LCOV - code coverage report
Current view: top level - flamenco/vm/syscall - fd_vm_syscall_crypto.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 0 264 0.0 %
Date: 2026-02-04 05:34:24 Functions: 0 4 0.0 % 

          Line data    Source code
       1             : #include "fd_vm_syscall.h"
       2             : 
       3             : #include "../../../ballet/bn254/fd_bn254.h"
       4             : #include "../../../ballet/bn254/fd_poseidon.h"
       5             : #include "../../../ballet/secp256k1/fd_secp256k1.h"
       6             : #include "../../runtime/fd_bank.h"
       7             : 
       8             : int
       9             : fd_vm_syscall_sol_alt_bn128_group_op( void *  _vm,
      10             :                                       ulong   group_op,
      11             :                                       ulong   input_addr,
      12             :                                       ulong   input_sz,
      13             :                                       ulong   result_addr,
      14             :                                       FD_PARAM_UNUSED ulong r5,
      15           0 :                                       ulong * _ret ) {
      16             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1509 */
      17           0 :   fd_vm_t * vm  = (fd_vm_t *)_vm;
      18           0 :   ulong     ret = 1UL; /* by default return Ok(1) == error */
      19             : 
      20             :   /* G1/pairing little endian syscalls are under feature gate alt_bn128_little_endian.
      21             :      To clean up the feature gate after activation, just remove this block
      22             :      (the rest of the function will behave correctly). */
      23           0 :   {
      24           0 :     if( FD_UNLIKELY(
      25           0 :       !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, alt_bn128_little_endian )
      26           0 :       && ( group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE
      27           0 :         || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE
      28           0 :         || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE )
      29           0 :     ) ) {
      30           0 :       FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
      31           0 :       return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
      32           0 :     }
      33           0 :   }
      34             : 
      35             :   /* G2 syscalls are under feature gate enable_alt_bn128_g2_syscalls.
      36             :      To clean up the feature gate after activation, just remove this block
      37             :      (the rest of the function will behave correctly). */
      38           0 :   {
      39           0 :     if( FD_UNLIKELY(
      40           0 :       !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, enable_alt_bn128_g2_syscalls )
      41           0 :       && ( group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE
      42           0 :         || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE
      43           0 :         || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE
      44           0 :         || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE )
      45           0 :     ) ) {
      46           0 :       FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
      47           0 :       return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
      48           0 :     }
      49           0 :   }
      50             : 
      51             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1520-L1549 */
      52           0 :   ulong cost = 0UL;
      53           0 :   ulong output_sz = 0UL;
      54           0 :   switch( group_op ) {
      55             : 
      56           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_BE:
      57           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE:
      58           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
      59           0 :     cost = FD_VM_ALT_BN128_G1_ADDITION_COST;
      60           0 :     break;
      61             : 
      62           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_BE:
      63           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE:
      64           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
      65           0 :     cost = FD_VM_ALT_BN128_G1_MULTIPLICATION_COST;
      66           0 :     break;
      67             : 
      68           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE:
      69           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE:
      70           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
      71           0 :     cost = FD_VM_ALT_BN128_G2_ADDITION_COST;
      72           0 :     break;
      73             : 
      74           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE:
      75           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE:
      76           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
      77           0 :     cost = FD_VM_ALT_BN128_G2_MULTIPLICATION_COST;
      78           0 :     break;
      79             : 
      80           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_BE:
      81           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE:
      82           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_OUTPUT_SZ;
