gaspersic/go-ethereum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
72d5a27a397f4397082df91dd1650251e828a251
go-ethereum/core/vm/contracts.go

498 lines
16 KiB
Go
Raw Normal View History

all: update license information
2015-07-07 02:54:22 +02:00
// Copyright 2014 The go-ethereum Authors
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library".
2015-07-22 18:48:40 +02:00
// This file is part of the go-ethereum library.
all: update license information
2015-07-07 02:54:22 +02:00
//
all: fix license headers one more time I forgot to update one instance of "go-ethereum" in commit 3f047be5a.
2015-07-23 18:35:11 +02:00
// The go-ethereum library is free software: you can redistribute it and/or modify
all: update license information
2015-07-07 02:54:22 +02:00
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library".
2015-07-22 18:48:40 +02:00
// The go-ethereum library is distributed in the hope that it will be useful,
all: update license information
2015-07-07 02:54:22 +02:00
// but WITHOUT ANY WARRANTY; without even the implied warranty of
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library".
2015-07-22 18:48:40 +02:00
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
all: update license information
2015-07-07 02:54:22 +02:00
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library".
2015-07-22 18:48:40 +02:00
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
all: update license information
2015-07-07 02:54:22 +02:00
Moved ethvm => vm
2014-10-18 13:31:20 +02:00
package vm
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
import (
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
"crypto/sha256"
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
"encoding/binary"
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
"errors"
common: move big integer math to common/math (#3699) * common: remove CurrencyToString Move denomination values to params instead. * common: delete dead code * common: move big integer operations to common/math This commit consolidates all big integer operations into common/math and adds tests and documentation. There should be no change in semantics for BigPow, BigMin, BigMax, S256, U256, Exp and their behaviour is now locked in by tests. The BigD, BytesToBig and Bytes2Big functions don't provide additional value, all uses are replaced by new(big.Int).SetBytes(). BigToBytes is now called PaddedBigBytes, its minimum output size parameter is now specified as the number of bytes instead of bits. The single use of this function is in the EVM's MSTORE instruction. Big and String2Big are replaced by ParseBig, which is slightly stricter. It previously accepted leading zeros for hexadecimal inputs but treated decimal inputs as octal if a leading zero digit was present. ParseUint64 is used in places where String2Big was used to decode a uint64. The new functions MustParseBig and MustParseUint64 are now used in many places where parsing errors were previously ignored. * common: delete unused big integer variables * accounts/abi: replace uses of BytesToBig with use of encoding/binary * common: remove BytesToBig * common: remove Bytes2Big * common: remove BigTrue * cmd/utils: add BigFlag and use it for error-checked integer flags While here, remove environment variable processing for DirectoryFlag because we don't use it. * core: add missing error checks in genesis block parser * common: remove String2Big * cmd/evm: use utils.BigFlag * common/math: check for 256 bit overflow in ParseBig This is supposed to prevent silent overflow/truncation of values in the genesis block JSON. Without this check, a genesis block that set a balance larger than 256 bits would lead to weird behaviour in the VM. * cmd/utils: fixup import
2017-02-26 22:21:51 +01:00
"math/big"
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
Moved ethutil => common
2015-03-16 11:27:38 +01:00
"github.com/ethereum/go-ethereum/common"
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
"github.com/ethereum/go-ethereum/common/math"
vm: explicit error checks in ecrecover. closes #505
2015-03-18 20:56:06 -07:00
"github.com/ethereum/go-ethereum/crypto"
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
"github.com/ethereum/go-ethereum/crypto/blake2b"
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
"github.com/ethereum/go-ethereum/crypto/bn256"
Read most protocol params from common/params.json * Add params package with exported variables generated from github.com/ethereum/common/blob/master/params.json * Use params package variables in applicable places * Add check for minimum gas limit in validation of block's gas limit * Remove common/params.json from go-ethereum to avoid outdated version of it
2015-04-02 05:17:15 +02:00
"github.com/ethereum/go-ethereum/params"
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
"golang.org/x/crypto/ripemd160"
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
)
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// PrecompiledContract is the basic interface for native Go contracts. The implementation
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
// requires a deterministic gas count based on the input size of the Run method of the
// contract.
