-
Notifications
You must be signed in to change notification settings - Fork 11.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto: Add r1 verify and verify_recoverable to Move API
- Loading branch information
Showing
10 changed files
with
418 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
|
|
||
| <a name="0x2_ecdsa_r1"></a> | ||
|
|
||
| # Module `0x2::ecdsa_r1` | ||
|
|
||
|
|
||
|
|
||
| - [Constants](#@Constants_0) | ||
| - [Function `ecrecover`](#0x2_ecdsa_r1_ecrecover) | ||
| - [Function `secp256r1_verify`](#0x2_ecdsa_r1_secp256r1_verify) | ||
| - [Function `secp256r1_verify_recoverable`](#0x2_ecdsa_r1_secp256r1_verify_recoverable) | ||
|
|
||
|
|
||
| <pre><code></code></pre> | ||
|
|
||
|
|
||
|
|
||
| <a name="@Constants_0"></a> | ||
|
|
||
| ## Constants | ||
|
|
||
|
|
||
| <a name="0x2_ecdsa_r1_EFailToRecoverPubKey"></a> | ||
|
|
||
| Error if the public key cannot be recovered from the signature. | ||
|
|
||
|
|
||
| <pre><code><b>const</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_EFailToRecoverPubKey">EFailToRecoverPubKey</a>: u64 = 0; | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| <a name="0x2_ecdsa_r1_EInvalidSignature"></a> | ||
|
|
||
| Error if the signature is invalid. | ||
|
|
||
|
|
||
| <pre><code><b>const</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_EInvalidSignature">EInvalidSignature</a>: u64 = 1; | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| <a name="0x2_ecdsa_r1_ecrecover"></a> | ||
|
|
||
| ## Function `ecrecover` | ||
|
|
||
| @param signature: A 65-bytes signature in form (r, s, v) that is signed using | ||
| Secp256r1. Reference implementation on signature generation using RFC6979: | ||
| https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/mod.rs | ||
| The accepted v values are {0, 1, 2, 3}. | ||
|
|
||
| @param hashed_msg: the hashed 32-bytes message. The message must be hashed instead | ||
| of plain text to be secure. | ||
|
|
||
| If the signature is valid, return the corresponding recovered Secpk256r1 public | ||
| key, otherwise throw error. This is similar to ecrecover in Ethereum, can only be | ||
| applied to Secp256r1 signatures. | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_ecrecover">ecrecover</a>(signature: &<a href="">vector</a><u8>, msg: &<a href="">vector</a><u8>): <a href="">vector</a><u8> | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| <details> | ||
| <summary>Implementation</summary> | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>native</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_ecrecover">ecrecover</a>(signature: &<a href="">vector</a><u8>, msg: &<a href="">vector</a><u8>): <a href="">vector</a><u8>; | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| </details> | ||
|
|
||
| <a name="0x2_ecdsa_r1_secp256r1_verify"></a> | ||
|
|
||
| ## Function `secp256r1_verify` | ||
|
|
||
| @param signature: A 64-bytes signature in form (r, s) that is signed using | ||
| Secp256r1. This is an non-recoverable signature without recovery id. | ||
| Reference implementation on signature generation using RFC6979: | ||
| https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/mod.rs | ||
|
|
||
| @param public_key: The public key to verify the signature against | ||
| @param hashed_msg: The hashed 32-bytes message, same as what the signature is signed against. | ||
|
|
||
| If the signature is valid to the pubkey and hashed message, return true. Else false. | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_secp256r1_verify">secp256r1_verify</a>(signature: &<a href="">vector</a><u8>, public_key: &<a href="">vector</a><u8>, msg: &<a href="">vector</a><u8>): bool | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| <details> | ||
| <summary>Implementation</summary> | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>native</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_secp256r1_verify">secp256r1_verify</a>(signature: &<a href="">vector</a><u8>, public_key: &<a href="">vector</a><u8>, msg: &<a href="">vector</a><u8>): bool; | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| </details> | ||
|
|
||
| <a name="0x2_ecdsa_r1_secp256r1_verify_recoverable"></a> | ||
