gate libsecp256k1 upgrade to v0.5.0
This commit is contained in:
Trent Nelson
committed by
mergify[bot]
mergify[bot]
parent
3a85b77bb5
commit
abe5a0a349
@ -20,8 +20,8 @@ use solana_sdk::{
|
|||||||
epoch_schedule::EpochSchedule,
|
epoch_schedule::EpochSchedule,
|
||||||
feature_set::{
|
feature_set::{
|
||||||
blake3_syscall_enabled, cpi_data_cost, enforce_aligned_host_addrs,
|
blake3_syscall_enabled, cpi_data_cost, enforce_aligned_host_addrs,
|
||||||
keccak256_syscall_enabled, memory_ops_syscalls, secp256k1_recover_syscall_enabled,
|
keccak256_syscall_enabled, libsecp256k1_0_5_upgrade_enabled, memory_ops_syscalls,
|
||||||
sysvar_via_syscall, update_data_on_realloc,
|
secp256k1_recover_syscall_enabled, sysvar_via_syscall, update_data_on_realloc,
|
||||||
},
|
},
|
||||||
hash::{Hasher, HASH_BYTES},
|
hash::{Hasher, HASH_BYTES},
|
||||||
ic_msg,
|
ic_msg,
|
||||||
@ -346,6 +346,8 @@ pub fn bind_syscall_context_objects<'a>(
|
|||||||
cost: bpf_compute_budget.secp256k1_recover_cost,
|
cost: bpf_compute_budget.secp256k1_recover_cost,
|
||||||
compute_meter: invoke_context.get_compute_meter(),
|
compute_meter: invoke_context.get_compute_meter(),
|
||||||
loader_id,
|
loader_id,
|
||||||
|
libsecp256k1_0_5_upgrade_enabled: invoke_context
|
||||||
|
.is_feature_active(&libsecp256k1_0_5_upgrade_enabled::id()),
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -1366,6 +1368,7 @@ pub struct SyscallSecp256k1Recover<'a> {
|
|||||||
cost: u64,
|
cost: u64,
|
||||||
compute_meter: Rc<RefCell<dyn ComputeMeter>>,
|
compute_meter: Rc<RefCell<dyn ComputeMeter>>,
|
||||||
loader_id: &'a Pubkey,
|
loader_id: &'a Pubkey,
|
||||||
|
libsecp256k1_0_5_upgrade_enabled: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a> {
|
impl<'a> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a> {
|
||||||
@ -1426,7 +1429,13 @@ impl<'a> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a> {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
let signature = match libsecp256k1::Signature::parse_standard_slice(signature) {
|
let sig_parse_result = if self.libsecp256k1_0_5_upgrade_enabled {
|
||||||
|
libsecp256k1::Signature::parse_standard_slice(signature)
|
||||||
|
} else {
|
||||||
|
libsecp256k1::Signature::parse_overflowing_slice(signature)
|
||||||
|
};
|
||||||
|
|
||||||
|
let signature = match sig_parse_result {
|
||||||
Ok(sig) => sig,
|
Ok(sig) => sig,
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
*result = Ok(Secp256k1RecoverError::InvalidSignature.into());
|
*result = Ok(Secp256k1RecoverError::InvalidSignature.into());
|
||||||
|
|||||||
@ -105,7 +105,6 @@ pub fn secp256k1_recover(
|
|||||||
.map_err(|_| Secp256k1RecoverError::InvalidRecoveryId)?;
|
.map_err(|_| Secp256k1RecoverError::InvalidRecoveryId)?;
|
||||||
let signature = libsecp256k1::Signature::parse_standard_slice(signature)
|
let signature = libsecp256k1::Signature::parse_standard_slice(signature)
|
||||||
.map_err(|_| Secp256k1RecoverError::InvalidSignature)?;
|
.map_err(|_| Secp256k1RecoverError::InvalidSignature)?;
|
||||||
|
|
||||||
let secp256k1_key = libsecp256k1::recover(&message, &signature, &recovery_id)
|
let secp256k1_key = libsecp256k1::recover(&message, &signature, &recovery_id)
|
||||||
.map_err(|_| Secp256k1RecoverError::InvalidSignature)?;
|
.map_err(|_| Secp256k1RecoverError::InvalidSignature)?;
|
||||||
Ok(Secp256k1Pubkey::new(&secp256k1_key.serialize()[1..65]))
|
Ok(Secp256k1Pubkey::new(&secp256k1_key.serialize()[1..65]))
|
||||||
|
|||||||
@ -102,6 +102,7 @@ pub fn construct_eth_pubkey(
|
|||||||
pub fn verify_eth_addresses(
|
pub fn verify_eth_addresses(
|
||||||
data: &[u8],
|
data: &[u8],
|
||||||
instruction_datas: &[&[u8]],
|
instruction_datas: &[&[u8]],
|
||||||
|
libsecp256k1_0_5_upgrade_enabled: bool,
|
||||||