type PrecompiledContract interface {
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
RequiredGas(input []byte) uint64 // RequiredPrice calculates the contract gas use
Run(input []byte) ([]byte, error) // Run runs the precompiled contract
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// PrecompiledContractsHomestead contains the default set of pre-compiled Ethereum
// contracts used in the Frontier and Homestead releases.
var PrecompiledContractsHomestead = map[common.Address]PrecompiledContract{
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
common.BytesToAddress([]byte{1}): &ecrecover{},
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
common.BytesToAddress([]byte{2}): &sha256hash{},
common.BytesToAddress([]byte{3}): &ripemd160hash{},
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
common.BytesToAddress([]byte{4}): &dataCopy{},
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
}
consensus, core, params: rebrand Metro to Byzantium
2017-09-14 10:07:31 +03:00
// PrecompiledContractsByzantium contains the default set of pre-compiled Ethereum
// contracts used in the Byzantium release.
var PrecompiledContractsByzantium = map[common.Address]PrecompiledContract{
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
common.BytesToAddress([]byte{1}): &ecrecover{},
common.BytesToAddress([]byte{2}): &sha256hash{},
common.BytesToAddress([]byte{3}): &ripemd160hash{},
common.BytesToAddress([]byte{4}): &dataCopy{},
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
common.BytesToAddress([]byte{5}): &bigModExp{},
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
common.BytesToAddress([]byte{6}): &bn256AddByzantium{},
common.BytesToAddress([]byte{7}): &bn256ScalarMulByzantium{},
common.BytesToAddress([]byte{8}): &bn256PairingByzantium{},
}
// PrecompiledContractsIstanbul contains the default set of pre-compiled Ethereum
// contracts used in the Istanbul release.
var PrecompiledContractsIstanbul = map[common.Address]PrecompiledContract{
common.BytesToAddress([]byte{1}): &ecrecover{},
common.BytesToAddress([]byte{2}): &sha256hash{},
common.BytesToAddress([]byte{3}): &ripemd160hash{},
common.BytesToAddress([]byte{4}): &dataCopy{},
common.BytesToAddress([]byte{5}): &bigModExp{},
common.BytesToAddress([]byte{6}): &bn256AddIstanbul{},
common.BytesToAddress([]byte{7}): &bn256ScalarMulIstanbul{},
common.BytesToAddress([]byte{8}): &bn256PairingIstanbul{},
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
common.BytesToAddress([]byte{9}): &blake2F{},
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// RunPrecompiledContract runs and evaluates the output of a precompiled contract.
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
func RunPrecompiledContract(p PrecompiledContract, input []byte, contract *Contract) (ret []byte, err error) {
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
gas := p.RequiredGas(input)
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
if contract.UseGas(gas) {
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return p.Run(input)
remove pre compiled for tests
2015-01-13 10:30:52 +01:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return nil, ErrOutOfGas
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// ECRECOVER implemented as a native contract.
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
type ecrecover struct{}
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
func (c *ecrecover) RequiredGas(input []byte) uint64 {
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
return params.EcrecoverGas
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
func (c *ecrecover) Run(input []byte) ([]byte, error) {
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
const ecRecoverInputLength = 128
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
input = common.RightPadBytes(input, ecRecoverInputLength)
// "input" is (hash, v, r, s), each 32 bytes
Pad precompiled EC recover input and add validations
2015-06-09 15:41:15 +02:00
// but for ecrecover we want (r, s, v)
Cleanup.
2015-03-29 15:02:49 +02:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
r := new(big.Int).SetBytes(input[64:96])
s := new(big.Int).SetBytes(input[96:128])
v := input[63] - 27
Pad precompiled EC recover input and add validations
2015-06-09 15:41:15 +02:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// tighter sig s values input homestead only apply to tx sigs
if !allZero(input[32:63]) || !crypto.ValidateSignatureValues(v, r, s, false) {
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return nil, nil
vm: explicit error checks in ecrecover. closes #505
2015-03-18 20:56:06 -07:00
}
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse.
2017-01-05 12:35:23 +02:00
// v needs to be at the end for libsecp256k1
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
pubKey, err := crypto.Ecrecover(input[:32], append(input[64:128], v))
Cleanup.
2015-03-29 15:02:49 +02:00
// make sure the public key is a valid one
Forward and log EC recover err and remove dup pubkey len check
2015-04-05 19:31:18 +02:00
if err != nil {
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return nil, nil
vm: explicit error checks in ecrecover. closes #505
2015-03-18 20:56:06 -07:00
}
Cleanup.
