(); let packet = sigverify::make_packet_from_transaction(tx.clone()); let (sig_len, sig_start, msg_start_offset, pubkey_offset) = sigverify::get_packet_offsets(&packet, 0); assert_eq!( memfind(&tx_bytes, &tx.signatures[0].as_ref()), Some(SIG_OFFSET) ); assert_eq!( memfind(&tx_bytes, &tx.account_keys[0].as_ref()), Some(pubkey_offset as usize) ); assert_eq!( memfind(&tx_bytes, &sign_data), Some(msg_start_offset as usize) ); assert_eq!( memfind(&tx_bytes, &tx.signatures[0].as_ref()), Some(sig_start as usize) ); assert_eq!(sig_len, 1); assert!(tx.verify_signature()); } #[test] fn test_system_transaction_userdata_layout() { use crate::packet::PACKET_DATA_SIZE; let mut tx0 = test_tx(); tx0.instructions[0].userdata = vec![1, 2, 3]; let sign_data0a = tx0.get_sign_data(); let tx_bytes = serialize(&tx0).unwrap(); assert!(tx_bytes.len() < PACKET_DATA_SIZE); assert_eq!( memfind(&tx_bytes, &tx0.signatures[0].as_ref()), Some(SIG_OFFSET) ); let tx1 = deserialize(&tx_bytes).unwrap(); assert_eq!(tx0, tx1); assert_eq!(tx1.instructions[0].userdata, vec![1, 2, 3]); tx0.instructions[0].userdata = vec![1, 2, 4]; let sign_data0b = tx0.get_sign_data(); assert_ne!(sign_data0a, sign_data0b); } #[test] fn test_get_packet_offsets() { let tx = test_tx(); let packet = sigverify::make_packet_from_transaction(tx); let (sig_len, sig_start, msg_start_offset, pubkey_offset) = sigverify::get_packet_offsets(&packet, 0); assert_eq!(sig_len, 1); assert_eq!(sig_start, 8); assert_eq!(msg_start_offset, 72); assert_eq!(pubkey_offset, 80); } fn generate_packet_vec( packet: &Packet, num_packets_per_batch: usize, num_batches: usize, ) -> Vec { // generate packet vector let batches: Vec<_> = (0..num_batches) .map(|_| { let packets = SharedPackets::default(); packets .write() .unwrap() .packets .resize(0, Default::default()); for _ in 0..num_packets_per_batch { packets.write().unwrap().packets.push(packet.clone()); } assert_eq!(packets.read().unwrap().packets.len(), num_packets_per_batch); packets }) .collect(); assert_eq!(batches.len(), num_batches); batches } fn test_verify_n(n: usize, modify_data: bool) { let tx = test_tx(); let mut packet = sigverify::make_packet_from_transaction(tx); // jumble some data to test failure if modify_data { packet.data[20] = packet.data[20].wrapping_add(10); } let batches = generate_packet_vec(&packet, n, 2); // verify packets let ans = sigverify::ed25519_verify(&batches); // check result let ref_ans = if modify_data { 0u8 } else { 1u8 }; assert_eq!(ans, vec![vec![ref_ans; n], vec![ref_ans; n]]); } #[test] fn test_verify_zero() { test_verify_n(0, false); } #[test] fn test_verify_one() { test_verify_n(1, false); } #[test] fn test_verify_seventy_one() { test_verify_n(71, false); } #[test] fn test_verify_multi_sig() { use crate::logger; logger::setup(); let keypair0 = Keypair::new(); let keypair1 = Keypair::new(); let keypairs = vec![&keypair0, &keypair1]; let tokens = 5; let fee = 2; let last_id = Hash::default(); let keys = vec![keypair0.pubkey(), keypair1.pubkey()]; let system_instruction = SystemInstruction::Move { tokens }; let program_ids = vec![system_program::id(), budget_program::id()]; let instructions = vec![Instruction::new(0, &system_instruction, vec![0, 1])]; let tx = Transaction::new_with_instructions( &keypairs, &keys, last_id, fee, program_ids, instructions, ); let mut packet = sigverify::make_packet_from_transaction(tx); let n = 4; let num_batches = 3; let batches = generate_packet_vec(&packet, n, num_batches); packet.data[40] = packet.data[40].wrapping_add(8); batches[0].write().unwrap().packets.push(packet); // verify packets let ans = sigverify::ed25519_verify(&batches); // check result let ref_ans = 1u8; let mut ref_vec = vec![vec![ref_ans; n]; num_batches]; ref_vec[0].push(0u8); assert_eq!(ans, ref_vec); } #[test] fn test_verify_fail() { test_verify_n(5, true); } }