Line data Source code
1 : #include "fd_vm_syscall.h"
2 :
3 : #include "../../../ballet/ed25519/fd_curve25519.h"
4 :
5 : /* fd_compute_pda derives a PDA given:
6 : - the vm
7 : - the program id, which should be provided through either program_id or program_id_vaddr
8 : - This allows the user to pass in a program ID in either host address space or virtual address space.
9 : - If both are passed in, the host address space pubkey will be used.
10 : - the program_id pubkey in virtual address space. if the host address space pubkey is not given then the virtual address will be translated.
11 : - the seeds array vaddr
12 : - the seeds array count
13 : - an optional bump seed
14 : - out, the address in host address space where the PDA will be written to
15 :
16 : If the derived PDA was not a valid ed25519 point, then this function will return FD_VM_SYSCALL_ERR_INVALID_PDA.
17 :
18 : The derivation can also fail because of an out-of-bounds memory access, or an invalid seed list.
19 : */
20 : int
21 : fd_vm_derive_pda( fd_vm_t * vm,
22 : fd_pubkey_t const * program_id,
23 : void const * * seed_haddrs,
24 : ulong * seed_szs,
25 : ulong seeds_cnt,
26 : uchar * bump_seed,
27 0 : fd_pubkey_t * out ) {
28 :
29 : /* This is a preflight check that is performed in Agave before deriving PDAs but after checking the seeds vaddr.
30 : Weirdly they do two checks for seeds cnt - one before PDA derivation, and one during. The first check will
31 : fail the preflight checks, and the second should just continue execution. We can't put this check one level up
32 : because it's only done after haddr conversion / alignment / size checks, which is done by the above line. We
33 : also can't rely on just the second check because we need execution to halt.
34 : https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mod.rs#L728-L730 */
35 0 : if( FD_UNLIKELY( seeds_cnt>FD_VM_PDA_SEEDS_MAX ) ) {
36 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_BAD_SEEDS );
37 0 : return FD_VM_SYSCALL_ERR_BAD_SEEDS;
38 0 : }
39 :
40 : /* This check does NOT halt execution within `fd_vm_syscall_sol_try_find_program_address`. This means
41 : that if the user provides 16 seeds (excluding the bump) in the `try_find_program_address` syscall,
42 : this same check below will be hit 255 times and deduct that many CUs. Very strange...
43 : https://github.com/anza-xyz/agave/blob/v2.1.0/sdk/pubkey/src/lib.rs#L725-L727 */
44 0 : if( FD_UNLIKELY( seeds_cnt+( !!bump_seed )>FD_VM_PDA_SEEDS_MAX ) ) {
45 0 : return FD_VM_SYSCALL_ERR_INVALID_PDA;
46 0 : }
47 :
48 0 : for( ulong i=0UL; i<seeds_cnt; i++ ) {
49 : /* This is an unconditional check in Agave:
50 : https://github.com/anza-xyz/agave/blob/v2.1.6/sdk/pubkey/src/lib.rs#L729-L731
51 : */
52 0 : if( FD_UNLIKELY( seed_szs[ i ]>FD_VM_PDA_SEED_MEM_MAX ) ) {
53 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_BAD_SEEDS );
54 0 : return FD_VM_SYSCALL_ERR_BAD_SEEDS;
55 0 : }
56 0 : }
57 :
58 0 : fd_sha256_init( vm->sha );
59 0 : for( ulong i=0UL; i<seeds_cnt; i++ ) {
60 0 : ulong seed_sz = seed_szs[ i ];
61 :
62 : /* If the seed length is 0, then we don't need to append anything. solana_bpf_loader_program::syscalls::translate_slice
63 : returns an empty array in host space when given an empty array, which means this seed will have no affect on the PDA.
64 : https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mod.rs#L737-L742 */
65 0 : if( FD_UNLIKELY( !seed_sz ) ) {
66 0 : continue;
67 0 : }
68 0 : void const * seed_haddr = seed_haddrs[ i ];
69 0 : fd_sha256_append( vm->sha, seed_haddr, seed_sz );
70 0 : }
71 :
72 : /* https://github.com/anza-xyz/agave/blob/v2.1.0/sdk/pubkey/src/lib.rs#L738-L747 */
73 0 : if( bump_seed ) {
74 0 : fd_sha256_append( vm->sha, bump_seed, 1UL );
75 0 : }
76 :
77 0 : if( FD_LIKELY( program_id )) {
78 0 : fd_sha256_append( vm->sha, program_id, FD_PUBKEY_FOOTPRINT );
79 0 : } else {
80 0 : FD_LOG_ERR(( "No program id passed in" ));
81 0 : }
82 :
83 0 : fd_sha256_append( vm->sha, "ProgramDerivedAddress", 21UL ); /* TODO: use marker constant */
84 :
85 0 : fd_sha256_fini( vm->sha, out );
86 :
87 : /* A PDA is valid if it is not a valid ed25519 curve point.