) -> Result<(), Secp256k1Error> {
|
) -> Result<(), Secp256k1Error> {
|
||||||
if data.is_empty() {
|
if data.is_empty() {
|
||||||
return Err(Secp256k1Error::InvalidInstructionDataSize);
|
return Err(Secp256k1Error::InvalidInstructionDataSize);
|
||||||
@ -133,10 +134,18 @@ pub fn verify_eth_addresses(
|
|||||||
if sig_end >= signature_instruction.len() {
|
if sig_end >= signature_instruction.len() {
|
||||||
return Err(Secp256k1Error::InvalidSignature);
|
return Err(Secp256k1Error::InvalidSignature);
|
||||||
}
|
}
|
||||||
let signature = libsecp256k1::Signature::parse_standard_slice(
|
|
||||||
&signature_instruction[sig_start..sig_end],
|
let sig_parse_result = if libsecp256k1_0_5_upgrade_enabled {
|
||||||
)
|
libsecp256k1::Signature::parse_standard_slice(
|
||||||
.map_err(|_| Secp256k1Error::InvalidSignature)?;
|
&signature_instruction[sig_start..sig_end],
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
libsecp256k1::Signature::parse_overflowing_slice(
|
||||||
|
&signature_instruction[sig_start..sig_end],
|
||||||
|
)
|
||||||
|
};
|
||||||
|
|
||||||
|
let signature = sig_parse_result.map_err(|_| Secp256k1Error::InvalidSignature)?;
|
||||||
|
|
||||||
let recovery_id = libsecp256k1::RecoveryId::parse(signature_instruction[sig_end])
|
let recovery_id = libsecp256k1::RecoveryId::parse(signature_instruction[sig_end])
|
||||||
.map_err(|_| Secp256k1Error::InvalidRecoveryId)?;
|
.map_err(|_| Secp256k1Error::InvalidRecoveryId)?;
|
||||||
@ -206,7 +215,7 @@ pub mod test {
|
|||||||
let writer = std::io::Cursor::new(&mut instruction_data[1..]);
|
let writer = std::io::Cursor::new(&mut instruction_data[1..]);
|
||||||
bincode::serialize_into(writer, &offsets).unwrap();
|
bincode::serialize_into(writer, &offsets).unwrap();
|
||||||
|
|
||||||
verify_eth_addresses(&instruction_data, &[&[0u8; 100]])
|
verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false)
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@ -221,7 +230,7 @@ pub mod test {
|
|||||||
instruction_data.truncate(instruction_data.len() - 1);
|
instruction_data.truncate(instruction_data.len() - 1);
|
||||||
|
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
verify_eth_addresses(&instruction_data, &[&[0u8; 100]]),
|
verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false),
|
||||||
Err(Secp256k1Error::InvalidInstructionDataSize)
|
Err(Secp256k1Error::InvalidInstructionDataSize)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
@ -392,7 +392,7 @@ impl Transaction {
|
|||||||
.collect()
|
.collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn verify_precompiles(&self, _libsecp256k1_0_5_upgrade_enabled: bool) -> Result<()> {
|
pub fn verify_precompiles(&self, libsecp256k1_0_5_upgrade_enabled: bool) -> Result<()> {
|
||||||
for instruction in &self.message().instructions {
|
for instruction in &self.message().instructions {
|
||||||
// The Transaction may not be sanitized at this point
|
// The Transaction may not be sanitized at this point
|
||||||
if instruction.program_id_index as usize >= self.message().account_keys.len() {
|
if instruction.program_id_index as usize >= self.message().account_keys.len() {
|
||||||
@ -407,7 +407,11 @@ impl Transaction {
|
|||||||
.map(|instruction| instruction.data.as_ref())
|
.map(|instruction| instruction.data.as_ref())
|
||||||
.collect();
|
.collect();
|
||||||
let data = &instruction.data;
|
let data = &instruction.data;
|
||||||
let e = verify_eth_addresses(data, &instruction_datas);
|
let e = verify_eth_addresses(
|
||||||
|
data,
|
||||||
|
&instruction_datas,
|
||||||
|
libsecp256k1_0_5_upgrade_enabled,
|
||||||
|
);
|
||||||
e.map_err(|_| TransactionError::InvalidAccountIndex)?;
|
e.map_err(|_| TransactionError::InvalidAccountIndex)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user