Adds modexp, bn128, blake2f, and ed25519 verify precompiles (#239)

* Adds modexp, bn128, blake2f, and ed25519 verify precompiles * Fixes tabs * newline * use direct from bytes methods * remove trailing whitespace
darwinia-network · Dec 14, 2020 · 5e96907 · 5e96907
1 parent e4bf5ef
commit 5e96907
Show file tree

Hide file tree

Showing 5 changed files with 517 additions and 8 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/frame/evm/Cargo.toml b/frame/evm/Cargo.toml
@@ -33,8 +33,18 @@ sha3 = { version = "0.8", default-features = false }
 impl-trait-for-tuples = "0.1"
 ripemd160 = { version = "0.9", default-features = false }
 
+num = { version = "0.3", features = ["alloc"], default-features = false, optional = true }
+ethereum-types = { version = "0.9.2", default-features = false, optional = true }
+bn = { package = "substrate-bn", version = "0.5", default-features = false, optional = true }
+ed25519-dalek = { version = "1.0.0", features = ["alloc", "u64_backend"], default-features = false, optional = true }
+
+
 [features]
-default = ["std"]
+default = ["std", "modexp", "ed25519", "bn128", "blake2f"]
+blake2f = []
+modexp = ["num"]
+ed25519 = ["ed25519-dalek"]
+bn128 = ["bn", "ethereum-types"]
 std = [
 	"serde",
 	"codec/std",

diff --git a/frame/evm/src/eip_152.rs b/frame/evm/src/eip_152.rs
@@ -0,0 +1,75 @@
+/// The precomputed values for BLAKE2b [from the spec](https://tools.ietf.org/html/rfc7693#section-2.7)
+/// There are 10 16-byte arrays - one for each round
+/// the entries are calculated from the sigma constants.
+const SIGMA: [[usize; 16]; 10] = [
+	[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
+	[14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3],
+	[11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4],
+	[7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8],
+	[9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13],
+	[2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9],
+	[12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11],
+	[13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10],
+	[6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5],
+	[10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0],
+];
+
+/// IV is the initialization vector for BLAKE2b. See https://tools.ietf.org/html/rfc7693#section-2.6
+/// for details.
+const IV: [u64; 8] = [
+	0x6a09e667f3bcc908,
+	0xbb67ae8584caa73b,
+	0x3c6ef372fe94f82b,
+	0xa54ff53a5f1d36f1,
+	0x510e527fade682d1,
+	0x9b05688c2b3e6c1f,
+	0x1f83d9abfb41bd6b,
+	0x5be0cd19137e2179,
+];
+
+#[inline(always)]
+/// The G mixing function. See https://tools.ietf.org/html/rfc7693#section-3.1
+fn g(v: &mut [u64], a: usize, b: usize, c: usize, d: usize, x: u64, y: u64) {
+	v[a] = v[a].wrapping_add(v[b]).wrapping_add(x);
+	v[d] = (v[d] ^ v[a]).rotate_right(32);
+	v[c] = v[c].wrapping_add(v[d]);
+	v[b] = (v[b] ^ v[c]).rotate_right(24);
+	v[a] = v[a].wrapping_add(v[b]).wrapping_add(y);
+	v[d] = (v[d] ^ v[a]).rotate_right(16);
+	v[c] = v[c].wrapping_add(v[d]);
+	v[b] = (v[b] ^ v[c]).rotate_right(63);
+}
+
+/// The Blake2 compression function F. See https://tools.ietf.org/html/rfc7693#section-3.2
+/// Takes as an argument the state vector `h`, message block vector `m`, offset counter `t`, final
+/// block indicator flag `f`, and number of rounds `rounds`. The state vector provided as the first
+/// parameter is modified by the function.
+pub fn compress(h: &mut [u64; 8], m: [u64; 16], t: [u64; 2], f: bool, rounds: usize) {
+	let mut v = [0u64; 16];
+	v[..h.len()].copy_from_slice(h); // First half from state.
+	v[h.len()..].copy_from_slice(&IV); // Second half from IV.
+
+	v[12] ^= t[0];
+	v[13] ^= t[1];
+
+	if f {
+		v[14] = !v[14] // Invert all bits if the last-block-flag is set.
+	}
+	for i in 0..rounds {
+		// Message word selection permutation for this round.
+		let s = &SIGMA[i % 10];
+		g(&mut v, 0, 4, 8, 12, m[s[0]], m[s[1]]);
+		g(&mut v, 1, 5, 9, 13, m[s[2]], m[s[3]]);
+		g(&mut v, 2, 6, 10, 14, m[s[4]], m[s[5]]);
+		g(&mut v, 3, 7, 11, 15, m[s[6]], m[s[7]]);
+
+		g(&mut v, 0, 5, 10, 15, m[s[8]], m[s[9]]);
+		g(&mut v, 1, 6, 11, 12, m[s[10]], m[s[11]]);
+		g(&mut v, 2, 7, 8, 13, m[s[12]], m[s[13]]);
+		g(&mut v, 3, 4, 9, 14, m[s[14]], m[s[15]]);
+	}
+
+	for i in 0..8 {
+		h[i] ^= v[i] ^ v[i + 8];
+	}
+}
diff --git a/frame/evm/src/lib.rs b/frame/evm/src/lib.rs
@@ -57,6 +57,9 @@ mod tests;
 pub mod runner;
 pub mod precompiles;
 
+#[cfg(feature = "blake2f")]
+pub mod eip_152;
+
 pub use crate::precompiles::{Precompile, Precompiles};
 pub use crate::runner::Runner;
 pub use fp_evm::{Account, Log, Vicinity, ExecutionInfo, CallInfo, CreateInfo};