      83           0 :     ulong elements_len = input_sz / FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_INPUT_EL_SZ;
      84           0 :     cost = FD_VM_ALT_BN128_PAIRING_ONE_PAIR_COST_FIRST
      85           0 :       + FD_VM_SHA256_BASE_COST
      86           0 :       + FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_OUTPUT_SZ;
      87           0 :     cost = fd_ulong_sat_add( cost,
      88           0 :       fd_ulong_sat_mul( FD_VM_ALT_BN128_PAIRING_ONE_PAIR_COST_OTHER,
      89           0 :         fd_ulong_sat_sub( elements_len, 1 ) ) );
      90           0 :     cost = fd_ulong_sat_add( cost, input_sz );
      91           0 :     break;
      92             : 
      93           0 :   default:
      94           0 :     FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
      95           0 :     return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
      96           0 :   }
      97             : 
      98             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1551 */
      99             : 
     100           0 :   FD_VM_CU_UPDATE( vm, cost );
     101             : 
     102           0 :   uchar * call_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, output_sz );
     103           0 :   uchar const * input = FD_VM_MEM_SLICE_HADDR_LD( vm, input_addr,  FD_VM_ALIGN_RUST_U8, input_sz );
     104             : 
     105           0 :   int big_endian = ( group_op & FD_VM_SYSCALL_SOL_ALT_BN128_LITTLE_ENDIAN_FLAG ) ? 0 : 1;
     106             : 
     107             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1567-L1598
     108             :      Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
     109           0 :   switch( group_op ) {
     110             : 
     111           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_BE:
     112           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE:
     113             :     /* Compute add */
     114           0 :     if( FD_LIKELY( fd_bn254_g1_add_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
     115           0 :       ret = 0UL; /* success */
     116           0 :     }
     117           0 :     break;
     118             : 
     119           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_BE:
     120           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE:
     121             :     /* Compute scalar mul */
     122           0 :     if( FD_LIKELY( fd_bn254_g1_scalar_mul_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
     123           0 :       ret = 0UL; /* success */
     124           0 :     }
     125           0 :     break;
     126             : 
     127           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE:
     128           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE:
     129             :     /* Compute add */
     130           0 :     if( FD_LIKELY( fd_bn254_g2_add_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
     131           0 :       ret = 0UL; /* success */
     132           0 :     }
     133           0 :     break;
     134             : 
     135           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE:
     136           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE:
     137             :     /* Compute scalar mul */
     138           0 :     if( FD_LIKELY( fd_bn254_g2_scalar_mul_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
     139           0 :       ret = 0UL; /* success */
     140           0 :     }
     141           0 :     break;
     142             : 
     143           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_BE:
     144           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE:
     145             :     /* Compute pairing with length check based on feature gate.
     146             :        https://github.com/anza-xyz/solana-sdk/blob/bn254%40v3.1.2/bn254/src/pairing.rs#L76-L82 */
     147           0 :     if( FD_LIKELY( fd_bn254_pairing_is_one_syscall( call_result, input, input_sz, big_endian,
     148           0 :                                                     FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, fix_alt_bn128_pairing_length_check ) )==0 ) ) {
     149           0 :       ret = 0UL; /* success */
     150           0 :     }
     151           0 :     break;
     152           0 :   }
     153             : 
     154           0 :   *_ret = ret;
     155           0 :   return FD_VM_SUCCESS; /* Ok(SUCCESS) or Ok(ERROR) */
     156           0 : }
     157             : 
     158             : int
     159             : fd_vm_syscall_sol_alt_bn128_compression( void *  _vm,
     160             :                                          ulong   op,
     161             :                                          ulong   input_addr,
     162             :                                          ulong   input_sz,
     163             :                                          ulong   result_addr,
     164             :                                          FD_PARAM_UNUSED ulong r5,
     165           0 :                                          ulong * _ret ) {
     166             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1776 */
     167           0 :   fd_vm_t * vm  = (fd_vm_t *)_vm;
     168           0 :   ulong     ret = 1UL; /* by default return Ok(1) == error */
     169             : 
     170             :   /* G1/G2 little endian syscalls are under feature gate alt_bn128_little_endian.