2015-03-29 15:02:49 +02:00
vm: explicit error checks in ecrecover. closes #505
2015-03-18 20:56:06 -07:00
// the first byte of pubkey is bitcoin heritage
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return common.LeftPadBytes(crypto.Keccak256(pubKey[1:])[12:], 32), nil
Precompiled crypto contracts
2014-10-08 12:01:36 +02:00
}
Precompiled contract & Depth change * Added pre-compiled contract 0x04 (mem cpy) * Changed depth error to return the gas instead of consuming
2015-01-05 17:37:30 +01:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// SHA256 implemented as a native contract.
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
type sha256hash struct{}
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
params: core, core/vm, miner: 64bit gas instructions Reworked the EVM gas instructions to use 64bit integers rather than arbitrary size big ints. All gas operations, be it additions, multiplications or divisions, are checked and guarded against 64 bit integer overflows. In additon, most of the protocol paramaters in the params package have been converted to uint64 and are now constants rather than variables. * common/math: added overflow check ops * core: vmenv, env renamed to evm * eth, internal/ethapi, les: unmetered eth_call and cancel methods * core/vm: implemented big.Int pool for evm instructions * core/vm: unexported intPool methods & verification methods * core/vm: added memoryGasCost overflow check and test
2017-01-04 20:17:24 +01:00
// RequiredGas returns the gas required to execute the pre-compiled contract.
//
// This method does not require any overflow checking as the input size gas costs
// required for anything significant is so high it's impossible to pay for.
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
func (c *sha256hash) RequiredGas(input []byte) uint64 {
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return uint64(len(input)+31)/32*params.Sha256PerWordGas + params.Sha256BaseGas
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
func (c *sha256hash) Run(input []byte) ([]byte, error) {
h := sha256.Sum256(input)
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return h[:], nil
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
}
core/vm: fix typo in cryptographic hash function name (#17285)
2018-07-31 17:27:51 +07:00
// RIPEMD160 implemented as a native contract.
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
type ripemd160hash struct{}
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
params: core, core/vm, miner: 64bit gas instructions Reworked the EVM gas instructions to use 64bit integers rather than arbitrary size big ints. All gas operations, be it additions, multiplications or divisions, are checked and guarded against 64 bit integer overflows. In additon, most of the protocol paramaters in the params package have been converted to uint64 and are now constants rather than variables. * common/math: added overflow check ops * core: vmenv, env renamed to evm * eth, internal/ethapi, les: unmetered eth_call and cancel methods * core/vm: implemented big.Int pool for evm instructions * core/vm: unexported intPool methods & verification methods * core/vm: added memoryGasCost overflow check and test
2017-01-04 20:17:24 +01:00
// RequiredGas returns the gas required to execute the pre-compiled contract.
//
// This method does not require any overflow checking as the input size gas costs
// required for anything significant is so high it's impossible to pay for.
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
func (c *ripemd160hash) RequiredGas(input []byte) uint64 {
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return uint64(len(input)+31)/32*params.Ripemd160PerWordGas + params.Ripemd160BaseGas
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
func (c *ripemd160hash) Run(input []byte) ([]byte, error) {
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
ripemd := ripemd160.New()
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
ripemd.Write(input)
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
return common.LeftPadBytes(ripemd.Sum(nil), 32), nil
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// data copy implemented as a native contract.
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
type dataCopy struct{}
params: core, core/vm, miner: 64bit gas instructions Reworked the EVM gas instructions to use 64bit integers rather than arbitrary size big ints. All gas operations, be it additions, multiplications or divisions, are checked and guarded against 64 bit integer overflows. In additon, most of the protocol paramaters in the params package have been converted to uint64 and are now constants rather than variables. * common/math: added overflow check ops * core: vmenv, env renamed to evm * eth, internal/ethapi, les: unmetered eth_call and cancel methods * core/vm: implemented big.Int pool for evm instructions * core/vm: unexported intPool methods & verification methods * core/vm: added memoryGasCost overflow check and test
2017-01-04 20:17:24 +01:00
// RequiredGas returns the gas required to execute the pre-compiled contract.
//
// This method does not require any overflow checking as the input size gas costs
// required for anything significant is so high it's impossible to pay for.
