deps: Use ed25519-consensus instead of ed25519-dalek (#1067)

[hdevalence]

Backports this change to the new main (was #1067).

• Use ed25519-consensus instead of ed25519-dalek

Closes #355 (see that issue for more context; ed25519-consensus is a fork of ed25519-zebra that's Zcash-independent).

This change ensures that tendermint-rs has the same signature verification as tendermint, which uses the validation criteria provided by the Go ed25519consensus library.

• clippy fixes

Co-authored-by: Thane Thomson connect@thanethomson.com

• Remove redundant dependency

Signed-off-by: Thane Thomson connect@thanethomson.com

• cargo fmt

Signed-off-by: Thane Thomson connect@thanethomson.com

• Add changelog entries

Signed-off-by: Thane Thomson connect@thanethomson.com

Co-authored-by: Henry de Valence hdevalence@penumbra.zone

[codecov-commenter]

Codecov Report

Merging #1245 (726c637) into main (560c852) will decrease coverage by 0.0%.
The diff coverage is 67.8%.

@@           Coverage Diff           @@
##            main   #1245     +/-   ##
=======================================
- Coverage   64.4%   64.4%   -0.1%     
=======================================
  Files        245     245             
  Lines      21581   21547     -34     
=======================================
- Hits       13917   13889     -28     
+ Misses      7664    7658      -6     

Impacted Files	Coverage Δ
p2p/src/error.rs	0.0% <ø> (ø)
p2p/src/secret_connection/amino_types.rs	0.0% <0.0%> (ø)
tendermint/src/error.rs	0.0% <0.0%> (ø)
tendermint/src/private_key.rs	28.7% <36.3%> (+4.9%)	⬆️
p2p/src/secret_connection/protocol.rs	59.8% <60.0%> (ø)
p2p/src/secret_connection.rs	86.6% <78.5%> (-0.2%)	⬇️
p2p/src/secret_connection/public_key.rs	80.6% <83.3%> (ø)
tendermint/src/public_key.rs	72.5% <85.7%> (-0.3%)	⬇️
config/src/node_key.rs	60.0% <100.0%> (ø)
tendermint/src/account.rs	91.0% <100.0%> (ø)
... and 11 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[mzabaluev]

Generally looks good.

One thing which I find potentially problematic (though not a change I'm requesting now) is that ed25519-consensus does not integrate into the signature framework. Why is that?

[mzabaluev]

This error is deliberately opaque, but we can't make the Display impl transparent in flex-error, so we have our own message. OK.

[mzabaluev]

Great!

[mzabaluev]

Huh, isis still has not updated their rand version? Another reason to switch.

[hdevalence]

Generally looks good.

One thing which I find potentially problematic (though not a change I'm requesting now) is that ed25519-consensus does not integrate into the signature framework. Why is that?

There's no particular reason; there wasn't a need to do it when the crate was written, and it wasn't possible to implement for trivial reasons -- AFAIR, it was because the Signature trait requires AsRef<[u8]>, but internally the ed25519_consensus::Signature type has two [u8; 32] arrays because that was slightly more convenient as an internal representation.

We could probably add it if it's important. To be honest, the main reason we're interested in this is that the ed25519-consensus types have nicer Debug output, and that propagates into our logs when using tendermint-rs types.

[mzabaluev]

@hdevalence I think it's OK to not conform to the signature traits, as we're not going to make the Ed25519 implementation replaceable in the near term as per discussion on Slack (recap: it's not supported by Web Crypto, corner cases addressed differently by other implementations so we need the precise behavior). The API is also close enough to not require significant rework if we decide we need it.

So, I think this just needs a change to do the exhaustive match for proto's key type enum, and we can merge it.

[tony-iqlusion]

AFAIR, it was because the Signature trait requires AsRef<[u8]>, but internally the ed25519_consensus::Signature type has two [u8; 32] arrays because that was slightly more convenient as an internal representation.

@hdevalence that bound is removed in a forthcoming signature v2.0 release, FWIW:

https://docs.rs/signature/2.0.0-pre.2/signature/index.html

[hdevalence]

@hdevalence I think it's OK to not conform to the signature traits, as we're not going to make the Ed25519 implementation replaceable in the near term as per discussion on Slack (recap: it's not supported by Web Crypto, corner cases addressed differently by other implementations so we need the precise behavior). The API is also close enough to not require significant rework if we decide we need it.

So, I think this just needs a change to do the exhaustive match for proto's key type enum, and we can merge it.

Cool, I updated the exhaustive match. I'd be happy to try to support the signature traits in a later release of the crate if it becomes relevant.

[mzabaluev]

Needs merging from main, but is otherwise good to go.

[hdevalence]

Rebased.

[thanethomson]

Was the failing check here due to clippy errors from Rust v1.66? If so, #1253's been merged and that should fix things.

[thanethomson]

@hdevalence please resolve the conflicts here and then we'll merge and cut a new release.

[hdevalence]

Rebased and did another round of clippy fixes.

[xla]

(͠≖ ͜ʖ͠≖)👌

[mzabaluev]

Thank you @hdevalence and @xla!

[hdevalence]

Thanks for merging this! Are there other changes in flight at the moment, or would it be possible to get it into a release soon? (We'll have to wait for it to propagate through our dep tree before we can pick it up).