     171             :      To clean up the feature gate after activation, just remove this block
     172             :      (the rest of the function will behave correctly). */
     173           0 :   {
     174           0 :     if( FD_UNLIKELY(
     175           0 :       !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, alt_bn128_little_endian )
     176           0 :       && ( op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE
     177           0 :         || op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE
     178           0 :         || op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE
     179           0 :         || op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE )
     180           0 :     ) ) {
     181           0 :       FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
     182           0 :       return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
     183           0 :     }
     184           0 :   }
     185             : 
     186             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1791-L1811 */
     187           0 :   ulong cost = 0UL;
     188           0 :   ulong output_sz = 0UL;
     189           0 :   switch( op ) {
     190             : 
     191           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_BE:
     192           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE:
     193           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESSED_SZ;
     194           0 :     cost = FD_VM_ALT_BN128_G1_COMPRESS;
     195           0 :     break;
     196             : 
     197           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_BE:
     198           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE:
     199           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
     200           0 :     cost = FD_VM_ALT_BN128_G1_DECOMPRESS;
     201           0 :     break;
     202             : 
     203           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_BE:
     204           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE:
     205           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESSED_SZ;
     206           0 :     cost = FD_VM_ALT_BN128_G2_COMPRESS;
     207           0 :     break;
     208             : 
     209           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_BE:
     210           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE:
     211           0 :     output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
     212           0 :     cost = FD_VM_ALT_BN128_G2_DECOMPRESS;
     213           0 :     break;
     214             : 
     215           0 :   default:
     216           0 :     FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
     217           0 :     return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
     218           0 :   }
     219           0 :   cost = fd_ulong_sat_add( cost, FD_VM_SYSCALL_BASE_COST );
     220             : 
     221             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1813 */
     222             : 
     223           0 :   FD_VM_CU_UPDATE( vm, cost );
     224             : 
     225             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1815-L1827 */
     226             : 
     227           0 :   uchar * call_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, output_sz );
     228           0 :   void const * input  = FD_VM_MEM_SLICE_HADDR_LD( vm, input_addr,  FD_VM_ALIGN_RUST_U8, input_sz );
     229             : 
     230           0 :   int big_endian = ( op & FD_VM_SYSCALL_SOL_ALT_BN128_LITTLE_ENDIAN_FLAG ) ? 0 : 1;
     231             : 
     232             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1829-L1891
     233             :      Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
     234           0 :   switch( op ) {
     235             : 
     236           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_BE:
     237           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE:
     238           0 :     if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ ) ) {
     239           0 :       goto soft_error;
     240           0 :     }
     241           0 :     if( FD_LIKELY( fd_bn254_g1_compress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
     242           0 :       ret = 0UL; /* success */
     243           0 :     }
     244           0 :     break;
     245             : 
     246           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_BE:
     247           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE:
     248           0 :     if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESSED_SZ ) ) {
     249           0 :       goto soft_error;
     250           0 :     }
     251           0 :     if( FD_LIKELY( fd_bn254_g1_decompress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
     252           0 :       ret = 0UL; /* success */
     253           0 :     }
     254           0 :     break;
     255             : 
     256           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_BE:
     257           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE:
     258           0 :     if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ ) ) {
     259           0 :       goto soft_error;
     260           0 :     }
     261           0 :     if( FD_LIKELY( fd_bn254_g2_compress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
     262           0 :       ret = 0UL; /* success */
     263           0 :     }
     264           0 :     break;
     265             : 
     266           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_BE:
     267           0 :   case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE:
     268           0 :     if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESSED_SZ ) ) {
     269           0 :       goto soft_error;
     270           0 :     }
     271           0 :     if( FD_LIKELY( fd_bn254_g2_decompress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