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
func (c *dataCopy) RequiredGas(input []byte) uint64 {
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return uint64(len(input)+31)/32*params.IdentityPerWordGas + params.IdentityBaseGas
core/vm: improved EVM run loop & instruction calling (#3378) The run loop, which previously contained custom opcode executes have been removed and has been simplified to a few checks. Each operation consists of 4 elements: execution function, gas cost function, stack validation function and memory size function. The execution function implements the operation's runtime behaviour, the gas cost function implements the operation gas costs function and greatly depends on the memory and stack, the stack validation function validates the stack and makes sure that enough items can be popped off and pushed on and the memory size function calculates the memory required for the operation and returns it. This commit also allows the EVM to go unmetered. This is helpful for offline operations such as contract calls.
2017-01-05 11:52:10 +01:00
}
consensus, core/*, params: metropolis preparation refactor This commit is a preparation for the upcoming metropolis hardfork. It prepares the state, core and vm packages such that integration with metropolis becomes less of a hassle. * Difficulty calculation requires header instead of individual parameters * statedb.StartRecord renamed to statedb.Prepare and added Finalise method required by metropolis, which removes unwanted accounts from the state (i.e. selfdestruct) * State keeps record of destructed objects (in addition to dirty objects) * core/vm pre-compiles may now return errors * core/vm pre-compiles gas check now take the full byte slice as argument instead of just the size * core/vm now keeps several hard-fork instruction tables instead of a single instruction table and removes the need for hard-fork checks in the instructions * core/vm contains a empty restruction function which is added in preparation of metropolis write-only mode operations * Adds the bn256 curve * Adds and sets the metropolis chain config block parameters (2^64-1)
2017-02-01 22:36:51 +01:00
func (c *dataCopy) Run(in []byte) ([]byte, error) {
return in, nil
Precompiled contract & Depth change * Added pre-compiled contract 0x04 (mem cpy) * Changed depth error to return the gas instead of consuming
2015-01-05 17:37:30 +01:00
}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// bigModExp implements a native big integer exponential modular operation.
type bigModExp struct{}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
var (
big1 = big.NewInt(1)
big4 = big.NewInt(4)
big8 = big.NewInt(8)
big16 = big.NewInt(16)
big32 = big.NewInt(32)
big64 = big.NewInt(64)
big96 = big.NewInt(96)
big480 = big.NewInt(480)
big1024 = big.NewInt(1024)
big3072 = big.NewInt(3072)
big199680 = big.NewInt(199680)
)
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
// RequiredGas returns the gas required to execute the pre-compiled contract.
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
func (c *bigModExp) RequiredGas(input []byte) uint64 {
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
var (
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
baseLen = new(big.Int).SetBytes(getData(input, 0, 32))
expLen = new(big.Int).SetBytes(getData(input, 32, 32))
modLen = new(big.Int).SetBytes(getData(input, 64, 32))
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
)
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
if len(input) > 96 {
input = input[96:]
} else {
input = input[:0]
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// Retrieve the head 32 bytes of exp for the adjusted exponent length
var expHead *big.Int
if big.NewInt(int64(len(input))).Cmp(baseLen) <= 0 {
expHead = new(big.Int)
} else {
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
if expLen.Cmp(big32) > 0 {
expHead = new(big.Int).SetBytes(getData(input, baseLen.Uint64(), 32))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
} else {
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
expHead = new(big.Int).SetBytes(getData(input, baseLen.Uint64(), expLen.Uint64()))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// Calculate the adjusted exponent length
var msb int
if bitlen := expHead.BitLen(); bitlen > 0 {
msb = bitlen - 1
}
adjExpLen := new(big.Int)
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
if expLen.Cmp(big32) > 0 {
adjExpLen.Sub(expLen, big32)
adjExpLen.Mul(big8, adjExpLen)
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
}
adjExpLen.Add(adjExpLen, big.NewInt(int64(msb)))
// Calculate the gas cost of the operation
gas := new(big.Int).Set(math.BigMax(modLen, baseLen))
switch {
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
case gas.Cmp(big64) <= 0:
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
gas.Mul(gas, gas)
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
