Line data Source code
1 : #include "fd_vm_syscall.h"
2 :
3 : #include "../../../ballet/bn254/fd_bn254.h"
4 : #include "../../../ballet/bn254/fd_poseidon.h"
5 : #include "../../../ballet/secp256k1/fd_secp256k1.h"
6 : #include "../../runtime/fd_bank.h"
7 :
8 : int
9 : fd_vm_syscall_sol_alt_bn128_group_op( void * _vm,
10 : ulong group_op,
11 : ulong input_addr,
12 : ulong input_sz,
13 : ulong result_addr,
14 : FD_PARAM_UNUSED ulong r5,
15 0 : ulong * _ret ) {
16 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1509 */
17 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
18 0 : ulong ret = 1UL; /* by default return Ok(1) == error */
19 :
20 : /* G1/pairing little endian syscalls are under feature gate alt_bn128_little_endian.
21 : To clean up the feature gate after activation, just remove this block
22 : (the rest of the function will behave correctly). */
23 0 : {
24 0 : if( FD_UNLIKELY(
25 0 : !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, alt_bn128_little_endian )
26 0 : && ( group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE
27 0 : || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE
28 0 : || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE )
29 0 : ) ) {
30 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
31 0 : return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
32 0 : }
33 0 : }
34 :
35 : /* G2 syscalls are under feature gate enable_alt_bn128_g2_syscalls.
36 : To clean up the feature gate after activation, just remove this block
37 : (the rest of the function will behave correctly). */
38 0 : {
39 0 : if( FD_UNLIKELY(
40 0 : !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, enable_alt_bn128_g2_syscalls )
41 0 : && ( group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE
42 0 : || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE
43 0 : || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE
44 0 : || group_op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE )
45 0 : ) ) {
46 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
47 0 : return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
48 0 : }
49 0 : }
50 :
51 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1520-L1549 */
52 0 : ulong cost = 0UL;
53 0 : ulong output_sz = 0UL;
54 0 : switch( group_op ) {
55 :
56 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_BE:
57 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE:
58 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
59 0 : cost = FD_VM_ALT_BN128_G1_ADDITION_COST;
60 0 : break;
61 :
62 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_BE:
63 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE:
64 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
65 0 : cost = FD_VM_ALT_BN128_G1_MULTIPLICATION_COST;
66 0 : break;
67 :
68 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE:
69 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE:
70 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
71 0 : cost = FD_VM_ALT_BN128_G2_ADDITION_COST;
72 0 : break;
73 :
74 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE:
75 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE:
76 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
77 0 : cost = FD_VM_ALT_BN128_G2_MULTIPLICATION_COST;
78 0 : break;
79 :
80 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_BE:
81 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE:
82 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_OUTPUT_SZ;
83 0 : ulong elements_len = input_sz / FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_INPUT_EL_SZ;
84 0 : cost = FD_VM_ALT_BN128_PAIRING_ONE_PAIR_COST_FIRST
85 0 : + FD_VM_SHA256_BASE_COST
86 0 : + FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_OUTPUT_SZ;
87 0 : cost = fd_ulong_sat_add( cost,
88 0 : fd_ulong_sat_mul( FD_VM_ALT_BN128_PAIRING_ONE_PAIR_COST_OTHER,
89 0 : fd_ulong_sat_sub( elements_len, 1 ) ) );
90 0 : cost = fd_ulong_sat_add( cost, input_sz );
91 0 : break;
92 :
93 0 : default:
94 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
95 0 : return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
96 0 : }
97 :
98 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1551 */
99 :
100 0 : FD_VM_CU_UPDATE( vm, cost );
101 :
102 0 : uchar * call_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, output_sz );
103 0 : uchar const * input = FD_VM_MEM_SLICE_HADDR_LD( vm, input_addr, FD_VM_ALIGN_RUST_U8, input_sz );
104 :
105 0 : int big_endian = ( group_op & FD_VM_SYSCALL_SOL_ALT_BN128_LITTLE_ENDIAN_FLAG ) ? 0 : 1;
106 :
107 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1567-L1598