     272           0 :       ret = 0UL; /* success */
     273           0 :     }
     274           0 :     break;
     275           0 :   }
     276             : 
     277           0 : soft_error:
     278           0 :   *_ret = ret;
     279           0 :   return FD_VM_SUCCESS; /* Ok(SUCCESS) or Ok(ERROR) */
     280           0 : }
     281             : 
     282             : int
     283             : fd_vm_syscall_sol_poseidon( void *  _vm,
     284             :                             ulong   params,
     285             :                             ulong   endianness,
     286             :                             ulong   vals_addr,
     287             :                             ulong   vals_len,
     288             :                             ulong   result_addr,
     289           0 :                             ulong * _ret ) {
     290             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1678 */
     291           0 :   fd_vm_t * vm  = (fd_vm_t *)_vm;
     292           0 :   ulong     ret = 1UL; /* by default return Ok(1) == error */
     293             : 
     294             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1688 */
     295             : 
     296           0 :   if( FD_UNLIKELY( params!=0UL ) ) {
     297           0 :     FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_POSEIDON_INVALID_PARAMS );
     298           0 :     return FD_VM_SYSCALL_ERR_POSEIDON_INVALID_PARAMS; /* PoseidonSyscallError::InvalidParameters */
     299           0 :   }
     300             : 
     301             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1689 */
     302             : 
     303           0 :   if( FD_UNLIKELY(
     304           0 :        endianness!=0UL /* Big endian */
     305           0 :     && endianness!=1UL /* Little endian */
     306           0 :   ) ) {
     307           0 :     FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_POSEIDON_INVALID_ENDIANNESS );
     308           0 :     return FD_VM_SYSCALL_ERR_POSEIDON_INVALID_ENDIANNESS; /* PoseidonSyscallError::InvalidEndianness */
     309           0 :   }
     310             : 
     311             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1691-L1698 */
     312             : 
     313           0 :   if( FD_UNLIKELY( vals_len > FD_VM_SYSCALL_SOL_POSEIDON_MAX_VALS ) ) {
     314             :     /* Max msg_sz = 47 - 3 + 20 = 64 < 127 => we can use printf */
     315           0 :     fd_log_collector_printf_dangerous_max_127( vm->instr_ctx,
     316           0 :       "Poseidon hashing %lu sequences is not supported", vals_len );
     317           0 :     FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     318           0 :     return FD_VM_SYSCALL_ERR_INVALID_LENGTH; /* SyscallError::InvalidLength */
     319           0 :   }
     320             : 
     321             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1700-L1707
     322             :      poseidon_cost(): https://github.com/solana-labs/solana/blob/v1.18.12/program-runtime/src/compute_budget.rs#L211 */
     323             : 
     324             :   /* vals_len^2 * A + C */
     325           0 :   ulong cost = fd_ulong_sat_add(
     326           0 :     fd_ulong_sat_mul(
     327           0 :       fd_ulong_sat_mul( vals_len, vals_len ),
     328           0 :       FD_VM_POSEIDON_COST_COEFFICIENT_A
     329           0 :     ),
     330           0 :     FD_VM_POSEIDON_COST_COEFFICIENT_C
     331           0 :   );
     332             : 
     333             :   /* The following can never happen, left as comment for completeness.
     334             :      if( FD_UNLIKELY( cost == ULONG_MAX ) ) {
     335             :        fd_vm_log_append_printf( vm, "Overflow while calculating the compute cost" );
     336             :        return FD_VM_SYSCALL_ERR_ARITHMETIC_OVERFLOW; // SyscallError::ArithmeticOverflow
     337             :      }
     338             :   */
     339             : 
     340             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1708 */
     341             : 
     342           0 :   FD_VM_CU_UPDATE( vm, cost );
     343             : 
     344             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1710-L1715 */
     345             : 
     346           0 :   uchar * hash_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, 32UL );
     347             : 
     348             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1716-L1732 */
     349             : 
     350             :   /* Agave allocates a vector of translated slices (that can return a fatal
     351             :      error), and then computes Poseidon, returning a soft error in case of
     352             :      issues (e.g. invalid input).
     353             : 
     354             :      We must be careful in returning the correct fatal vs soft error.
     355             : 
     356             :      The special case of vals_len==0 returns Ok(1), so for simplicity
     357             :      we capture it explicitly. */
     358             : 
     359           0 :   if( FD_UNLIKELY( !vals_len ) ) {
     360           0 :     goto soft_error;
     361           0 :   }
     362             : 
     363             :   /* First loop to memory map. This can return a fatal error. */
     364           0 :   fd_vm_vec_t const * input_vec_haddr = (fd_vm_vec_t const *)FD_VM_MEM_HADDR_LD( vm, vals_addr, FD_VM_VEC_ALIGN, vals_len*sizeof(fd_vm_vec_t) );
     365           0 :   void const * inputs_haddr[ FD_VM_SYSCALL_SOL_POSEIDON_MAX_VALS ];
     366           0 :   for( ulong i=0UL; i<vals_len; i++ ) {
     367           0 :     inputs_haddr[i] = FD_VM_MEM_SLICE_HADDR_LD( vm, input_vec_haddr[i].addr, FD_VM_ALIGN_RUST_U8, input_vec_haddr[i].len );
     368           0 :   }
     369             : 
     370             :   /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1734-L1750