|
|
||
| ## Function `secp256r1_verify_recoverable` | ||
|
|
||
| @param signature: A 65-bytes signature in form (r, s, v) that is signed using | ||
| Secp256r1. This is an recoverable signature with recovery id denoted as v. | ||
| Reference implementation on signature generation using RFC6979: | ||
| https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/recoverable.rs#L35 | ||
|
|
||
| @param public_key: The public key to verify the signature against | ||
| @param hashed_msg: The hashed 32-bytes message, same as what the signature is signed against. | ||
|
|
||
| If the signature is valid to the pubkey and hashed message, return true. Else false. | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_secp256r1_verify_recoverable">secp256r1_verify_recoverable</a>(signature: &<a href="">vector</a><u8>, public_key: &<a href="">vector</a><u8>, hashed_msg: &<a href="">vector</a><u8>): bool | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| <details> | ||
| <summary>Implementation</summary> | ||
|
|
||
|
|
||
| <pre><code><b>public</b> <b>fun</b> <a href="ecdsa_r1.md#0x2_ecdsa_r1_secp256r1_verify_recoverable">secp256r1_verify_recoverable</a>(signature: &<a href="">vector</a><u8>, public_key: &<a href="">vector</a><u8>, hashed_msg: &<a href="">vector</a><u8>): bool { | ||
| <b>let</b> recovered = <a href="ecdsa_r1.md#0x2_ecdsa_r1_ecrecover">ecrecover</a>(signature, hashed_msg); | ||
| <b>if</b> (&recovered == public_key) { | ||
| <b>return</b> <b>true</b> | ||
| } <b>else</b> { | ||
| <b>return</b> <b>false</b> | ||
| } | ||
| } | ||
| </code></pre> | ||
|
|
||
|
|
||
|
|
||
| </details> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| // Copyright (c) Mysten Labs, Inc. | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| module sui::ecdsa_r1 { | ||
|
|
||
| /// Error if the public key cannot be recovered from the signature. | ||
| const EFailToRecoverPubKey: u64 = 0; | ||
|
|
||
| /// Error if the signature is invalid. | ||
| const EInvalidSignature: u64 = 1; | ||
|
|
||
| /// @param signature: A 65-bytes signature in form (r, s, v) that is signed using | ||
| /// Secp256r1. Reference implementation on signature generation using RFC6979: | ||
| /// https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/mod.rs | ||
| /// The accepted v values are {0, 1, 2, 3}. | ||
| /// | ||
| /// @param hashed_msg: the hashed 32-bytes message. The message must be hashed instead | ||
| /// of plain text to be secure. | ||
| /// | ||
| /// If the signature is valid, return the corresponding recovered Secpk256r1 public | ||
| /// key, otherwise throw error. This is similar to ecrecover in Ethereum, can only be | ||
| /// applied to Secp256r1 signatures. | ||
| public native fun ecrecover(signature: &vector<u8>, msg: &vector<u8>): vector<u8>; | ||
|
|
||
| /// @param signature: A 64-bytes signature in form (r, s) that is signed using | ||
| /// Secp256r1. This is an non-recoverable signature without recovery id. | ||
| /// Reference implementation on signature generation using RFC6979: | ||
| /// https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/mod.rs | ||
| /// | ||
| /// @param public_key: The public key to verify the signature against | ||
| /// @param hashed_msg: The hashed 32-bytes message, same as what the signature is signed against. | ||
| /// | ||
| /// If the signature is valid to the pubkey and hashed message, return true. Else false. | ||
| public native fun secp256r1_verify(signature: &vector<u8>, public_key: &vector<u8>, msg: &vector<u8>): bool; | ||
|
|
||
| /// @param signature: A 65-bytes signature in form (r, s, v) that is signed using | ||
| /// Secp256r1. This is an recoverable signature with recovery id denoted as v. | ||
| /// Reference implementation on signature generation using RFC6979: | ||
| /// https://github.com/MystenLabs/fastcrypto/blob/74aec4886e62122a5b769464c2bea5f803cf8ecc/fastcrypto/src/secp256r1/recoverable.rs#L35 | ||
| /// | ||
| /// @param public_key: The public key to verify the signature against | ||
| /// @param hashed_msg: The hashed 32-bytes message, same as what the signature is signed against. | ||
| /// | ||