108 : Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
109 0 : switch( group_op ) {
110 :
111 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_BE:
112 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_ADD_LE:
113 : /* Compute add */
114 0 : if( FD_LIKELY( fd_bn254_g1_add_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
115 0 : ret = 0UL; /* success */
116 0 : }
117 0 : break;
118 :
119 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_BE:
120 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_MUL_LE:
121 : /* Compute scalar mul */
122 0 : if( FD_LIKELY( fd_bn254_g1_scalar_mul_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
123 0 : ret = 0UL; /* success */
124 0 : }
125 0 : break;
126 :
127 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_BE:
128 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_ADD_LE:
129 : /* Compute add */
130 0 : if( FD_LIKELY( fd_bn254_g2_add_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
131 0 : ret = 0UL; /* success */
132 0 : }
133 0 : break;
134 :
135 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_BE:
136 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_MUL_LE:
137 : /* Compute scalar mul */
138 0 : if( FD_LIKELY( fd_bn254_g2_scalar_mul_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
139 0 : ret = 0UL; /* success */
140 0 : }
141 0 : break;
142 :
143 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_BE:
144 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING_LE:
145 : /* Compute pairing, always checking that input length is a multiple of 192.
146 : https://github.com/anza-xyz/solana-sdk/blob/bn254%40v3.1.2/bn254/src/pairing.rs#L76-L82 */
147 0 : if( FD_LIKELY( fd_bn254_pairing_is_one_syscall( call_result, input, input_sz, big_endian )==0 ) ) {
148 0 : ret = 0UL; /* success */
149 0 : }
150 0 : break;
151 0 : }
152 :
153 0 : *_ret = ret;
154 0 : return FD_VM_SUCCESS; /* Ok(SUCCESS) or Ok(ERROR) */
155 0 : }
156 :
157 : int
158 : fd_vm_syscall_sol_alt_bn128_compression( void * _vm,
159 : ulong op,
160 : ulong input_addr,
161 : ulong input_sz,
162 : ulong result_addr,
163 : FD_PARAM_UNUSED ulong r5,
164 0 : ulong * _ret ) {
165 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1776 */
166 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
167 0 : ulong ret = 1UL; /* by default return Ok(1) == error */
168 :
169 : /* G1/G2 little endian syscalls are under feature gate alt_bn128_little_endian.
170 : To clean up the feature gate after activation, just remove this block
171 : (the rest of the function will behave correctly). */
172 0 : {
173 0 : if( FD_UNLIKELY(
174 0 : !FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, alt_bn128_little_endian )
175 0 : && ( op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE
176 0 : || op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE
177 0 : || op==FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE
178 0 : || op==FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE )
179 0 : ) ) {
180 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
181 0 : return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
182 0 : }
183 0 : }
184 :
185 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1791-L1811 */
186 0 : ulong cost = 0UL;
187 0 : ulong output_sz = 0UL;
188 0 : switch( op ) {
189 :
190 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_BE:
191 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE:
192 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESSED_SZ;
193 0 : cost = FD_VM_ALT_BN128_G1_COMPRESS;
194 0 : break;
195 :
196 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_BE:
197 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE:
198 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ;
199 0 : cost = FD_VM_ALT_BN128_G1_DECOMPRESS;
200 0 : break;
201 :
202 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_BE:
203 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE:
204 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESSED_SZ;
205 0 : cost = FD_VM_ALT_BN128_G2_COMPRESS;
206 0 : break;
207 :
208 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_BE:
209 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE:
210 0 : output_sz = FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ;
211 0 : cost = FD_VM_ALT_BN128_G2_DECOMPRESS;
212 0 : break;
213 :
214 0 : default:
215 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE );
216 0 : return FD_VM_SYSCALL_ERR_INVALID_ATTRIBUTE; /* SyscallError::InvalidAttribute */
217 0 : }
218 0 : cost = fd_ulong_sat_add( cost, FD_VM_SYSCALL_BASE_COST );