88 : In most cases the user will have derived the PDA off-chain, or the PDA is a known signer. */
89 0 : if( FD_UNLIKELY( fd_ed25519_point_validate( out->key ) ) ) {
90 0 : return FD_VM_SYSCALL_ERR_INVALID_PDA;
91 0 : }
92 :
93 0 : return FD_VM_SUCCESS;
94 0 : }
95 :
96 : /* fd_vm_translate_and_check_program_address_inputs is responsible for doing
97 : the preflight checks and translation of the seeds and program id.
98 : https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mod.rs#L719 */
99 :
100 : int
101 : fd_vm_translate_and_check_program_address_inputs( fd_vm_t * vm,
102 : ulong seeds_vaddr,
103 : ulong seeds_cnt,
104 : ulong program_id_vaddr,
105 : void const * * out_seed_haddrs,
106 : ulong * out_seed_szs,
107 : fd_pubkey_t const * * out_program_id,
108 0 : uchar is_syscall ) {
109 :
110 0 : fd_vm_vec_t const * untranslated_seeds = FD_VM_MEM_SLICE_HADDR_LD( vm, seeds_vaddr, FD_VM_ALIGN_RUST_SLICE_U8_REF,
111 0 : fd_ulong_sat_mul( seeds_cnt, FD_VM_VEC_SIZE ) );
112 :
113 : /* This is a preflight check that is performed in Agave before deriving PDAs but after checking the seeds vaddr.
114 : When called to help CPI signer translation, this logs an
115 : instruction error:
116 : https://github.com/anza-xyz/agave/blob/v2.1.11/programs/bpf_loader/src/syscalls/cpi.rs#L538-L540
117 : However, when called from a syscall, this logs a syscall error:
118 : https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mod.rs#L728-L730 */
119 0 : if( FD_UNLIKELY( seeds_cnt>FD_VM_PDA_SEEDS_MAX ) ) {
120 0 : if( is_syscall ) {
121 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_BAD_SEEDS );
122 0 : return FD_VM_SYSCALL_ERR_BAD_SEEDS;
123 0 : } else {
124 0 : FD_VM_ERR_FOR_LOG_INSTR( vm, FD_EXECUTOR_INSTR_ERR_MAX_SEED_LENGTH_EXCEEDED );
125 0 : return FD_EXECUTOR_INSTR_ERR_MAX_SEED_LENGTH_EXCEEDED;
126 0 : }
127 0 : }
128 0 : for( ulong i=0UL; i<seeds_cnt; i++ ) {
129 0 : ulong seed_sz = untranslated_seeds[i].len;
130 : /* Another preflight check
131 : https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mod.rs#L734-L736
132 : When this function is called from syscalls, we would like to
133 : abort when exceeding SEED_MEM_MAX.
134 : However, when we reuse this function from CPI for signer
135 : translation, this check doesn't exist. Sigh.
136 : Instead, the check is delayed until deriving PDA.
137 : https://github.com/anza-xyz/agave/blob/v2.1.6/programs/bpf_loader/src/syscalls/cpi.rs#L543
138 : */
139 0 : if( FD_UNLIKELY( seed_sz>FD_VM_PDA_SEED_MEM_MAX && is_syscall ) ) {
140 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_BAD_SEEDS );
141 0 : return FD_VM_SYSCALL_ERR_BAD_SEEDS;
142 0 : }
143 0 : void const * seed_haddr = FD_VM_MEM_SLICE_HADDR_LD( vm, untranslated_seeds[i].addr, FD_VM_ALIGN_RUST_U8, seed_sz );
144 0 : out_seed_haddrs[ i ] = seed_haddr;
145 0 : out_seed_szs [ i ] = seed_sz;
146 0 : }
147 :
148 : /* We only want to do this check if the user requires it. */
149 0 : if( out_program_id ) {
150 0 : *out_program_id = FD_VM_MEM_HADDR_LD( vm, program_id_vaddr, FD_VM_ALIGN_RUST_PUBKEY, FD_PUBKEY_FOOTPRINT );
151 0 : }
152 0 : return 0;
153 0 : }
154 :
155 : /* fd_vm_syscall_sol_create_program_address is the entrypoint for the sol_create_program_address syscall:
156 : https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L729
157 :
158 : The main semantic difference between Firedancer's implementation and Solana's is that Solana
159 : translates all the seed pointers before doing any computation, while Firedancer translates
160 : the seed pointers on-demand. This is to avoid an extra memory allocation.