case gas.Cmp(big1024) <= 0:
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
gas = new(big.Int).Add(
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
new(big.Int).Div(new(big.Int).Mul(gas, gas), big4),
new(big.Int).Sub(new(big.Int).Mul(big96, gas), big3072),
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
)
default:
gas = new(big.Int).Add(
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
new(big.Int).Div(new(big.Int).Mul(gas, gas), big16),
new(big.Int).Sub(new(big.Int).Mul(big480, gas), big199680),
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
)
}
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
gas.Mul(gas, math.BigMax(adjExpLen, big1))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
gas.Div(gas, new(big.Int).SetUint64(params.ModExpQuadCoeffDiv))
if gas.BitLen() > 64 {
return math.MaxUint64
}
return gas.Uint64()
}
func (c *bigModExp) Run(input []byte) ([]byte, error) {
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
var (
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
baseLen = new(big.Int).SetBytes(getData(input, 0, 32)).Uint64()
expLen = new(big.Int).SetBytes(getData(input, 32, 32)).Uint64()
modLen = new(big.Int).SetBytes(getData(input, 64, 32)).Uint64()
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
)
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
if len(input) > 96 {
input = input[96:]
} else {
input = input[:0]
}
// Handle a special case when both the base and mod length is zero
if baseLen == 0 && modLen == 0 {
return []byte{}, nil
}
// Retrieve the operands and execute the exponentiation
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
var (
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
base = new(big.Int).SetBytes(getData(input, 0, baseLen))
exp = new(big.Int).SetBytes(getData(input, baseLen, expLen))
mod = new(big.Int).SetBytes(getData(input, baseLen+expLen, modLen))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
)
if mod.BitLen() == 0 {
// Modulo 0 is undefined, return zero
return common.LeftPadBytes([]byte{}, int(modLen)), nil
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return common.LeftPadBytes(base.Exp(base, exp, mod).Bytes(), int(modLen)), nil
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// newCurvePoint unmarshals a binary blob into a bn256 elliptic curve point,
// returning it, or an error if the point is invalid.
func newCurvePoint(blob []byte) (*bn256.G1, error) {
core/vm, crypto/bn256: switch over to cloudflare library (#16203) * core/vm, crypto/bn256: switch over to cloudflare library * crypto/bn256: unmarshal constraint + start pure go impl * crypto/bn256: combo cloudflare and google lib * travis: drop 386 test job
2018-03-05 14:33:45 +02:00
p := new(bn256.G1)
if _, err := p.Unmarshal(blob); err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return p, nil
}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// newTwistPoint unmarshals a binary blob into a bn256 elliptic curve point,
// returning it, or an error if the point is invalid.
func newTwistPoint(blob []byte) (*bn256.G2, error) {
core/vm, crypto/bn256: switch over to cloudflare library (#16203) * core/vm, crypto/bn256: switch over to cloudflare library * crypto/bn256: unmarshal constraint + start pure go impl * crypto/bn256: combo cloudflare and google lib * travis: drop 386 test job
2018-03-05 14:33:45 +02:00
p := new(bn256.G2)
if _, err := p.Unmarshal(blob); err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return p, nil
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// runBn256Add implements the Bn256Add precompile, referenced by both
// Byzantium and Istanbul operations.
func runBn256Add(input []byte) ([]byte, error) {
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
x, err := newCurvePoint(getData(input, 0, 64))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
if err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
y, err := newCurvePoint(getData(input, 64, 64))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
if err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm, crypto/bn256: fix bn256 use and pairing corner case
2017-08-17 16:46:46 +03:00
res := new(bn256.G1)
res.Add(x, y)
return res.Marshal(), nil
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// bn256Add implements a native elliptic curve point addition conforming to
// Istanbul consensus rules.
type bn256AddIstanbul struct{}
// RequiredGas returns the gas required to execute the pre-compiled contract.
func (c *bn256AddIstanbul) RequiredGas(input []byte) uint64 {
return params.Bn256AddGasIstanbul
}
func (c *bn256AddIstanbul) Run(input []byte) ([]byte, error) {
return runBn256Add(input)
}
// bn256AddByzantium implements a native elliptic curve point addition
// conforming to Byzantium consensus rules.
type bn256AddByzantium struct{}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
// RequiredGas returns the gas required to execute the pre-compiled contract.