219 :
220 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1813 */
221 :
222 0 : FD_VM_CU_UPDATE( vm, cost );
223 :
224 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1815-L1827 */
225 :
226 0 : uchar * call_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, output_sz );
227 0 : void const * input = FD_VM_MEM_SLICE_HADDR_LD( vm, input_addr, FD_VM_ALIGN_RUST_U8, input_sz );
228 :
229 0 : int big_endian = ( op & FD_VM_SYSCALL_SOL_ALT_BN128_LITTLE_ENDIAN_FLAG ) ? 0 : 1;
230 :
231 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1829-L1891
232 : Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
233 0 : switch( op ) {
234 :
235 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_BE:
236 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESS_LE:
237 0 : if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G1_SZ ) ) {
238 0 : goto soft_error;
239 0 : }
240 0 : if( FD_LIKELY( fd_bn254_g1_compress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
241 0 : ret = 0UL; /* success */
242 0 : }
243 0 : break;
244 :
245 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_BE:
246 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G1_DECOMPRESS_LE:
247 0 : if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G1_COMPRESSED_SZ ) ) {
248 0 : goto soft_error;
249 0 : }
250 0 : if( FD_LIKELY( fd_bn254_g1_decompress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
251 0 : ret = 0UL; /* success */
252 0 : }
253 0 : break;
254 :
255 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_BE:
256 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESS_LE:
257 0 : if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G2_SZ ) ) {
258 0 : goto soft_error;
259 0 : }
260 0 : if( FD_LIKELY( fd_bn254_g2_compress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
261 0 : ret = 0UL; /* success */
262 0 : }
263 0 : break;
264 :
265 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_BE:
266 0 : case FD_VM_SYSCALL_SOL_ALT_BN128_G2_DECOMPRESS_LE:
267 0 : if( FD_UNLIKELY( input_sz!=FD_VM_SYSCALL_SOL_ALT_BN128_G2_COMPRESSED_SZ ) ) {
268 0 : goto soft_error;
269 0 : }
270 0 : if( FD_LIKELY( fd_bn254_g2_decompress( call_result, fd_type_pun_const(input), big_endian ) ) ) {
271 0 : ret = 0UL; /* success */
272 0 : }
273 0 : break;
274 0 : }
275 :
276 0 : soft_error:
277 0 : *_ret = ret;
278 0 : return FD_VM_SUCCESS; /* Ok(SUCCESS) or Ok(ERROR) */
279 0 : }
280 :
281 : int
282 : fd_vm_syscall_sol_poseidon( void * _vm,
283 : ulong params,
284 : ulong endianness,
285 : ulong vals_addr,
286 : ulong vals_len,
287 : ulong result_addr,
288 0 : ulong * _ret ) {
289 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1678 */
290 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
291 0 : ulong ret = 1UL; /* by default return Ok(1) == error */
292 :
293 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1688 */
294 :
295 0 : if( FD_UNLIKELY( params!=0UL ) ) {
296 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_POSEIDON_INVALID_PARAMS );
297 0 : return FD_VM_SYSCALL_ERR_POSEIDON_INVALID_PARAMS; /* PoseidonSyscallError::InvalidParameters */
298 0 : }
299 :
300 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1689 */
301 :
302 0 : if( FD_UNLIKELY(
303 0 : endianness!=0UL /* Big endian */
304 0 : && endianness!=1UL /* Little endian */
305 0 : ) ) {
306 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_POSEIDON_INVALID_ENDIANNESS );
307 0 : return FD_VM_SYSCALL_ERR_POSEIDON_INVALID_ENDIANNESS; /* PoseidonSyscallError::InvalidEndianness */
308 0 : }
309 :
310 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1691-L1698 */
311 :
312 0 : if( FD_UNLIKELY( vals_len > FD_VM_SYSCALL_SOL_POSEIDON_MAX_VALS ) ) {
313 : /* Max msg_sz = 47 - 3 + 20 = 64 < 127 => we can use printf */
314 0 : fd_log_collector_printf_dangerous_max_127( vm->instr_ctx,
315 0 : "Poseidon hashing %lu sequences is not supported", vals_len );
316 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
317 0 : return FD_VM_SYSCALL_ERR_INVALID_LENGTH; /* SyscallError::InvalidLength */
318 0 : }
319 :
320 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1700-L1707
321 : poseidon_cost(): https://github.com/solana-labs/solana/blob/v1.18.12/program-runtime/src/compute_budget.rs#L211 */
322 :
323 : /* vals_len^2 * A + C */
324 0 : ulong cost = fd_ulong_sat_add(
325 0 : fd_ulong_sat_mul(
326 0 : fd_ulong_sat_mul( vals_len, vals_len ),
327 0 : FD_VM_POSEIDON_COST_COEFFICIENT_A
328 0 : ),
329 0 : FD_VM_POSEIDON_COST_COEFFICIENT_C
330 0 : );
331 :
332 : /* The following can never happen, left as comment for completeness.