161 :
162 : This syscall creates a valid program derived address without searching for a bump seed.
163 : It does this by hashing all the seeds, the program id, and the PDA marker, and then
164 : checking if the resulting hash is a valid ed25519 curve point.
165 :
166 : There is roughly a 50% chance of this syscall failing, due to the hash not being
167 : a valid curve point, for any given collection of seeds.
168 :
169 : Parameters:
170 : - _vm: a pointer to the VM
171 : - seed_vaddr: the address of the first element of an iovec-like scatter of a seed byte array in VM address space
172 : - seed_cnt: the number of scatter elements
173 : - program_id_vaddr: the address of the program id pubkey in VM address space
174 : - out_vaddr: the address of the memory location where the resulting derived PDA will be written to, in VM address space, if the syscall is successful
175 : - r5: unused
176 : - _ret: a pointer to the return value of the syscall
177 : */
178 : int
179 : fd_vm_syscall_sol_create_program_address( /**/ void * _vm,
180 : /**/ ulong seeds_vaddr,
181 : /**/ ulong seeds_cnt,
182 : /**/ ulong program_id_vaddr,
183 : /**/ ulong out_vaddr,
184 : FD_PARAM_UNUSED ulong r5,
185 0 : /**/ ulong * _ret ) {
186 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
187 :
188 0 : uchar * bump_seed = NULL;
189 :
190 0 : FD_VM_CU_UPDATE( vm, FD_VM_CREATE_PROGRAM_ADDRESS_UNITS );
191 :
192 0 : void const * seed_haddrs[ FD_VM_PDA_SEEDS_MAX ];
193 0 : ulong seed_szs [ FD_VM_PDA_SEEDS_MAX ];
194 0 : fd_pubkey_t const * program_id;
195 :
196 0 : int err = fd_vm_translate_and_check_program_address_inputs( vm,
197 0 : seeds_vaddr,
198 0 : seeds_cnt,
199 0 : program_id_vaddr,
200 0 : seed_haddrs,
201 0 : seed_szs,
202 0 : &program_id,
203 0 : 1U );
204 0 : if( FD_UNLIKELY( err ) ) {
205 0 : *_ret = 0UL;
206 0 : return err;
207 0 : }
208 :
209 0 : fd_pubkey_t derived[1];
210 0 : err = fd_vm_derive_pda( vm, program_id, seed_haddrs, seed_szs, seeds_cnt, bump_seed, derived );
211 : /* Agave does their translation before the calculation, so if the translation fails we should fail
212 : the syscall.
213 :
214 : https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L744-L750 */
215 0 : if ( FD_UNLIKELY( err != FD_VM_SUCCESS ) ) {
216 :
217 : /* Place 1 in r0 and successfully exit if we failed to derive a PDA
218 : https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L753 */
219 0 : if ( FD_LIKELY( err == FD_VM_SYSCALL_ERR_INVALID_PDA ) ) {
220 0 : *_ret = 1UL;
221 0 : return FD_VM_SUCCESS;
222 0 : }
223 :
224 0 : return err;
225 0 : }
226 :
227 0 : fd_pubkey_t * out_haddr = FD_VM_MEM_HADDR_ST( vm, out_vaddr, FD_VM_ALIGN_RUST_U8, FD_PUBKEY_FOOTPRINT );
228 0 : memcpy( out_haddr, derived->uc, FD_PUBKEY_FOOTPRINT );
229 :
230 : /* Success */
231 0 : *_ret = 0UL;
232 0 : return FD_VM_SUCCESS;
233 0 : }
234 :
235 : /* fd_vm_syscall_sol_try_find_program_address is the entrypoint for the sol_try_find_program_address syscall:
236 : https://github.com/anza-xyz/agave/blob/v2.1.1/programs/bpf_loader/src/syscalls/mod.rs#L791
237 :
238 : This syscall creates a valid program derived address, searching for a valid ed25519 curve point by
239 : iterating through 255 possible bump seeds.