     371             :      Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
     372             : 
     373             :   /* Second loop to computed Poseidon. This can return a soft error. */
     374           0 :   int big_endian = endianness==0;
     375           0 :   int enforce_padding = FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, poseidon_enforce_padding );
     376           0 :   fd_poseidon_t pos[1];
     377           0 :   fd_poseidon_init( pos, big_endian );
     378             : 
     379           0 :   for( ulong i=0UL; i<vals_len; i++ ) {
     380           0 :     if( FD_UNLIKELY( fd_poseidon_append( pos, inputs_haddr[ i ], input_vec_haddr[i].len, enforce_padding )==NULL ) ) {
     381           0 :       goto soft_error;
     382           0 :     }
     383           0 :   }
     384             : 
     385           0 :   ret = !fd_poseidon_fini( pos, hash_result );
     386             : 
     387           0 : soft_error:
     388           0 :   *_ret = ret;
     389           0 :   return FD_VM_SUCCESS; /* Ok(1) == error */
     390           0 : }
     391             : 
     392             : #if FD_HAS_SECP256K1
     393             : 
     394             : int
     395             : fd_vm_syscall_sol_secp256k1_recover( /**/            void *  _vm,
     396             :                                      /**/            ulong   hash_vaddr,
     397             :                                      /**/            ulong   recovery_id_val,
     398             :                                      /**/            ulong   signature_vaddr,
     399             :                                      /**/            ulong   result_vaddr,
     400             :                                      FD_PARAM_UNUSED ulong   r5,
     401           0 :                                      /**/            ulong * _ret ) {
     402             :   /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L810 */
     403           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     404             : 
     405             :   /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L820-L821 */
     406             : 
     407           0 :   FD_VM_CU_UPDATE( vm, FD_VM_SECP256K1_RECOVER_COST );
     408             : 
     409             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/syscalls/mod.rs#L957-L968 */
     410             : 
     411           0 :   uchar * pubkey_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_vaddr, 64UL );
     412           0 :   uchar const * hash = FD_VM_MEM_HADDR_LD( vm, hash_vaddr,      FD_VM_ALIGN_RUST_U8, 32UL );
     413           0 :   uchar const * sig  = FD_VM_MEM_HADDR_LD( vm, signature_vaddr, FD_VM_ALIGN_RUST_U8, 64UL );
     414             : 
     415             :   /* CRITICAL */
     416             : 
     417             :   /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L842-L853 */
     418             : 
     419             :   /* Secp256k1RecoverError::InvalidHash
     420             :      This can never happen, as `libsecp256k1::Message::parse_slice(hash)`
     421             :      only checks that hash is 32-byte long, and that's by construction.
     422             :      https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L657-L665
     423             : 
     424             :      if( FD_UNLIKELY( 0 ) ) {
     425             :        *_ret = 1UL; // Secp256k1RecoverError::InvalidHash
     426             :        return FD_VM_SUCCESS;
     427             :      }
     428             :    */
     429             : 
     430             :   /* Secp256k1RecoverError::InvalidRecoveryId
     431             :      Agave code has 2 checks: the first is a cast from u64 to u8.
     432             :      The second is `libsecp256k1::RecoveryId::parse(adjusted_recover_id_val)` that
     433             :      checks if `adjusted_recover_id_val < 4`.
     434             :      https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L674-L680
     435             :   */
     436             : 
     437           0 :   if( FD_UNLIKELY( recovery_id_val >= 4UL ) ) {
     438           0 :     *_ret = 2UL; /* Secp256k1RecoverError::InvalidRecoveryId */
     439           0 :     return FD_VM_SUCCESS;
     440           0 :   }
     441             : 
     442             :   /* Secp256k1RecoverError::InvalidSignature
     443             :      We omit this check, as this is done as part of fd_secp256k1_recover() below,
     444             :      and the return code is the same.
     445             : 
     446             :      In more details, this checks that the signature is valid, i.e. if the
     447             :      signature is represented as two scalars (r, s), it checks that both r
     448             :      and s are canonical scalars.
     449             : 
     450             :      Note the `?` at the end of this line:
     451             :      https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L535
     452             :      And following the code, `scalar::check_overflow` is checks that the scalar is valid:
     453             :      https://github.com/paritytech/libsecp256k1/blob/master/core/src/scalar.rs#L70-L87 */
     454             : 
     455             :   /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L855-L860 */
     456             : 
     457           0 :   uchar secp256k1_pubkey[64];
     458           0 :   if( FD_UNLIKELY( !fd_secp256k1_recover( secp256k1_pubkey, hash, sig, (int)recovery_id_val ) ) ) {
     459           0 :     *_ret = 3UL; /* Secp256k1RecoverError::InvalidSignature */
     460           0 :     return FD_VM_SUCCESS;
     461           0 :   }
     462             : 
     463           0 :   memcpy( pubkey_result, secp256k1_pubkey, 64UL );
     464             : 
     465           0 :   *_ret = 0UL;
     466           0 :   return FD_VM_SUCCESS;
     467           0 : }
     468             : 
     469             : #endif /* FD_HAS_SECP256K1 */

Generated by: LCOV version 1.14