333 : if( FD_UNLIKELY( cost == ULONG_MAX ) ) {
334 : fd_vm_log_append_printf( vm, "Overflow while calculating the compute cost" );
335 : return FD_VM_SYSCALL_ERR_ARITHMETIC_OVERFLOW; // SyscallError::ArithmeticOverflow
336 : }
337 : */
338 :
339 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1708 */
340 :
341 0 : FD_VM_CU_UPDATE( vm, cost );
342 :
343 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1710-L1715 */
344 :
345 0 : uchar * hash_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_addr, 32UL );
346 :
347 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1716-L1732 */
348 :
349 : /* Agave allocates a vector of translated slices (that can return a fatal
350 : error), and then computes Poseidon, returning a soft error in case of
351 : issues (e.g. invalid input).
352 :
353 : We must be careful in returning the correct fatal vs soft error.
354 :
355 : The special case of vals_len==0 returns Ok(1), so for simplicity
356 : we capture it explicitly. */
357 :
358 0 : if( FD_UNLIKELY( !vals_len ) ) {
359 0 : goto soft_error;
360 0 : }
361 :
362 : /* First loop to memory map. This can return a fatal error. */
363 0 : fd_vm_vec_t const * input_vec_haddr = (fd_vm_vec_t const *)FD_VM_MEM_HADDR_LD( vm, vals_addr, FD_VM_VEC_ALIGN, vals_len*sizeof(fd_vm_vec_t) );
364 0 : void const * inputs_haddr[ FD_VM_SYSCALL_SOL_POSEIDON_MAX_VALS ];
365 0 : for( ulong i=0UL; i<vals_len; i++ ) {
366 0 : inputs_haddr[i] = FD_VM_MEM_SLICE_HADDR_LD( vm, input_vec_haddr[i].addr, FD_VM_ALIGN_RUST_U8, input_vec_haddr[i].len );
367 0 : }
368 :
369 : /* https://github.com/anza-xyz/agave/blob/v1.18.12/programs/bpf_loader/src/syscalls/mod.rs#L1734-L1750
370 : Note: this implementation is post SIMD-0129, we only support the simplified error codes. */
371 :
372 : /* Second loop to computed Poseidon. This can return a soft error. */
373 0 : int big_endian = endianness==0;
374 0 : int enforce_padding = FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, poseidon_enforce_padding );
375 0 : fd_poseidon_t pos[1];
376 0 : fd_poseidon_init( pos, big_endian );
377 :
378 0 : for( ulong i=0UL; i<vals_len; i++ ) {
379 0 : if( FD_UNLIKELY( fd_poseidon_append( pos, inputs_haddr[ i ], input_vec_haddr[i].len, enforce_padding )==NULL ) ) {
380 0 : goto soft_error;
381 0 : }
382 0 : }
383 :
384 0 : ret = !fd_poseidon_fini( pos, hash_result );
385 :
386 0 : soft_error:
387 0 : *_ret = ret;
388 0 : return FD_VM_SUCCESS; /* Ok(1) == error */
389 0 : }
390 :
391 : #if FD_HAS_S2NBIGNUM
392 :
393 : int
394 : fd_vm_syscall_sol_secp256k1_recover( /**/ void * _vm,
395 : /**/ ulong hash_vaddr,
396 : /**/ ulong recovery_id_val,
397 : /**/ ulong signature_vaddr,
398 : /**/ ulong result_vaddr,
399 : FD_PARAM_UNUSED ulong r5,
400 0 : /**/ ulong * _ret ) {
401 : /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L810 */