240 :
241 : It does this by hashing all the seeds, the program id, and the PDA marker, and then
242 : checking if the resulting hash is a valid ed25519 curve point.
243 : */
244 : int
245 : fd_vm_syscall_sol_try_find_program_address( void * _vm,
246 : ulong seeds_vaddr,
247 : ulong seeds_cnt,
248 : ulong program_id_vaddr,
249 : ulong out_vaddr,
250 : ulong out_bump_seed_vaddr,
251 0 : ulong * _ret ) {
252 0 : fd_vm_t * vm = (fd_vm_t *)_vm;
253 :
254 : /* Costs the same as a create_program_address call.. weird but that is the protocol. */
255 0 : FD_VM_CU_UPDATE( vm, FD_VM_CREATE_PROGRAM_ADDRESS_UNITS );
256 :
257 : /* Similar to create_program_address but appends a 1 byte nonce that
258 : decrements from 255 down to 1 until a valid PDA is found.
259 :
260 : TODO: Solana Labs recomputes the SHA hash for each iteration here. We
261 : can leverage SHA's streaming properties to precompute all but the last
262 : two blocks (1 data, 0 or 1 padding). PROBABLY NEED TO ADD CHECKPT / RESTORE
263 : CALLS TO SHA TO SUPPORT THIS)*/
264 :
265 0 : uchar bump_seed[1];
266 :
267 : /* First we need to do the preflight checks */
268 0 : void const * seed_haddrs[ FD_VM_PDA_SEEDS_MAX ];
269 0 : ulong seed_szs [ FD_VM_PDA_SEEDS_MAX ];
270 0 : fd_pubkey_t const * program_id;
271 :
272 0 : int err = fd_vm_translate_and_check_program_address_inputs( vm,
273 0 : seeds_vaddr,
274 0 : seeds_cnt,
275 0 : program_id_vaddr,
276 0 : seed_haddrs,
277 0 : seed_szs,
278 0 : &program_id,
279 0 : 1U );
280 0 : if( FD_UNLIKELY( err ) ) {
281 0 : *_ret = 0UL;
282 0 : return err;
283 0 : }
284 :
285 0 : for( ulong i=0UL; i<255UL; i++ ) {
286 0 : bump_seed[0] = (uchar)(255UL - i);
287 :
288 0 : fd_pubkey_t derived[1];
289 0 : err = fd_vm_derive_pda( vm, program_id, seed_haddrs, seed_szs, seeds_cnt, bump_seed, derived );
290 0 : if( FD_LIKELY( err==FD_VM_SUCCESS ) ) {
291 : /* Stop looking if we have found a valid PDA */
292 0 : err = 0;
293 0 : fd_pubkey_t * out_haddr = FD_VM_MEM_HADDR_ST_( vm, out_vaddr, FD_VM_ALIGN_RUST_U8, sizeof(fd_pubkey_t), &err );
294 0 : if( FD_UNLIKELY( 0 != err ) ) {
295 0 : *_ret = 0UL;
296 0 : return err;
297 0 : }
298 0 : uchar * out_bump_seed_haddr = FD_VM_MEM_HADDR_ST_( vm, out_bump_seed_vaddr, FD_VM_ALIGN_RUST_U8, 1UL, &err );
299 0 : if( FD_UNLIKELY( 0 != err ) ) {
300 0 : *_ret = 0UL;
301 0 : return err;
302 0 : }
303 :
304 : /* Do the overlap check, which is only included for this syscall */
305 0 : FD_VM_MEM_CHECK_NON_OVERLAPPING( vm, (ulong)out_haddr, 32UL, (ulong)out_bump_seed_haddr, 1UL );
306 :
307 0 : memcpy( out_haddr, derived, sizeof(fd_pubkey_t) );
308 0 : *out_bump_seed_haddr = (uchar)*bump_seed;
309 :
310 0 : *_ret = 0UL;
311 0 : return FD_VM_SUCCESS;
312 0 : } else if( FD_UNLIKELY( err!=FD_VM_SYSCALL_ERR_INVALID_PDA ) ) {
313 0 : return err;
314 0 : }
315 :
316 0 : FD_VM_CU_UPDATE( vm, FD_VM_CREATE_PROGRAM_ADDRESS_UNITS );
317 0 : }
318 :
319 0 : *_ret = 1UL;
320 0 : return FD_VM_SUCCESS;
321 0 : }
|