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
func (c *bn256AddByzantium) RequiredGas(input []byte) uint64 {
return params.Bn256AddGasByzantium
}
func (c *bn256AddByzantium) Run(input []byte) ([]byte, error) {
return runBn256Add(input)
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// runBn256ScalarMul implements the Bn256ScalarMul precompile, referenced by
// both Byzantium and Istanbul operations.
func runBn256ScalarMul(input []byte) ([]byte, error) {
core/vm: optimize copy-less data retrievals
2017-08-14 17:08:49 +03:00
p, err := newCurvePoint(getData(input, 0, 64))
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
if err != nil {
return nil, err
}
core/vm, crypto/bn256: fix bn256 use and pairing corner case
2017-08-17 16:46:46 +03:00
res := new(bn256.G1)
res.ScalarMult(p, new(big.Int).SetBytes(getData(input, 64, 32)))
return res.Marshal(), nil
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// bn256ScalarMulIstanbul implements a native elliptic curve scalar
// multiplication conforming to Istanbul consensus rules.
type bn256ScalarMulIstanbul struct{}
// RequiredGas returns the gas required to execute the pre-compiled contract.
func (c *bn256ScalarMulIstanbul) RequiredGas(input []byte) uint64 {
return params.Bn256ScalarMulGasIstanbul
}
func (c *bn256ScalarMulIstanbul) Run(input []byte) ([]byte, error) {
return runBn256ScalarMul(input)
}
// bn256ScalarMulByzantium implements a native elliptic curve scalar
// multiplication conforming to Byzantium consensus rules.
type bn256ScalarMulByzantium struct{}
// RequiredGas returns the gas required to execute the pre-compiled contract.
func (c *bn256ScalarMulByzantium) RequiredGas(input []byte) uint64 {
return params.Bn256ScalarMulGasByzantium
}
func (c *bn256ScalarMulByzantium) Run(input []byte) ([]byte, error) {
return runBn256ScalarMul(input)
}
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
var (
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// true32Byte is returned if the bn256 pairing check succeeds.
true32Byte = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
// false32Byte is returned if the bn256 pairing check fails.
false32Byte = make([]byte, 32)
// errBadPairingInput is returned if the bn256 pairing input is invalid.
errBadPairingInput = errors.New("bad elliptic curve pairing size")
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
)
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// runBn256Pairing implements the Bn256Pairing precompile, referenced by both
// Byzantium and Istanbul operations.
func runBn256Pairing(input []byte) ([]byte, error) {
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// Handle some corner cases cheaply
if len(input)%192 > 0 {
return nil, errBadPairingInput
}
// Convert the input into a set of coordinates
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
var (
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
cs []*bn256.G1
ts []*bn256.G2
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
)
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
for i := 0; i < len(input); i += 192 {
c, err := newCurvePoint(input[i : i+64])
if err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
t, err := newTwistPoint(input[i+64 : i+192])
if err != nil {
return nil, err
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
cs = append(cs, c)
ts = append(ts, t)
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
// Execute the pairing checks and return the results
core/vm, crypto/bn256: fix bn256 use and pairing corner case
2017-08-17 16:46:46 +03:00
if bn256.PairingCheck(cs, ts) {
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
return true32Byte, nil
}
core/vm: polish precompile contract code, add tests and benches * Update modexp gas calculation to new version * Fix modexp modulo 0 special case to return zero
2017-08-10 16:39:43 +03:00
return false32Byte, nil
core: add Metropolis pre-compiles (EIP 197, 198 and 213)
2017-08-10 14:07:11 +03:00
}
params, core/vm: Istanbul EIP-1108 bn256 gas cost reduction (#19904) * params: add IsIstanbul to config + rules IstanbulBlock, used to determine if the config IsIstanbul, is currently left nil until an actual block is chosen. * params, core/vm: implement EIP-1108 Old gas costs for elliptic curve operations are given the PreIstanbul prefix, while current gas costs retain the unprefixed names. The actual precompile implementations are the same, so they are factored out into common functions that are called by the pre-Istanbul and current precompile structs. Finally, an Istanbul precompile list is added that references the new precompile structs, which in turn reference the new gas costs. * params: fix fork ordering, add missing chain compatibility check
2019-08-06 10:12:54 -04:00
// bn256PairingIstanbul implements a pairing pre-compile for the bn256 curve
// conforming to Istanbul consensus rules.
type bn256PairingIstanbul struct{}
// RequiredGas returns the gas required to execute the pre-compiled contract.