402 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
403 :
404 : /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L820-L821 */
405 :
406 0 : FD_VM_CU_UPDATE( vm, FD_VM_SECP256K1_RECOVER_COST );
407 :
408 : /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/syscalls/mod.rs#L957-L968 */
409 :
410 0 : uchar * pubkey_result = FD_VM_HADDR_QUERY_U8_SLICE( vm, result_vaddr, 64UL );
411 0 : uchar const * hash = FD_VM_MEM_HADDR_LD( vm, hash_vaddr, FD_VM_ALIGN_RUST_U8, 32UL );
412 0 : uchar const * sig = FD_VM_MEM_HADDR_LD( vm, signature_vaddr, FD_VM_ALIGN_RUST_U8, 64UL );
413 :
414 : /* CRITICAL */
415 :
416 : /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L842-L853 */
417 :
418 : /* Secp256k1RecoverError::InvalidHash
419 : This can never happen, as `libsecp256k1::Message::parse_slice(hash)`
420 : only checks that hash is 32-byte long, and that's by construction.
421 : https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L657-L665
422 :
423 : if( FD_UNLIKELY( 0 ) ) {
424 : *_ret = 1UL; // Secp256k1RecoverError::InvalidHash
425 : return FD_VM_SUCCESS;
426 : }
427 : */
428 :
429 : /* Secp256k1RecoverError::InvalidRecoveryId
430 : Agave code has 2 checks: the first is a cast from u64 to u8.
431 : The second is `libsecp256k1::RecoveryId::parse(adjusted_recover_id_val)` that
432 : checks if `adjusted_recover_id_val < 4`.
433 : https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L674-L680
434 : */
435 :
436 0 : if( FD_UNLIKELY( recovery_id_val >= 4UL ) ) {
437 0 : *_ret = 2UL; /* Secp256k1RecoverError::InvalidRecoveryId */
438 0 : return FD_VM_SUCCESS;
439 0 : }
440 :
441 : /* Secp256k1RecoverError::InvalidSignature
442 : We omit this check, as this is done as part of fd_secp256k1_recover() below,
443 : and the return code is the same.
444 :
445 : In more details, this checks that the signature is valid, i.e. if the
446 : signature is represented as two scalars (r, s), it checks that both r
447 : and s are canonical scalars.
448 :
449 : Note the `?` at the end of this line:
450 : https://github.com/paritytech/libsecp256k1/blob/v0.6.0/src/lib.rs#L535
451 : And following the code, `scalar::check_overflow` is checks that the scalar is valid:
452 : https://github.com/paritytech/libsecp256k1/blob/master/core/src/scalar.rs#L70-L87 */
453 :
454 : /* https://github.com/anza-xyz/agave/blob/v1.18.8/programs/bpf_loader/src/syscalls/mod.rs#L855-L860 */
455 :
456 0 : uchar secp256k1_pubkey[64];
457 0 : if( FD_UNLIKELY( !fd_secp256k1_recover( secp256k1_pubkey, hash, sig, (int)recovery_id_val ) ) ) {
458 0 : *_ret = 3UL; /* Secp256k1RecoverError::InvalidSignature */
459 0 : return FD_VM_SUCCESS;
460 0 : }
461 :
462 0 : memcpy( pubkey_result, secp256k1_pubkey, 64UL );
463 :
464 0 : *_ret = 0UL;
465 0 : return FD_VM_SUCCESS;
466 0 : }
467 :
468 : #endif /* FD_HAS_S2NBIGNUM */
|