| /// If the signature is valid to the pubkey and hashed message, return true. Else false. | ||
| public fun secp256r1_verify_recoverable(signature: &vector<u8>, public_key: &vector<u8>, hashed_msg: &vector<u8>): bool { | ||
| let recovered = ecrecover(signature, hashed_msg); | ||
| if (&recovered == public_key) { | ||
| return true | ||
| } else { | ||
| return false | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| // Copyright (c) Mysten Labs, Inc. | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| use crate::legacy_empty_cost; | ||
| use fastcrypto::secp256r1::Secp256r1Signature; | ||
| use fastcrypto::{ | ||
| secp256r1::{ | ||
| recoverable::{Secp256r1RecoverablePublicKey, Secp256r1RecoverableSignature}, | ||
| Secp256r1PublicKey, | ||
| }, | ||
| traits::ToFromBytes, | ||
| Verifier, | ||
| }; | ||
| use move_binary_format::errors::PartialVMResult; | ||
| use move_vm_runtime::native_functions::NativeContext; | ||
| use move_vm_types::{ | ||
| loaded_data::runtime_types::Type, | ||
| natives::function::NativeResult, | ||
| pop_arg, | ||
| values::{Value, VectorRef}, | ||
| }; | ||
| use smallvec::smallvec; | ||
| use std::collections::VecDeque; | ||
| use sui_types::error::SuiError; | ||
|
|
||
| pub const FAIL_TO_RECOVER_PUBKEY: u64 = 0; | ||
| pub const INVALID_SIGNATURE: u64 = 1; | ||
|
|
||
| pub fn ecrecover( | ||
| _context: &mut NativeContext, | ||
| ty_args: Vec<Type>, | ||
| mut args: VecDeque<Value>, | ||
| ) -> PartialVMResult<NativeResult> { | ||
| debug_assert!(ty_args.is_empty()); | ||
| debug_assert!(args.len() == 2); | ||
|
|
||
| let msg = pop_arg!(args, VectorRef); | ||
| let signature = pop_arg!(args, VectorRef); | ||
|
|
||
| let msg_ref = msg.as_bytes_ref(); | ||
| let signature_ref = signature.as_bytes_ref(); | ||
|
|
||
| // TODO: implement native gas cost estimation https://github.com/MystenLabs/sui/issues/3593 | ||
| let cost = legacy_empty_cost(); | ||
| match recover_pubkey(&signature_ref, &msg_ref) { | ||
| Ok(pubkey) => Ok(NativeResult::ok( | ||
| cost, | ||
| smallvec![Value::vector_u8(pubkey.as_bytes().to_vec())], | ||
| )), | ||
| Err(SuiError::InvalidSignature { error: _ }) => { | ||
| Ok(NativeResult::err(cost, INVALID_SIGNATURE)) | ||
| } | ||
| Err(_) => Ok(NativeResult::err(cost, FAIL_TO_RECOVER_PUBKEY)), | ||
| } | ||
| } | ||
|
|
||
| fn recover_pubkey(signature: &[u8], msg: &[u8]) -> Result<Secp256r1RecoverablePublicKey, SuiError> { | ||
| match <Secp256r1RecoverableSignature as ToFromBytes>::from_bytes(signature) { | ||
| Ok(signature) => match signature.recover(msg) { | ||
| Ok(pubkey) => Ok(pubkey), | ||
| Err(e) => Err(SuiError::KeyConversionError(e.to_string())), | ||
| }, | ||
| Err(e) => Err(SuiError::InvalidSignature { | ||
| error: e.to_string(), | ||
| }), | ||
| } | ||
| } | ||
|
|
||
| pub fn secp256r1_verify( | ||
| _context: &mut NativeContext, | ||
| ty_args: Vec<Type>, | ||
| mut args: VecDeque<Value>, | ||
| ) -> PartialVMResult<NativeResult> { | ||
| debug_assert!(ty_args.is_empty()); | ||
| debug_assert!(args.len() == 3); | ||
|
|
||
| let hashed_msg = pop_arg!(args, VectorRef); | ||
| let public_key_bytes = pop_arg!(args, VectorRef); | ||
| let signature_bytes = pop_arg!(args, VectorRef); | ||
|
|
||
| let hashed_msg_ref = hashed_msg.as_bytes_ref(); | ||
| let public_key_bytes_ref = public_key_bytes.as_bytes_ref(); | ||
| let signature_bytes_ref = signature_bytes.as_bytes_ref(); | ||
|
|
||
| // TODO: implement native gas cost estimation https://github.com/MystenLabs/sui/issues/4086 | ||
| let cost = legacy_empty_cost(); | ||
|
|
||
| let signature = match <Secp256r1Signature as ToFromBytes>::from_bytes(&signature_bytes_ref) { | ||
| Ok(signature) => signature, | ||
| Err(_) => return Ok(NativeResult::ok(cost, smallvec![Value::bool(false)])), | ||
| }; | ||
|
|
||
| let public_key = match <Secp256r1PublicKey as ToFromBytes>::from_bytes(&public_key_bytes_ref) { | ||
| Ok(public_key) => public_key, | ||
| Err(_) => return Ok(NativeResult::ok(cost, smallvec![Value::bool(false)])), | ||
| }; | ||
|
|
||
| let result = public_key.verify(&hashed_msg_ref, &signature).is_ok(); | ||
| Ok(NativeResult::ok(cost, smallvec![Value::bool(result)])) | ||
| } |
Oops, something went wrong.