func (c *bn256PairingIstanbul) RequiredGas(input []byte) uint64 {
return params.Bn256PairingBaseGasIstanbul + uint64(len(input)/192)*params.Bn256PairingPerPointGasIstanbul
}
func (c *bn256PairingIstanbul) Run(input []byte) ([]byte, error) {
return runBn256Pairing(input)
}
// bn256PairingByzantium implements a pairing pre-compile for the bn256 curve
// conforming to Byzantium consensus rules.
type bn256PairingByzantium struct{}
// RequiredGas returns the gas required to execute the pre-compiled contract.
func (c *bn256PairingByzantium) RequiredGas(input []byte) uint64 {
return params.Bn256PairingBaseGasByzantium + uint64(len(input)/192)*params.Bn256PairingPerPointGasByzantium
}
func (c *bn256PairingByzantium) Run(input []byte) ([]byte, error) {
return runBn256Pairing(input)
}
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
type blake2F struct{}
func (c *blake2F) RequiredGas(input []byte) uint64 {
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
// If the input is malformed, we can't calculate the gas, return 0 and let the
// actual call choke and fault.
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
if len(input) != blake2FInputLength {
return 0
}
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
return uint64(binary.BigEndian.Uint32(input[0:4]))
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
}
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
const (
blake2FInputLength = 213
blake2FFinalBlockBytes = byte(1)
blake2FNonFinalBlockBytes = byte(0)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
)
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
var (
errBlake2FInvalidInputLength = errors.New("invalid input length")
errBlake2FInvalidFinalFlag = errors.New("invalid final flag")
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
)
func (c *blake2F) Run(input []byte) ([]byte, error) {
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
// Make sure the input is valid (correct lenth and final flag)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
if len(input) != blake2FInputLength {
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
return nil, errBlake2FInvalidInputLength
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
}
if input[212] != blake2FNonFinalBlockBytes && input[212] != blake2FFinalBlockBytes {
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
return nil, errBlake2FInvalidFinalFlag
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
}
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
// Parse the input into the Blake2b call parameters
var (
rounds = binary.BigEndian.Uint32(input[0:4])
final = (input[212] == blake2FFinalBlockBytes)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
h [8]uint64
m [16]uint64
t [2]uint64
)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
for i := 0; i < 8; i++ {
offset := 4 + i*8
h[i] = binary.LittleEndian.Uint64(input[offset : offset+8])
}
for i := 0; i < 16; i++ {
offset := 68 + i*8
m[i] = binary.LittleEndian.Uint64(input[offset : offset+8])
}
t[0] = binary.LittleEndian.Uint64(input[196:204])
t[1] = binary.LittleEndian.Uint64(input[204:212])
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
// Execute the compression function, extract and return the result
blake2b.F(&h, m, t, final, rounds)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
output := make([]byte, 64)
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
for i := 0; i < 8; i++ {
offset := i * 8
binary.LittleEndian.PutUint64(output[offset:offset+8], h[i])
}
core/vm, crypto/blake2b: add SSE, AVX and AVX2 code
2019-08-21 12:38:18 +03:00
return output, nil
core/vm, crypto/blake2b: add BLAKE2b compression func at 0x09 The precompile at 0x09 wraps the BLAKE2b F compression function: https://tools.ietf.org/html/rfc7693#section-3.2 The precompile requires 6 inputs tightly encoded, taking exactly 213 bytes, as explained below. - `rounds` - the number of rounds - 32-bit unsigned big-endian word - `h` - the state vector - 8 unsigned 64-bit little-endian words - `m` - the message block vector - 16 unsigned 64-bit little-endian words - `t_0, t_1` - offset counters - 2 unsigned 64-bit little-endian words - `f` - the final block indicator flag - 8-bit word [4 bytes for rounds][64 bytes for h][128 bytes for m][8 bytes for t_0] [8 bytes for t_1][1 byte for f] The boolean `f` parameter is considered as `true` if set to `1`. The boolean `f` parameter is considered as `false` if set to `0`. All other values yield an invalid encoding of `f` error. The precompile should compute the F function as specified in the RFC (https://tools.ietf.org/html/rfc7693#section-3.2) and return the updated state vector `h` with unchanged encoding (little-endian). See EIP-152 for details.
2019-06-17 19:19:47 +02:00
}
Reference in New Issue Copy Permalink